Server builds, wallet signs, webhooks confirm — a non-custodial Web3 checkout pattern with Solana

Tom — Sun, 19 Apr 2026 15:19:24 +0000

I've been building a Solana checkout flow. The core challenge: the server needs to control the terms of every payment — the amount, the recipient, the audit trail — without ever holding a private key.

This post documents the pattern I landed on:

Checkout session with TTL and CSRF protection
Atomic token invalidation to prevent TOCTOU race conditions
A server-side pending record (similar to Stripe's Payment Intent) written before the wallet is ever involved
Webhook authentication and idempotent confirmation

The server constructs the unsigned transaction, the wallet signs it, and confirmation happens via webhook rather than client reporting. Solana-specific in implementation but the architecture applies to any chain.

Already got a good question in the HN thread about meta-transactions and commit-reveal schemes.

Full post: https://blauenlabs.com/blog/web3-checkout-pattern/
HN discussion: https://news.ycombinator.com/item?id=47821168

Happy to discuss the tradeoffs.

Web App Security: A Developer's Guide to Content Security Policy (CSP)

Tom — Tue, 14 Apr 2026 03:56:02 +0000

What a CSP is, why you need one, and how to audit yours — including a real example of a violation we caught in the wild.

blauenlabs.com

DEV Community: Tom

Server builds, wallet signs, webhooks confirm — a non-custodial Web3 checkout pattern with Solana

Web App Security: A Developer's Guide to Content Security Policy (CSP)