In the course of developing a Swell app, you should be aware of a few best practices to ensure your apps are efficient in a large scale production environment. For example, when offering an open-source app, the merchant is responsible for the cost of resources consumed, and in turn could be frustrated by an inefficient implementation.

Performance and security optimization will be a constant focus for Swell as the ecosystem expands. During an app review process, you might encounter questions or feedback related to the patterns you’ve implemented.

For the good of merchants everywhere, we recommend you follow this guide to stay ahead of the curve.

Performance

Models, functions calls, API calls, and data storage are the key aspects impacting overall application performance. The simplest way to optimize, is to minimize the impact of each of these aspects as it relates specifically to your app.

Models:

  • Before diving into development, spend time analyzing and understanding the data structure your app will require.
  • Use consistent naming contentions. Your models and fields will become an important part of a consumer’s implementation. Prefer lowercase letters and underscores for app fields (e.g., products, order_items).

Functions:

  • Consider adding model events specific for your app, instead of subscribing to simple update events that have to be filtered at the function-level.
  • Be careful about function runtime. Depending on the merchant’s Swell, long running functions could result in errors that render an application useless.
  • For smaller merchants in particular, make sure to implement graceful timeouts and notification mechanisms to account for potentially long-running functions.

API calls:

  • Debounce techniques can help you limit the frequency of API calls, reducing the load on your server and preventing unnecessary requests.
  • Use pagination and filtering techniques to retrieve only the data your app needs at a given time.
  • Consider using batch requests to combine API calls into a single request.

Data storage:

  • Only store the data that is absolutely necessary for your app to function.
  • Organize your data in a structured and logical manner using appropriate collections, fields, and relationships.
  • Depending on your use-case, consider establishing data retention policies.
  • Ensure that sensitive data, such as personally identifiable information (PII) or payment details, is stored securely and protected from unauthorized access. Implement proper access controls, encryption, and other security measures to safeguard the data your App stores in a merchant's account.

Security and permissions

It is imperative to ensure the security of merchant data and functionality. To help you maintain a high level of security, consider the following best practices:

  1. Least privilege principle: Assign the minimum required permissions to access resources within your app. This helps prevent unauthorized access and reduces the potential impact in case of a security breach.
  2. Validate and sanitize input: Always validate and sanitize user input to prevent security vulnerabilities such as query injection and cross-site scripting (XSS).
  3. Encrypt sensitive data: Encrypt sensitive data and use secure methods for transmitting them externally.
  4. Update dependencies: Keep your app's dependencies up-to-date to prevent security vulnerabilities from outdated libraries or packages.
  5. Error handling: Implement proper error handling in your app to prevent information leaks that could expose sensitive data or provide hints for potential attackers.
  6. Monitor and audit: Continuously monitor and audit your app to detect any security issues or breaches, and have a plan in place to respond to such incidents.

Testing

Implementing a comprehensive testing strategy ensures that your app works as expected, reduces the risk of errors, and provides a smooth user experience. Consider the following best practices when testing your Swell app:

  1. Develop a test plan: Outline your test scenarios and test cases. This plan will serve as a guide throughout the testing process and help ensure complete test coverage.
  2. Multiple techniques: Employ various testing techniques, such as unit testing, integration testing, and end-to-end testing, to identify potential issues at different levels of your app.
  3. Multiple devices and browsers: Test your app on a range of devices and browsers to ensure compatibility and a consistent user experience across different platforms.
  4. Test with real data: Use realistic data sets during testing to accurately simulate user interactions and evaluate your App's performance under real-world conditions.
  5. Load and stress testing: Assess your app's performance under varying loads and stress conditions to identify potential bottlenecks and ensure it can handle increased traffic.
  6. Continuous testing: Integrate testing into your development process to catch issues early and ensure that new changes do not introduce unexpected errors.