A lot of people I know (myself included) are shipping new projects right now.
The features look good, and everything seems ready, BUT there are still a few boring things you should check before putting your product on the internet.
So here’s a simple pre-deployment checklist I keep in mind before shipping a new app.
1. Authorization
Make sure users can only access the data and actions they’re actually supposed to. Just because someone changes an ID in a request or URL should not mean they can see another user’s data.
2. Input validation and sanitization
Never trust user input. Validate the shape, type, and format of incoming data, and make sure bad input can’t turn into broken logic, database issues, or security problems.
3. CORS
If your frontend is talking to your backend, make sure only the right origins are allowed to make those requests. Don’t just open it up to everything unless you have a very good reason.
4. Rate limiting
Protect your API from spam, abuse, and accidental overuse. Even if you’re not worried about attacks yet, rate limiting can save you from one bad script or one overactive user crushing your backend.
5. Password reset expiration
Reset links should expire, and they should expire quickly (30m or less). You do not want an old email sitting around that can still be used to take over someone’s account.
6. Frontend error handling
Users should not be staring at raw crashes, stack traces, or broken pages. Have clean error states, fallback UI, and messages that help people recover instead of getting stuck.
7. Database indexes
Think about the queries your app is actually going to run the most, and make sure the important ones are indexed. This matters a lot more once real users start hitting your app and response times begin to creep up.
8. Logging
If something breaks in production, you need to be able to see what happened. Good logs are one of the fastest ways to figure out whether the issue is coming from your app, your database, a third-party service, or user behavior. Don’t over-log though, this can become expensive very quickly.
9. Alerts
Logging is great, but logs don’t help much if nobody checks them. Set up alerts so you know when error rates spike, latency jumps, or critical flows start failing before users start complaining.
10. Rollback plan
Sometimes a deploy goes bad. Have a plan in place to quickly rollback to a known good state.
As I always say, software engineering is not just about writing code.
-Arjay