DEV Community: Matei Tudose

Rust changed my (superficial) way of thinking

Matei Tudose — Mon, 01 Sep 2025 12:15:15 +0000

This might sound like another clickbait article shilling Rust, but it isn't. I've also been in the same spot as you, wondering why there is so much hype with Rust, because at the beginning, it seemed like just another low-level language like C++. But it's not.

Nowadays, many programmers use exclusively programming languages with a garbage collector (Java, Go, Python, etc.) and often overlook how memory is managed to make all of this possible. The GC is seen as some kind of "black box" that does some magic with the program's memory. But then we have low-level languages like C or C++, that don't have a GC and instead have you allocate/deallocate memory manually. While this is better for performance reasons, doing this in practice becomes risky, as there aren't many safeguards preventing you from shooting yourself in the foot.

Rust solves this. It imposes a set of strict rules that you must adhere to when coding in it. By understanding the imposed "ownership model", you are forced to actually think before passing around variables. At the beginning, it might seem that it also adds a lot of abstractions like all the other languages, but these are actually the safeguards protecting you in different scenarios.

Let's look at this example:

fn greet(name: String) {
    println!("Hello, {name}!");
}

fn main() {
    let name = String::from("Alice");
    greet(name);
    println!("{}", name); // This gives a compilation error!
}

In languages like C++ or Python, it seems perfectly natural to keep using a variable after passing it to a function.

In Rust, trying to access name after it's been moved causes a compile-time error. This prevents dangling pointers, use-after-free, and double-free scenarios because the compiler guarantees that only one owner exists for each resource at any moment (this is one of the 3 rules of the Rust ownership model).

However, this is just a simple example. There are many other ways Rust's ownership system and associated safeguards work together to prevent subtle and dangerous bugs that are common in other programming languages. For instance, Rust's borrowing rules ensure that you can have either multiple readers or one writer to a piece of data at any point, but never both simultaneously. This eliminates data races at compile time.

Together, these rules and checks create a robust system that guarantees memory safety, thread safety, and overall program correctness without the need for runtime overhead or garbage collection. This multi-layered protection is why Rust is increasingly chosen for building critical system components, where reliability, security and speed are paramount.

So here's my advice to any dev that hasn't still tried Rust: do it. It might seem hard at the beginning, but you gain a lot of insight and you start to realize how "privileged" you are when using GC languages.

Enhancing Finance Experiences with Open Banking

Matei Tudose — Mon, 21 Aug 2023 10:54:40 +0000

If you are a developer interested in developing finance apps, "Open Banking" should sound familiar to you. If that doesn't ring a bell with you, let me explain. According to Wikipedia:

Open Banking allows for financial data to be shared between banks and third-party service providers through the use of APIs.

Whether you'd want to create a KYC workflow for your customers or help small businesses receive payments directly to their bank accounts, Open Banking APIs are the solution.

Let's say you want to approve consumers for loans. You could use Open Banking to connect to their bank accounts and check their balances and spending habits. Using ML algorithms, you could then offer clients variable interest rates, depending on their financial status.

Personal experiences developing Payfren - an Open Banking "Revolut" alternative

Ever since this initiative of opening up banking APIs to devs started in my home country, Romania, I had this idea of developing a Revolut alternative, but with some twists:

to avoid needing banking licenses, funds would be stored in the users' bank accounts
the UX had to be on the same level as Revolut: payments, accounts overview, basically everything

One of the disadvantages of Open Banking is that there are a lot of APIs to integrate. Fortunately for me, I used the GoCardless Bank Account Data product (formerly Nordigen). GoCardless aggregates all of these APIs into one, making it easier to use for my mobile app. There is a free tier limited to 50 bank connections, and it is the only one that I know of to have a free level.

As a tech stack, I used:

Expo
Tamagui (check them out, I'll write an article about them soon)
React Query
Zustand
Supabase

You can find the source code here: https://github.com/payfren/app

Authorization flows - get access to balances and transactions

To get access to sensitive data such as banking information using the GoCardless Account Data API, you need to go through several stages:

Get an Authorization Token for future requests

You need to use the credentials in your developer console to get this token. You must do all these requests server-side , to prevent leaking these keys:

const tokenResponse = await fetch("https://ob.nordigen.com/api/v2/token/new/", {
        method: "POST",
        headers: {
            "Content-Type": "application/json",
            "Accept": "application/json",
        },
        body: JSON.stringify({
            "secret_id": secretId,
            "secret_key": secretKey,
        }),
    });

// Get the authorization token that allows us to create a requisition
const tokenData = await tokenResponse.json();
const authToken: string = tokenData['access'];

You will now need the returned access token for every request that you make.

Get a list of banks

You can get a list of banks in a specific country, in this example, Romania:

const response = await fetch("https://ob.nordigen.com/api/v2/institutions/?country=ro", {
        method: "GET",
        headers: {
            "accept": "application/json",
            "Authorization": 'Bearer ' + authToken,
        },
    });

const data = await response.json();

This list will look like this:

[
   {
      "id":"ABNAMRO_ABNAGB2LXXX",
      "name":"ABN AMRO Bank Commercial",
      "bic":"ABNAGB2LXXX",
      "transaction_total_days":"540",
      "countries":[
         "GB"
      ],
      "logo":"https://cdn.nordigen.com/ais/ABNAMRO_FTSBDEFAXXX.png"
   },
   {
      "..."
   },
   {
      "id":"REVOLUT_REVOGB21",
      "name":"Revolut",
      "bic":"REVOGB21",
      "transaction_total_days":"730",
      "countries":[
         "GB"
      ],
      "logo":"https://cdn.nordigen.com/ais/REVOLUT_REVOGB21.png"
   }
]

You need to create a UI for your users to prompt them to select a bank. Make this easier by using the CDN links provided by GoCardless for the bank logos.

Optional - Create an end-user agreement

If you'd like to customise the duration of the requisition or the abilities that the user will grant you (see balances, transactions, IBANs), you should create a custom agreement.

Create a link for the user to authorise the mandate

The most important part is to create the link to authorise the requisition. You need to provide:

institution_id (of a bank from Step 2)
redirect (a link where the user should be returned after completing the process)

There are other optional parameters, such as:

reference (a unique ID provided by you to easily identify the user in your database)
agreement (ID that you get from Step 3, otherwise leave blank)
user_language

 const response = await fetch("https://ob.nordigen.com/api/v2/requisitions/", {
        method: "POST",
        headers: {
            "accept": "application/json",
            "Content-Type": "application/json",
            "Authorization": 'Bearer ' + authToken,
        },
        body: JSON.stringify({
            "redirect": "payfren://home?finished_consent_flow=true",
            "institution_id": institution_id,
            "user_language": "RO",
        }),
    });

const data = await response.json();

redirect can be a weblink or your mobile app deep link (in my case it is a deep link to the Payfren app).

The request returns something like this:

{
   "id":"8126e9fb-93c9-4228-937c-68f0383c2df7",
   "redirect":"http://www.yourwebpage.com",
   "status":{
      "short":"CR",
      "long":"CREATED",
      "description":"Requisition has been succesfully created"
   },
   "agreements":"2dea1b84-97b0-4cb4-8805-302c227587c8",
   "accounts":[

   ],
   "reference":"124151",
   "user_language":"EN",
   "link":"https://ob.gocardless.com/psd2/start/3fa85f64-5717-4562-b3fc-2c963f66afa6/{$INSTITUTION_ID}"
}

Keep the id saved somewhere, you will need it to list bank accounts. As an alternative, you will receive the id via the redirect deep link, as a parameter in the link (?ref=REQUISITION_ID).

Get bank accounts data (depending on what permissions the user has granted)

If your user has passed Strong Customer Authentication and approved your requisition, you now have access to the requested scopes. You can get this data by making yet another 2 API requests :

Get the accounts linked using the requisition ID from Step 4:

const requisitionStatus = await fetch(`https://ob.nordigen.com/api/v2/requisitions/${consent_id}/`, {
        method: "GET",
        headers: {
            "Accept": "application/json",
            "Authorization": `Bearer ${authToken}`,
        }
    });

const requisitionStatusData = await requisitionStatus.json();
const requisitionAccounts = requisitionStatusData['accounts'];

Use the IDs of the accounts to get data from them:

 const balanceResponse = await fetch(`https://ob.nordigen.com/api/v2/accounts/${accountId}/balances/`, {
    method: "GET",
    headers: {
        "Content-Type": "application/json",
        "Accept": "application/json",
        "Authorization": `Bearer ${authToken}`,
    }
 });

 // Handle errors when calling using a Supabase serverless function,
 // you may ignore this
 if (balanceResponse.status !== 200) {
    console.log("Error while getting the balances data from Nordigen: ", await balanceResponse.json());
    return new Response(
        JSON.stringify({
            error: "Error while getting the accounts data",
            message: balanceResponse.statusText,
        }),
        {
            status: 500,
            headers: {
                "content-type": "application/json; charset=UTF-8",
            },
        }
    );
 }

 const balanceData = await balanceResponse.json();
 account.balance = balanceData['balances'][0]['balanceAmount']['amount'];
 account.currency = balanceData['balances'][0]['balanceAmount']['currency'];

We now have the balance of the account and the currency!

Similarly, you can also get transactions using a separate API request.

Main advantages and disadvantages

Open Banking can be used to facilitate a lot of complicated processes, such as:

KYC workflows
Payments without cards (low fees, reduced fraud)
Treasury management

As we can see in other countries, cardless payments have become a big trend. Merchants prefer them because of the reduced fees and fraud, and people because they are safer (and sometimes more convenient, depending on the target customer base).

But why isn't Open Banking widely adopted?

Hard for devs to get the necessary approvals to get full access to such APIs
Expensive at first, but it can scale well (price-wise)
Many costs to test and ensure the safety of users ( money is at stake! )

Conclusion

I believe that Open Banking will play a bigger role than it does today. It is still a fresh initiative that needs more traction. And of course, it needs a lot more devs developing using it.

How to send messages to all users that interact with a Telegram bot

Matei Tudose — Wed, 08 Apr 2020 17:27:47 +0000

I have recently coded my first Telegram bot and I have been searching for a way to announce the users that interact with it about the new features that are being added to the bot. It seemed like the best solution for my problem was to store every user’s chat id and to send the update message via Telegram’s API.

Searching on the internet, there were few articles, talking only about the way of sending a simple message to a SINGLE user by running a simple Python script, so I decided to do it myself.

I started my little project from a piece of code found on Medium (https://medium.com/@ManHay_Hong/how-to-create-a-telegram-bot-and-send-messages-with-python-4cf314d9fa3e). The problem is that you need to know the chat ids of all the users that you want to message. The bot needed a database.

My Telegram bot is hosted on Heroku, a really good platform for hobbyists and small teams, so I had to choose between Heroku PostgreSQL and Heroku Redis (two add-ons offered by the platform as a way to store data in a DB). The reason I stuck with Redis is obvious: the bot only needed to set a key (with the name as the user name of the Telegram user interacting with it) and its value (which in our case would be the chat id).

The plan is simple: whenever a user starts the bot, it would get its user name and its chat id and would save them in the Redis DB. Then, when we would want to send the update message to the users, it would only be enough to get the values of all the keys and send the announcement to every one of them.

Please note that, if a user sends the /start command twice, the bot won’t save the key twice, so that the script will not send the message twice to the same user.

Note: This bot was coded in Python 3.6.9, using the python_telegram_bot library.

First of all, install the Redis library by running the command :

pip3 install redis

Import the Redis library in your bot.py code, and then add after the imports:

r = redis.from_url(os.get.environ(“REDIS_URL”))

#if your bot is hosted on Heroku and you installed the Heroku Redis #add-on

r = redis.from_url(“YOUR_REDIS_DB_URL”) #general use

In the start function, these should be added:

user_id = update.message.from_user.id (gets user’s id)

user_name = update.message.from_user.name (gets user name)

r.set (user_name, user_id)

For the Python script that is used to deliver the messages, you also need to install “requests” by running:

pip3 install requests

After you add all of these, you can send your message to those users by executing this:

Note: The message_bot.txt should be the file containing the message (it can have emojis 😀). It also has to be in the same folder as the .py file

Note: Replace with your Telegram bot token and “YOUR_REDIS_DB_URL” with your DB url.

We get all keys in the Redis DB, and we get all of their values. After requesting the Telegram API to send the message to the user, we will get the response in a JSON format, so we can see if there were any errors.

I hope you found what you were looking for when reading this article.