Management commands are perfect for scripts that need Django's ORM and settings. I create them in management/commands/ and extend BaseCommand. The add_arguments method defines CLI options using argparse. I use self.stdout.write with style helpers for

Custom auth backends enable alternative authentication methods. I subclass ModelBackend and override authenticate(). Common use cases include email login, LDAP, OAuth, or custom token auth. The backend returns a user object or None. I add it to AUTHEN

Toasts are a great fit for Turbo Streams because they’re ephemeral UI that doesn’t need a dedicated page. I keep a #toasts container in the layout and turbo_stream.append a toast partial on success events. The toast itself is just HTML with a Stimulus

When appending new content (like a new message), I sometimes want to scroll it into view automatically. Rather than adding JS in the controller, I use a custom turbo stream action scroll_into_view that finds the target element and calls scrollIntoView

I wrapped external HTTP calls once I realized most “flaky APIs” were actually my fault: no timeouts, unclear retries, and logs that didn’t tell a story. In Client with timeouts, I centralize a Faraday connection with explicit open_timeout and timeout,

Cross-Origin Resource Sharing (CORS) enables frontend apps on different domains to access your API. I use django-cors-headers for production-ready CORS handling. I configure CORS_ALLOWED_ORIGINS for specific domains in production and use CORS_ALLOW_AL

Template tags extend Django's template language. I create simple tags with @register.simple_tag and inclusion tags with @register.inclusion_tag for rendering template snippets with context. Assignment tags store results in template variables. I place

For list endpoints, the frontend needs predictable pagination metadata, not just an array. I return items plus pageInfo (endCursor, hasNextPage) so building infinite scroll is straightforward and the API stays extensible if you later add totals (which

For apps that ingest emails (support inbox, replies), Action Mailbox is a natural fit. When a message arrives, I create a record and broadcast it into a Turbo Stream feed so the UI updates in realtime. This is essentially “email as an event source”. T

OAuth flows are a minefield, and PKCE is the safe default for public clients. I generate a verifier, derive a challenge, store the verifier in a short-lived session, and then exchange the authorization code for tokens. The key detail is treating the v

A tiny custom validator keeps complex presence rules out of controllers. This example enforces that at least one of two fields is present (e.g., text content or an attachment).

Not every failure should be a 500. If a non-critical dependency fails (e.g., recommendations), rescue narrowly, emit a metric/log, and serve a baseline response.