Payload’s built-in authentication is fine for CMS users but falls short for SaaS apps—it only supports email/password login and doesn’t handle social providers or external sessions. In this post, I show how I replaced Payload’s local auth with Better Auth, enabling social login, external session management, and role assignments, while keeping Payload as the source of truth for users. This approach lets you build a SaaS-ready authentication system without giving up Payload’s RBAC and access control.

A technical breakdown of how we use Payload CMS and the Vercel AI SDK to build AI-native FinSureTech applications at InnoPeak—from prompt management and structured outputs to embeddings, background AI workflows, and production-grade introspection for advisory tools.

At InnoPeak, we use a schema-first approach for Finly’s GraphQL API, relying on GQLGen to generate models, enums, and resolver stubs while keeping the focus on a clean, expressive graph. To cut down on duplication, we introduced a complementary code-first layer that generates model and enum definitions automatically—allowing us to concentrate on shaping the rest of the graph.

In Finly, we implemented real-time notifications using PGNotify as a lightweight Pub/Sub system. This powers our notification center, ensuring it updates automatically when new entries arrive and triggers a toast notification for immediate feedback. In this post, I’ll walk through how we set it up in Go and provided our client with a GraphQL subscription.

See how we improved our frontend Docker build times by 50% using the Drone Docker plugin and smart caching of dependencies and intermediate stages, making our CI/CD pipeline faster and more efficient.