Hey dev.to 👋
I've been working on a side project called Talky and I'm at the validation stage. This is the first thing I've shipped outside of my regular job, and I'd really appreciate feedback from this community - especially on the technical decisions.
What it does:
Drop a single script tag into any static site and you get a fully functional comment section. No backend needed on your end.
<script src="https://talky.adilmayank.com/v1/talky.js" data-key="YOUR_API_KEY"></script>
How it's built:
- Google OAuth for signup - each tenant gets a scoped UUID api_key
-
X-API-Keyheader for read requests, short-lived JWTs via /init for comment submissions - Allowed origins whitelist so only your domains can post
- DB-backed rate limiting that survives server restarts
- Honeypot + User-Agent filtering for spam/bot protection
- XSS escaping, input validation, pagination - the boring stuff is covered
What I'm unsure about:
- Is the JWT flow for submissions overkill for a project at this stage?
- Would you trust a third-party embed like this on your site?
- What's missing before you'd actually use it?
I'd love for you to try embedding it on a test page and tell me where it breaks or feels off.
Note: Claude was used to refine grammar and structure.
Top comments (0)