DEV Community: Bugra Ergin

How do you promote something you have built for fun without paying for ads?

Bugra Ergin — Wed, 11 Mar 2026 11:28:00 +0000

I would like to tell developers about something I have built. Every time I write a content that slightly mentions it, it gets flagged and removed immediately. I've tried posting articles on multiple platforms and subreddits. The content does fine on its own but the moment I mention my project it gets killed. As of now, my platform/tool is completely free and I want to keep it that way. I've built it for fun, as a hobby, not as a business so I don't want to have to run paid ads because that means I would have to charge people to cover the costs. So my question is, what do you guys to to get the word out about your projects without spending money on ads?

You've never unit tested a regex and you know it

Bugra Ergin — Wed, 11 Mar 2026 07:02:07 +0000

We all use mailpit or mailtrap in development. Nobody sends real emails locally. That issue has been resolved for a long time.

But email is the only problem we've solved. What about everything else? We just skip it.

Email validation

In production, your signup checks MX records and blocks disposable domains, among other things. In development, you type test@test.com and move on.

Here's the issue: someone owns test.com. They receive your test data. That address appears on over 1,500 blacklists because many developers use it.

MX validation usually can't run correctly in most development setups. The DNS lookups fail when offline, and they fail with fake domains. Symfony has an open issue about turning off checkMX in test environments for this reason. So the one piece of validation that really matters gets shipped completely untested.

Remember when HBO Max sent "Integration Test Email #1" to all their subscribers?

Regex

You know the workflow. You go to regex101, test a few strings, everything looks good, then you paste it into code, commit, and push. No unit tests, ever.

There's a library on GitHub called regex-tester. The whole message in the README is simple: "Because regular expressions are complex and error prone, and you probably don't unit test them." That's it. That's the main point. And honestly? That makes sense.

Character limits

You have a 120-character company_name column in your database, but there's no maxlength on the form. It works fine in development because you always type "Test Company." But it breaks in production when someone pastes their full legal entity name.

Microsoft added detailed truncation warnings as a key feature in SQL Server 2019 because the old error was so useless that no one could debug it. Emojis cut SMS limits from 160 to 70 characters. X's 280-character limit is really a byte limit that creates issues with multibyte characters. Entity Framework silently truncates without providing an error. This happens everywhere.

CORS

Locally, you run the frontend and backend on the same origin. You might throw Access-Control-Allow-Origin: * on everything, use a browser extension, or launch Chrome with --disable-web-security.

Then you deploy to real subdomains and spend your afternoon searching for CORS errors that didn't exist yesterday. I've seen senior developers waste an entire half-day on this. There's no straightforward way to test real cross-origin behavior locally.

SSL

We've all done it: curl -k, NODE_TLS_REJECT_UNAUTHORIZED=0, verify=False, CURLOPT_SSL_VERIFYPEER => false.

It always seems "temporary." But then it ends up in the Dockerfile, then staging, and next, someone copies that config to production. Now your app trusts every certificate out there.

So what

The Twelve-Factor App mentioned dev/prod parity back in 2011. We're still not following that advice.

Production has real validation, real security, and real constraints. Development runs on assumptions and test@test.com. The gap between the two is where your next production bug is hiding.

The mailpit pattern works for more than email. Use tools that give real results but cost nothing and stay out of your way. I built some free utility APIs for exactly this (apixies.io) but honestly it doesn't matter which tool. It matters that you stop skipping the check entirely.

If it only runs in production, it's not a check. It's a hope.

What's the dumbest prod bug you've shipped that a simple check in dev would've caught?

Your app validates emails in production but not in dev. What else are you skipping?

Bugra Ergin — Tue, 10 Mar 2026 07:12:59 +0000

We all use mailpit or mailtrap in dev. Nobody sends real emails locally. That's been solved forever.

But email is the only thing we actually solved. Everything else? We just... skip it.

Email validation

In production your signup checks MX records, blocks disposable domains, all of it. In dev you type test@test.com and move on with your life.

Small problem: someone owns test.com. They receive your test data. That address shows up on 1,500+ blacklists because every developer on earth uses it.

And MX validation can't even run properly in most dev setups. The DNS lookups fail offline, they fail with fake domains. Symfony has an open issue about disabling checkMX in test environments for exactly this reason. So the one piece of validation that actually matters ships completely untested.

Remember when HBO Max sent "Integration Test Email #1" to all their subscribers? Yeah.

Regex

You know the workflow. regex101, three test strings, looks good, paste into code, commit, push. No unit test. Ever.

There's a library on GitHub called regex-tester. The whole pitch in the README is one line: "Because regular expressions are complex and error prone and you probably don't unit test them." That's it. That's the selling point. And honestly? Fair enough.

Character limits

120-char company_name column in your database. No maxlength on the form. Works great in dev because you always type "Test Company." Blows up in prod when someone pastes their full legal entity name.

Microsoft added verbose truncation warnings as a major feature in SQL Server 2019 because the old error was so useless nobody could debug it. Emojis cut SMS limits from 160 to 70 characters. Twitter's 280-char limit turned out to be a byte limit that breaks with multibyte characters. Entity Framework silently truncates without an error. This stuff is everywhere.

CORS

Locally you run frontend and backend on the same origin. Or you throw Access-Control-Allow-Origin: * on everything. Or you install that browser extension. Or you launch Chrome with --disable-web-security.

Then you deploy to real subdomains and spend your afternoon googling CORS errors that didn't exist yesterday. I've seen senior devs lose half a day on this. There's just no clean way to test real cross-origin behavior locally.

SSL

curl -k
NODE_TLS_REJECT_UNAUTHORIZED=0
verify=False
CURLOPT_SSL_VERIFYPEER => false

We've all done it. "Temporary." Then it's in the Dockerfile. Then staging. Then someone copies that config to prod and now your app trusts every cert on the planet.

So what

The Twelve-Factor App told us about dev/prod parity in 2011. We're still not doing it.

Production runs real validation, real security, real constraints. Dev runs on vibes and test@test.com. The gap between those two is where your next production bug already lives.

If it only runs in production, it's not a check. It's a hope.

What's the dumbest prod bug you've shipped that a simple dev check would've caught?

I Built an MCP Server with 36 Developer Tools. Now Claude Does My Site Audits.

Bugra Ergin — Thu, 26 Feb 2026 23:10:08 +0000

I got tired of juggling browser tabs to check SSL certs, DNS records, security headers, and broken links. So I built an MCP server that lets Claude do it all.

One config block. 36 tools. Here's what that actually looks like.

"Run a security audit on mysite.com"

That's it. That's the prompt. Claude calls three APIs behind the scenes: SSL certificate check, security headers analysis, and email authentication (SPF, DKIM, DMARC). Ten seconds later I get a report with actual findings.

I didn't build any orchestration logic. I gave Claude atomic tools and it figured out how to chain them together.

Some other things I've been using this for:

Bulk SSL monitoring:
"Check SSL certificates for stripe.com, github.com, and vercel.com. Flag anything expiring within 30 days."

Claude loops through the list, calls check_ssl for each, compares expiry dates, and gives me a summary table.

Screenshot comparison in Claude Code:
"Take a screenshot of our staging site and production site. Tell me if anything looks different."

Claude captures both screenshots, then uses its vision to spot visual differences. No Playwright setup, no test scripts. Just a sentence.

Email list cleaning:
"Read contacts.csv, validate every email in the 'email' column, create a new file with only the valid ones."

Claude reads the file, calls validate_email per row, writes the clean output. Took maybe 15 seconds for 200 rows.

DNS migration check:
"We moved mysite.com to 203.0.113.50. Has the DNS propagated?"

Claude calls dns_lookup, checks the A record, tells me if it matches.

Setup takes 30 seconds

Add this to your MCP client config:

{
  "mcpServers": {
    "apixies": {
      "command": "npx",
      "args": ["-y", "@apixies/mcp-server"],
      "env": {
        "APIXIES_API_KEY": "your-key-here"
      }
    }
  }
}

Config file locations:

Claude Desktop (macOS): ~/Library/Application Support/Claude/claude_desktop_config.json
Claude Desktop (Windows): %APPDATA%\Claude\claude_desktop_config.json
Cursor: .cursor/mcp.json
VS Code: .vscode/mcp.json

Restart your client. 36 tools show up. Done.

Free API key at apixies.io/register. Works without one too (sandbox mode, 20 requests/day).

The full tool list

Inspectors: SSL checker, security headers, DNS lookup, email inspector, WHOIS, link checker, redirect tracer, meta tag extractor, robots.txt parser, favicon fetcher, URL validator, email auth validator, user agent parser, IP geolocation, website performance, JWT decoder.

Converters: HTML to PDF, Markdown to HTML, JSON formatter, JSON to CSV, Base64 encode/decode, URL encode/decode, color converter, timestamp converter, phone formatter, JSON schema validator.

Generators: QR code, screenshot, password, UUID, hash, lorem ipsum, URL shortener.

Each one has a description that tells the AI when to use it. You don't pick tools manually. You describe what you want and Claude figures out which ones to call.

Prompts worth trying

Start simple:

"Check the SSL certificate for github.com"
"What DNS records does google.com have?"
"Generate a 24-character password with symbols"

Then try the multi-tool stuff:

"Check SSL, headers, and performance for these 5 client sites. Give me a comparison table."
"Take a screenshot of example.com and check if their OpenGraph meta tags are set up correctly."
"Decode this JWT and tell me when it expires: eyJhbG..."
"Scan all markdown files in ./docs/ for URLs and check if any are broken."

That last one is my favorite. Claude finds every URL in your docs, calls the link checker for each, and reports which ones are dead. Would've taken me an hour to write as a script.

How it works (briefly)

MCP is an open protocol from Anthropic. You define tools with a name, description, and parameter schema. The AI reads the descriptions and calls them when relevant.

The server is a small TypeScript package. Each of the 36 API endpoints is registered as a tool with a Zod schema for input validation. When Claude calls a tool, the server makes an HTTP request to the Apixies API and returns the JSON response.

I shared Apixies.io here a year ago with 5 APIs. It now has 39 endpoints and hit page 1 of Google.

Bugra Ergin — Mon, 23 Feb 2026 08:40:45 +0000

A year ago, I wrote about Apixies on Dev.to. A small collection of micro-APIs I was building because I kept needing the same utilities across projects. A few of you played around with it, left some great comments, and I just kept building.

Here's what actually happened.

From 5 endpoints to 39

The original post had five APIs: SSL checker, security headers, email inspector, user agent parser, and HTML-to-PDF. That was it.

Since then I've added 34 more:

DNS Lookup, WHOIS, Domain Availability for the networking stuff I kept reaching for
QR Code Generator, Screenshot Capture, URL Shortener for generating things
JSON ↔ CSV, Base64, Markdown to HTML, Color Converter for format conversion
Text Analyzer, Word Counter, Hash Generator, Password Generator for text and crypto
IP Geolocation, HTTP Status Checker, Link Checker, Meta Tag Extractor for inspection

Full list at apixies.io/docs/endpoints.

Every endpoint works the same way: one API key, same JSON envelope, predictable error handling. If you've used one Apixies endpoint, you already know how all of them work.

Browser tools for everything

This was the biggest change since the original post. Every single API now has a browser tool at apixies.io/tools. No signup, no API key, just use it.

Need to check an SSL certificate? Go to the tool page, type a domain, get your answer. Need to validate an email? Same thing. Need to convert some JSON to CSV? Paste it in.

I built these because most developers don't want to set up an API integration just to check one thing. The browser tools handle the quick one-off use case, and the API is there when you need to automate it.

A sandbox in the docs

The documentation now has a live sandbox where you can test any endpoint with real parameters and see the actual response before writing any code.

No fake data, no mocked responses. You hit the real API and see exactly what comes back.

What happened with traffic

For the first couple of months after rebuilding the site: nothing. Basically zero impressions on Google.

Then about two weeks ago, something clicked. The Google Search Console graph went vertical. Impressions jumped to over 3,000 a week. Average position dropped to 5.5, sometimes as low as 3. That's page one. The text analysis endpoint alone pulled over 1,500 impressions in a single week.

Real companies started signing up. Developers from 77 countries have found the site. I even got a registration from a Swiss IT security company, which I definitely didn't expect.

What I'd tell the version of me who wrote the original post

Build the free tools. The browser tools are what Google indexes and what developers find when they search. They're the front door. The API is the product behind it.

Consistency matters more than features. Every endpoint returning the same JSON structure, using the same auth, handling errors the same way. That's what makes 39 APIs feel like one product instead of 39 random scripts.

Don't wait until it's perfect. The original post had five endpoints and rough docs. Some of you still found it useful. If I'd waited until I had 39 endpoints to post anything, I'd probably still be building in silence.

What's next

More endpoints. I have a backlog of ideas and community suggestions. More guides walking through real use cases. And keeping the free tier generous, because the whole point is that these utilities should just be easy to grab and use.

If you want to try it:

Browser tools (no signup): apixies.io/tools
Developer guides: apixies.io/guides
API docs: apixies.io/docs
Free API key (no credit card): apixies.io/register

I'd love to hear what you think. And if there's a micro-API you keep wishing existed, tell me. The last batch of endpoints came directly from suggestions like that.

Thanks for reading. And to those of you who checked it out a year ago, you're the reason I kept going.

— Buğra
apixies.io

Programming is the Definition of ADHD

Bugra Ergin — Tue, 27 May 2025 08:49:58 +0000

So I was working on my daily job yesterday.

I decided our PDF Generation code needs refactoring (a single Laravel service class)
Half way through the refactoring I realized we are using a deprecated library so I decided to upgrade the whole system to start using s more modern pdf Generation system
Half an hour of coding later I realized it's probably better, before I do all the work, pdf Generation should probably be handled by a microservice
You can't do all that without the existing pdf templates. They need to move to the Microservice too.
I might as well refactor these to make things easier
PDF templates with blade files is so tedious to work with. I can't test what I am doing. We need a preview function but you can't have that in an API. Let's move this to the CMS
I might as develop a PDF management tool in CMS with preview function
I need seeders, factories, migrations
Templates need to be translated into 4 languages but user might not know what language keys exist
I need a template editor with variables and language keys auto fill.

You can't be a good programmer and claim you don't have ADHD...

Built Apixies.io as a hobby project to help devs with quick, focused APIs. Would love feedback or ideas on what to add next!

Bugra Ergin — Tue, 20 May 2025 09:10:01 +0000

Bugra Ergin

May 18 '25

Introducing Apixies.io – A Free Toolbox of Micro APIs for Developers

#showdev #api #webdev #laravel

Comments 16

1 min read

Introducing Apixies.io – A Free Toolbox of Micro APIs for Developers

Bugra Ergin — Sun, 18 May 2025 11:10:49 +0000

Hey devs! 👋

I'm Buğra, a full-stack developer and CTO, and I've been working on a side project called Apixies.io. It's a collection of small, focused APIs designed to solve specific problems without unnecessary complexity.

Currently, Apixies.io offers endpoints like:

SSL Health Inspector: Check the SSL certificate status of any domain.

Security Headers Inspector: Analyze HTTP security headers for best practices.

Email Inspector: Validate and inspect email addresses for proper formatting and domain checks.

User Agent Inspector: Parse and identify details from user agent strings.

HTML to PDF Converter: Convert HTML content into PDF documents.

All APIs are free to use, require no authentication for testing, and come with generous rate limits during the beta period. You can explore the full documentation and try them out here: https://apixies.io

I'm looking to expand this toolbox and would love your input:

What micro APIs would be helpful in your projects?

How's the user experience? Any suggestions for improvement?

Would you be interested in collaborating to develop new APIs?

Feel free to share your thoughts or suggest new endpoints directly on the site. Let's build something useful together!

Thanks for checking it out!
Buğra

DEV Community: Bugra Ergin

How do you promote something you have built for fun without paying for ads?

You've never unit tested a regex and you know it

Email validation

Regex

Character limits

CORS

SSL

So what

Your app validates emails in production but not in dev. What else are you skipping?

Email validation

Regex

Character limits

CORS

SSL

So what

I Built an MCP Server with 36 Developer Tools. Now Claude Does My Site Audits.

"Run a security audit on mysite.com"

Setup takes 30 seconds

The full tool list

Prompts worth trying

How it works (briefly)

Links

I shared Apixies.io here a year ago with 5 APIs. It now has 39 endpoints and hit page 1 of Google.

From 5 endpoints to 39

Browser tools for everything

A sandbox in the docs

What happened with traffic

What I'd tell the version of me who wrote the original post

What's next

Programming is the Definition of ADHD

Built Apixies.io as a hobby project to help devs with quick, focused APIs. Would love feedback or ideas on what to add next!

Introducing Apixies.io – A Free Toolbox of Micro APIs for Developers

Introducing Apixies.io – A Free Toolbox of Micro APIs for Developers