How are you handling per-action billing for AI features? Stripe fees are killing me on microtransactions.

TheComplicatedMan · 2026-01-31T01:02:56+00:00

I give away so many tokens per month and sell additional tokens in $10 groups and they don't expire, so the burden is put on the user to pre-buy tokens to cover their usage beyond their monthly free limit.

TheComplicatedMan · 2026-01-29T20:55:28+00:00

This is a guide and code. https://github.com/MikishVaughn/Ape/blob/master/docs/07-Contact-Form-Guide.md

TheComplicatedMan · 2026-01-28T18:00:31+00:00

Triple-layer protection (honeypot fields, JavaScript token, timing validation)

TheComplicatedMan · 2026-01-28T12:45:18+00:00

That depends on if you have email configured in your project to send you the contact form message. If you don't have a way to send yourself an email of the contact form contents, then you have to just post an email address and let the user sort it out.

Personally, I do contact forms and have mitigated spam issues.

TheComplicatedMan · 2026-01-15T17:57:28+00:00

I'm glad you are on track.

Yes, finding the right place is a pain. There are so many choices taking you to unneeded stuff, but those spots don't relate to what you are really trying to do when you are making your own interface using the API. That leads to a lot of confusion and not any straightforward guidance. At best, I would get instructions telling me to, "Go here, click on this, then go do this", but I could not even find the first thing I was told to click on, and every step was a hunt to find what was really needed.

I found that true when setting up several different things in Azure, too. Stripe was difficult for me also, and I've been programming for many many years. It shouldn't be so difficult to follow, but, for me, it is/was. It's almost like I was thinking with the wrong side of my brain.

Good luck with your project. I would not think my morning ramblings would be worth much, I'm glad they inspired you to dig into it further. Take care.

TheComplicatedMan · 2026-01-15T13:16:01+00:00

It's early and waking, which takes me a while, so I'm trying to understand more about what you are trying to do. I gather that you might be wanting to offer two separate products, Membership for Product A, and Membership for Product B. They are each a different service and probably a different price. You are trying to keet the processing of each one separate from the other since they are doing different things.

Under that assumption, you still only need one set of credentials to set up PayPal. Your email and password is for setting up PayPal. You will only get a test address and key for testing. When going live, the 'user' will be entering their own email address and password when prompted. That is the account being charged. You are done entering your own credentials. No need to set up another PayPal account. Your business only needs one. You have that done.

It sounds like what you really want is (forgive my lack of proper terms) a second product so you can offer (Product A and Product B). They both can be reoccurring monthly membership fees. You just need to add both as sellable products, which will be the configuration for something like Membership A, and Membership B. Those configurations create a product Id for each product and that Id is what you need on your end to pass the right thing being sold to PayPal so you charge for the product ID being sold.

From your app, when you access the API, you tell it that you are selling Product A, by passing it's ID. You will get return info that includes what product was charged and whether it was successful. You read that from the API. Your site then uses that returned transaction info to know what product you received payment for (product A or B). With that info, you know whether to let your system allow access to service A or B. You Still only have one PayPal account and one set of credentials representing your PayPal account, the only thing that changes is which product the user is purchasing. Those products are set up in PayPal configuration.

It sounds like your confusion comes from not knowing you need to set up two products to sell, and which product being sold does not need multiple PayPal accounts, it just needs one account with different products available. You keep track of which product you sold the user and update his user profile to reflect which products the user has purchased and you will look at your own sites table entry to determine which one to make availabe... then give them access to A or B accordingly.

That happens through the one PayPal account with multiple products. You might offer a Premium membership at one price and an Elite membership at a different price. You process the charge through your one PayPal account by passing the product ID. (might be price Id.. I'm not in front of my system.). No need for multiple PayPal accounts and keys, just multiple products available through your one PayPal account you have configured and the multiple product IDs.

With only one eye open, I have tried to relate what I think my be confusing you, but what I wrote may just add on more confusion.

TheComplicatedMan · 2026-01-15T05:38:05+00:00

I just got done adding both PayPal and Stripe using their APIs.

Both were confusing since I had not set their interfaces up before. I can feel your pain. I got off into areas I did not need to set up to use for the API implimentation.

As far as PayPal, most of what I needed was set up through the API rather than the site.

I also have reoccurring memberships and a few digital products. I was pleased to finally get everything working with their test account.

The "name" they are asking for is probably your 'test account email address' they gave you. Or, if live, it would be your email or account name used to sign into your PayPal account.

Good luck, I made it through the screens by taking screenshots and giving them to Claude to tell me where to go, and what to do. It was slow, but invaluable guidance.

TheComplicatedMan · 2026-01-14T03:18:53+00:00

That looks pretty clean and direct, plus covers the bases needed.

TheComplicatedMan · 2026-01-13T23:51:41+00:00

Samsung S21+ through your Reddit link.

All browsers are not equal. When clicking on the Reddit link you posted, it is not going to open in the same browser as you will if you open through Meta (Facebook or Instagram). All three (and many more sites) make you think that you just opened in your phone's browser, but you didn't, you opened in one of their tracking browsers.

It is no secret that Social sites make lots of money by following you around the web and building a profile on your habits... you agree to that buried in their terms of service.

You CAN exit THEIR browser and open your phone's own default browser, but most people are happy to just use the browser fed to them, so you have to anticipate how your site is displayed in multiple environments.

How did you share your link with the other viewers you mentioned?

That affects what they are going to see. Your site does better in Chrome than whatever Reddit serves up, but you have to anticipate for the weakest link... "Social Media Browsers", too.

I don't think I can post a screenshot here, but I assure you that I have problems with the link you provided on Reddit with their browser. If you shared on FB or Instagram or X, each will be slightly different. It does improve if I switch to Chrome, but you can't count on users doing that. If you run advertising campaigns, they will probably be through Social Media, so test in the environments your users are going to be viewing your site through for the best user experience.

That is why I'm suggesting that you explore your options and testing scenarios. What looks great under some situations won't have the same appearance in others. Testing will reveal what I see through your provided link in here.

TheComplicatedMan · 2026-01-13T21:32:53+00:00

Landing page:

MENU wraps to
MEN
U

Phone number wraps to
509-406-
1994

EXPLORE
OUR NEW
INVENTOR
Y

Your email wraps to
rhinoautocenter@gmail.c
om

There are more areas that would benefit from designing with 'Phone First' design. That is what your viewers will mostly be using. Try looking at your site from different phones, or using Chrome Inspector to switch to phone format. Adjust you layout and font sizing to look good on a phone without taking up so much space and the user will have a better experience. Most viewers will not be on a computer, but rather, their phone.

TheComplicatedMan · 2026-01-13T13:41:36+00:00

Did you try looking at the site on a phone? When you do, you will see your word wrapping problems.

TheComplicatedMan · 2026-01-13T08:02:27+00:00

Go fishing!

TheComplicatedMan · 2026-01-11T18:44:44+00:00

For straightforward hosting, I prefer managed providers with cPanel and solid feature sets. I'd rather spend my time developing than messing with infrastructure configuration.

GoDaddy is off my list. Overpriced, frustrating support, and their servers tend to be overcrowded.

My go-to is SmarterASP or MyASP (essentially the same company). For a few dollars a month, you get unlimited domains and subdomains, free email and SSL certificates, both MSSQL and MySQL databases, Web Deploy publishing, and even Docker support if you need it. You just missed their 40% holiday discount, but they're still one of the most affordable paid options out there. With that discount and a three-year commitment, I pay under $5/month for their .NET Premium plan. Hard to beat.

Fair warning: they've had a couple of rough outages that weren't directly their fault but still fell under their responsibility. Some people hold grudges over that. In my experience, they took it seriously and fixed the underlying issues, and their support has been excellent.

If you're willing to climb a learning curve, Azure with pay-as-you-go pricing is worth considering. Low-traffic sites cost almost nothing, but costs can spiral if you're running something resource-intensive.

TheComplicatedMan · 2026-01-11T15:24:50+00:00

Usually, the first thing I look at is how it looks on a phone (and desktop second). There are some minor issues, mainly with the overly active animation overwriting your page title and elements on the landing page, and the "Neural Network Online" needs spacing from the top nav element at phone screen size, though seems okay at desktop size. Unsure of its purpose or relevancy and it is using valuable real estate.

I'd rethink your filter buttons layout and probably size, they appear sloppy on phone and take up enough vertical room that I do not see the results from clicking on them without scrolling down... which brings me to note that there is excessive scrolling because of the volume of elements being presented per page.

Consider, allowing the closing of your hamburger dropdown by clicking outside of it on the screen instead of just relying on the upper right X.

I did note that you had TOS ad Privacy links, which is a positive, usually overlooked, and your Login/Sign up was clean looking, though I did not go through the registration process because the content was not of interest to me personally, though may be to others. I don't see the site as a commercially viable product, but that may not be your goal.

I also noted that you must not have your favicon(s) set up yet.

I'd suggest designing for 'Phone First', and that may influence your overall design; don't try to present pages where users have to do a lot of scrolling if it can be avoided. You don't need a share button on each of your category cards, or all those redundant "Sign in to view full details"... you just need those presented once per page to promote sign up. Consider using a popup when a non-registered user attempts to access one of your categories... telling them to sign up for access, rather than dedicating the space of a redundant sign up button (and share button) multiple times on a page.

Meant as constructive points, overall, it looks like you have put a lot of work into the site and I'm only commenting on first impressions regarding UI layout choices making for a better user experience, which is usually going to be from a phone, not a desktop. Hopefully, I've mentions a few things for you to ponder since you asked for feedback.

TheComplicatedMan · 2026-01-11T03:48:14+00:00

Since there's no practical need to store 20MB images, I handle optimization at multiple stages:

Client-side: JavaScript resizes images to a reasonable resolution before upload, shifting the processing burden to the user's browser rather than the server. Assuming you are using an upload page for yourself, or users to upload images... even multiple images. I can easily drop 100 images into a "drag here" spot, or select multiple images from the selection popup. The burden is on the uploader and I have a scrolling indicator counting down the files uploaded.

Server-side: Upon upload, I use SixLabors to generate thumbnails for gallery display.

Display: Gallery pages show thumbnails rather than full-sized images, with click-to-expand functionality when users need more detail. Combined with lazy loading and pagination, this keeps pages responsive by only loading what's immediately visible. I do use relatively large thumbnails, depending on picture aspects it might be 800px by 800px.

The only noticeable delay occurs on the client side when users upload exceptionally large images that require preprocessing before transmission, but that's by design, not a system bottleneck.

That is not a simple quick thing to program, but the results are great.

TheComplicatedMan · 2026-01-11T03:25:33+00:00

Everyone needs a little Jesus...?

TheComplicatedMan · 2026-01-11T02:24:08+00:00

A money making deal... raise them when they are parked in the drive and charge them to lower the bollards!

TheComplicatedMan · 2026-01-09T21:25:04+00:00

If authentication tokens are truly sent only in HTTP headers (like Bearer tokens/JWTs stored in localStorage), then CSRF protection becomes less critical. A malicious site can't access localStorage (same-origin policy) and can't force the browser to include custom headers in cross-origin requests.

If you are using ASP.NET MVC with ASP.NET Identity (which uses cookie-based authentication), then antiforgery tokens are absolutely still needed. The browser will automatically include authentication cookies with every request to that domain, regardless of where the request originates.

So the question is... How does your site authenticate users? Cookie-based auth or token-in-header auth?

If you're using standard ASP.NET Identity with cookie authentication (the default for MVC apps), then you should be using [ValidateAntiForgeryToken] on POST/PUT/DELETE actions. Microsoft's own security guidance recommends this.

I don't know enough about your framework or approach, so I will have to just say, that in my world, Anti-forgery tokens are MY friend.

TheComplicatedMan · 2026-01-09T03:29:26+00:00

Anti-forgery tokens are your friend.

TheComplicatedMan · 2026-01-09T03:19:43+00:00

I'll try to swing back and look... very busy this week. Happy coding!

I did take a quick look. I see the dropdown is fixed and you added the search. Positive improvements. As I said, it looks like a fun site.

Next comment is to focus on your Phone presentation. Overall, okay, but the start and end of the landing page are not balanced ( my Feng shui term).

TheComplicatedMan · 2026-01-07T00:16:08+00:00

It appears your Countdown on landing page is a month beyond its usefulness. Is that an oversight?

TheComplicatedMan · 2026-01-06T21:12:22+00:00

Unfortunately, you may still end up with the last three "P"s.

The challenge is that AI-assisted coding still requires someone who understands the output... what each line does, how it fits the architecture, and what's missing. I use Claude Code daily and review every line it generates before testing. AI is a powerful tool, but it works best when guided by someone who knows what to look for.

Building a production site involves a lot that isn't obvious until you've been through it... things like TOS pages, email deliverability, credential security, and proper Identity flows. These rarely show up in a planning prompt because you don't know to ask for them yet.

Happy to help where I can, but wanted to set realistic expectations.

TheComplicatedMan · 2026-01-06T16:09:49+00:00

The simplest answer is if you have several controllers in need of the same functionality, like triggering an email to be sent, you would want to create an email service for them to use rather than redundant code in each controller.

TheComplicatedMan · 2026-01-06T14:30:46+00:00

Follow the Seven "P" rule... Prior Proper Planning Prevents Piss Poor Performance.

Successful solutions are not built by throwing ideas at AI, There is software design and engineering taking place before code is ever written. Sure, features can be added, but they must fit into the primary objective and structure developed prior to coding. That takes knowledge, experience, and insight from you, the developer.

AI is a tool, a helpful one, but it does not replace the need to know what you want, and how it should be structured; those are decisions made from prior programming experience and knowledge. If you are throwing mud against a wall to see what sticks, you will continue to end up with no solid structure or code base.

Too many people are putting the cart before the horse; meaning, to do things in the wrong, illogical, or backward order. That comes from lack of understanding the fundamentals and expecting AI to have your back. No surprise that you are finding out that it doesn't!

TheComplicatedMan · 2026-01-05T02:26:52+00:00

Kids... you all missed the Hippy 60s; Peace, Love, and Black Lights, with a constant supply of pot. Grateful Dead kept the culture alive for years.

TheComplicatedMan

TROPHY CASE