JWT Token

Authentication and authorization are the most important security features to be implemented for any API. One way to manage this information is through sessions. Once users log in, a session is created on the server-side for the user with user metadata information. The problem with this approach is that this is stateful and difficult to scale. Another way to implement the metadata is to send back a hash or a key once the user logs in successfully, and every subsequent request needs to pass this key back. This key is stored along with user metadata is stored in the database to avoid statefulness. The disadvantage here is an additional database query, every time a request comes in.

JWT or JSON Web Token solves this problem. JWT is a string in JSON format, encrypted with a key. The encryption can be symmetric or asymmetric. JWT contains 3 sections, a header, a payload, and a signature.

Header: The header JSON normally contains two fields, a type (typ), which is always “JWT” and alg field providing algorithm used for encrypting the token.

"alg": "HS256",
"typ": "JWT"

Payload: This section contains JSON for any payload or data you want to send. This can contain fields that can identify the user and their roles for authorization and authentication. This can also have iat or Issued At time and token expiry time (exp).

"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022

Signature: The signature is the encrypted part of the token. The encryption is done using the algorithm mentioned in the header. The signature can only be decrypted using the secret key.

Sample JWT token

Originally posted: https://cloudyforsure.com/security/jwt-token/

4Ps of Marketing


Product Levels

5 Product levels - Five product levels

Search Goods: You search and compare characteristics before you buy, for example, in mobile- screen size, camera pixel, features, etc.

Experience Goods: where you can categorize as good or bad after experience only, for example, a stay in a hotel for the first time.

Credence Goods: Where you cannot categorize even after consumption for example an online course (you do not have anything to compare to unless you have taken another course on the subject).

Product Life Cycle or PLC


BCG Matrix



The second P of marketing is Promotion, which is a basic means for generating awareness about the product and create a desire to buy.

6M strategy model

  1. Mission: What is the objective?
  2. Market: Who are my customers?
  3. Message: What I will tell my customers?
  4. Media: How do I reach them?
  5. Money: Budget
  6. Measure: Was the campaign effective?

Two choices of channels

  1. Personal Communication: Mostly more effective and low price via Telemarketing, Emailing or one on one meetings.
  2. Impersonal communication: Mass media via Newspaper or T.V.


The third P of marketing is Place. This gives the convenience of product availability at an arm’s length and helps build trust with customers.


The fourth P of marketing is Price. A fundamental mistake done by companies is to think of price as cost + profit. Ideally one needs to do market research and competitive analysis to come up with the target price. Once one has a target price, it helps to come up with a target cost and help figure out how much to be spent on RnD, marketing, manufacturing, etc.

Two common pricing strategies are skimming (enter high and then move to low) and penetration (enter low and move to high).


Going rate pricing is another strategy where current pricing is studied in the market and an average is taken for pricing the product.

Marketing Basics

In a dictionary Marketing is defined as “the action or business of promoting and selling products or services, including market research and advertising.“.

Before getting into depth, let’s take a step back and refer to the famous question asked in the paper “Marketing Myopia” by Levitt, i.e. “What business are you really in?“. The question forces one to think beyond what products are you selling to what “needs” of customers are you fulfilling. Marketing is all about understanding customer needs.

Need” is a state of dissatisfaction. Need is a problem and “want” is the solution. I “need” to communicate, I “want” a phone. A “want” combined with a willingness to pay becomes the demand – I am ready to pay for an ‘iPhone”.

Another important aspect is to understand the “value” that the product is adding to the customer. Say, I have the option of buying two phones, I would like to buy the one which gives more value. Perceived value can be thought of as perceived benefits – perceived cost.

P(V) = P(B) – P(C)

While choosing a product over other

P(B1)-P(C1) > P(B2) – P(C2)

or B1-B2 > C1- C2

or Extra Benefits I am getting is more than the extra cost I am paying.

Segmentation – Targeting – Positioning

Segmentation is about grouping your customers by identifying commonalities based on their needs. Segmentation should not be geographical (urban/ rural, north/ south), or demographic (age, sex, education, economic class) but based on personality, values, lifestyle, and behavior.

Segmentation is a three-step process

  1. Clustering
  2. Profiling
  3. Assigning a segment descriptor

Targeting is to select the segments that you will focus on.

There are the following targeting approaches

  1. Mass Market: un-differential
  2. Focus on all, but with the segmented approach: Diffeerential
  3. Focused Strategy: One or two segments

Factors to be considered while targeting

  1. Sales Potential: How much sales can be made for the segment?
  2. Profitability
  3. Consumer Maturity
  4. Competition
  5. Own Abilities

Competition: A less fragmented market can provide healthy competition. HHI or Herfindahl-Hirschman Index can provide a good measure to check how fragmented the market is.

HHI= s1^2 + s2^2​ + s3^2 ​+ …sn^2​

where: sn​=the market share percentage of firm n 


Positioning is “what to tell these customers?” so that they chose you.

While positioning one can take two approaches

  1. Point of Parity or PoP: How are we similar to other products?
    1. Category Point of Parity
    2. Competitive Point of Parity
  2. Point of Difference PoD: How are we different from other products?

SWOT Analysis

Strength – Weakness – Opportunity – Threat analysis is an old tool used by product teams to understand their characteristics. An important aspect one needs to take care of is all your strengths should map to opportunities, and similarly, weaknesses should map to threats.

5C Analysis


Branching Strategies

When one starts a project, one question that needs to be answered immediately is how to manage the code? The branching strategy needs to be finalized, in the agile world, we want to make sure code gets merged and deployed asap. Continuous Integration and Continuous delivery want us to make sure our code is always in a state that is ready to be deployed on production.

There are two most common branching strategies which are used in Industry. I have written about these in my book on microservices. Here is an overview.

Feature-Based Branching

The idea is to separate branches for each feature. The feature gets merged back to the production branch once it is implemented and tested completely. An important advantage this kind of approach gives us is that at any point in time there is no unused code in the production branch.

Single Development Branch 

In this approach, we maintain a single branch in which we keep on merging even if the feature is incomplete. We need to make sure the half-built feature code is behind some kind of flag mechanism so that it does not get executed unless the feature is complete. 

Cloud-Native Design with 12 Factor App

There are many guidelines available for building a cloud-native application. One of the Industry accepted set of guidelines is 12 factors suggested on https://12factor.net/

In nutshell, here are the 12 factors to help your application build in a cloud native manner.

Codebase: One codebase tracked in revision control, many deploys
Dependencies: Explicitly declare and isolate dependencies
Config: Store config in the environment
Backing services: Treat backing services as attached resources
Build, release, run: Strictly separate build and run stages
Processes: Execute the app as one or more stateless processes
Port binding: Export services via port binding
Concurrency: Scale-out via the process model
Disposability: Maximize robustness with fast startup and graceful shutdown
Dev/prod parity: Keep development, staging, and production as similar as possible
Logs: Treat logs as event streams
Admin processes: Run admin/management tasks as one-off processes

A good tutorial on practical usage of these 12 factors in your application


A normal flow between client and server over HTTP connection is made of Requests and Responses.

HTTP communication

The client sends a response to the server and then the server sends back the response. Now there can be use cases where the server would have to send data to the client, for example, a chat application or a stock market tracker. In such scenarios, where the server needs to send data to the client at will, WebSocket communication protocol can solve the problem.

WebSocket provides full-duplex communication channels over a single TCP connection. Both HTTP and Websocket protocols are located at layer 7 in the OSI model and depend on TCP at layer 4.

Websocket Connections string looks like ws://some.example.com or for secured wss://some.example.com

To achieve the communication, the WebSocket handshake uses the HTTP Upgrade header to change from the HTTP protocol to the WebSocket protocol.

WebSocket handshake

  • The client sends a request for “upgrade”  as GET 1.1 upgrade
  • The server responds with 101- Switching protocols 

Once the connection is established, the communication is duplex, and both client and server and sent messages over the established connection.

Challenges with Websockets

  • Proxy is difficult at Layer 7. It will mean 2 levels of WebSocket connectivity, client to proxy and then proxy to backend.
  • Layer 7 load balancing is difficult due to the stateful nature of communication.
  • Scaling is tough due to its stateful nature. Moving the connection from one installed backend to another would mean resetting the connection.

Disclaimer: This post was originally posted by me in the cloud community –https://cloudyforsure.com/networking/websockets/

HTTP 1 vs 2 vs 3

For years, the Internet is powered by HTTP protocol helping millions of websites and applications deliver content. Let’s take a look at the journey of the HTTP protocol, its past, present, and future.


The current version of the HTTP 1 protocol is actually HTTP 1.1. But let’s start with HTTP 1, which was a simple request-response protocol.

HTTP 1 flow

HTTP 1.1

As we can see in HTTP 1 implementation, one major problem was that connection needed to be established after each request. To solve this problem HTTP 1.1 came up with a keep-alive concept which helped to send multiple requests over a single connection. To achieve the speed, HTTP1.1 had 6 TCP connections behind the scenes instead of 1.


Though HTTP 1.1 was much faster than HTTP 1, it had some problems, most importantly, it was not making use of TCP connection completely. Each connection was sending one request at a time. This problem was solved in HTTP 2 and multiple concurrent requests could be sent.


To achieve this parallel request over a single HTTP connection, HTTP 2 uses the concept of streams. That is, each request being sent from the client has a unique stream id attached behind the scenes. This helps the client and server identify the calling and receiving endpoints. One can think of each stream as an independent channel for communication.


One problem with HTTP 2 is that the streams we have defined are at the HTTP level. TCP is not aware of the concept and is just sending packets at a lower layer. So if there are 4 independent requests sent using 4 different streams, and even if a single packet for any of the requests is lost in the communication, the backend server will keep waiting for the packet and all 4 requests will wait.

HTTP 3 plans to solve this problem by implementing HTTP over QUIC instead of TCP. QUIC too has the concept of streams inbuilt, so in the above-mentioned scenario, when one packet is lost for one request out of 4, only one stream is impacted and response for the other 3 requests will be successfully served.

Disclaimer: This post was originally posted by me in the cloud community –https://cloudyforsure.com/networking/http-1-vs-2-vs-3/

Corporate Finance: Value Maximization

Value Pentagon

image source: https://soni-sourabh.blogspot.com/2013/10/value-pentagon-shareholder-value.html

Company as-is value is the value of the company without any restructuring or change.

The company’s optimum value is the value that can be achieved after the restructuring is done.

Internal restructuring: Find out redenancies, wastages, remove bottlenecks.

External Restructuring: Merger, demerger, acquisition, etc.

Financial restructuring: Writing down useless assets, debt restructuring etc.

Shareholder vs Stakeholder value

When we talk about the value of the company, they normally have two approaches, increase shareholder value or stakeholder value. Both approaches have their pros and cons. The shareholder value approach is easy to track, as you can look at the numbers and figure out if the shareholder value has increased. But at the same time, this approach can be myopic and focus on short-term goals.

The stakeholder value approach has a broader view, where it talks about customers, employees, society, shareholders, and other stakeholders. The problem here it is hard to track as there is no direct way to track it. For example, giving better discounts and better salaries might help me keep my customers and employees happy, but might add to losses.

Measuring shareholder wealth creation

Market Value Addition or MVA is an important aspect to understand shareholder value. For example, there are two companies, A and B, both with a market cap of say 1000 crore. But the network of company A is 500 crore and company B is 250 crore. We can see MVA for company A is 500 crore whereas company B is 250 crores. In other words, the market view potential for growth in company B.

Corporate Restructuring

Corporate restructuring includes acquisitions, demergers, joint ventures, etc. For example, buying Corus helped Tata steel to jump from 55th ranked in steel revenue worldwide to 5th rank.

Corprate restructuring can be done by

Expansion: Absorption, Tender Offer, Asset acquisition, Joint venture, etc.

Contraction: Demerger – Spin off, split off, split up, Equity carve out etc.

Corporate Control: Going private, Equity buyback, leveraged buyout, etc.

Corporates can unlock value by demergers. Studies report that the observed value of the diversified firm is, on average, 15 percent less than the sum of the implied market value of its divisions, as compared to stand-alone market values of single-segment firms in those industries.

Factors behind diversification discount

Information hypothesis: the inability of markets to correctly evaluate conglomerate structures with unrelated businesses, leading to possible undervaluation.

Inefficient Management hypothesis: the inability of the managers to efficiently manage unrelated businesses.

Inefficient investment hypothesis: distortion of investment due to competition among units for resources.

Modes of asset disposition

Slump sale:  Slump sale means the transfer of one or more undertakings as a result of the sale for a lump sum consideration. For example, Ruchi Soya buying biscuit business from Patanjali Natural Biscuits Pvt Ltd (PNBPL) for 60 crores.

Spin-Off: A spinoff is the creation of an independent company through the sale or distribution of new shares of an existing business or division of a parent company. When a new company B is carved out of company A, mostly shareholders of company A will get some proportional shares of company B.

Spin-Off helps in

  • Unlocking hidden value: establish a public market valuation for undervalued assets.
  • Undiversification: divest non-core business and sharpen strategic focus
  • Institutional sponsorship: Promote equity research coverage
  • Public currency: the public currency for acquisition and stock-based compensation programs
  • Motivating Management
  • Eliminating dis-synergies
  • Corporate Defence: Divest “crown jewel” asset to make the takeover of parent company less attractive.

Challenges in spin-off: There are certain aspects that need to be managed, for example, if the parent company has debt, how this debt will be divided between parent and spin-off company. The lenders need to agree on the arrangement.

Split-Off: In a split-off, the parent company offers its shareholders the opportunity to exchange their parent-co shares. For example, a big shareholder can give up shares in the parent company to gain controlling stakes in the new company.

Split-up: Division of a company into two or more publically traded companies. The difference here is that instead of the parent company and spun-off company, we have completely new companies into existence.

Equity Carve-out: Also known as IPO carve-out, the parent company sells a portion or all of its interests in a subsidiary to the public in an initial public offering.

Financial Restructuring

Cleaning up a balance sheet: writing off losses, writing down useless assets, can be done through asset restructuring and recapitalization.

Debt Restructuring

  • Strategy-Driven: Restructure debt by lowering the interest rates.
  • Crisis-Driven: When a company defaults, the company is forced to restructure debt.

Equity Restructuring

  • Special dividend: One-time dividend
  • Share buyback: reduces the shareholder base. As a regulatory requirement, the debt-equity ratio should be 2:1, after the buyback. Buyback can happen through the open markets, tender offers, and buyback from employees.
  • Stock Splits: helps with liquidity
  • Bonus Shares: When the company is growing fast but does not want to distribute cash in form of a dividend, a bonus share will help reward the shareholders.

Human Resource Management

Any system has the following core features – Inputs, Processes & Procedures, Output, and Feedback. When we think of HRM systems, we can look at these features as

  • Inputs- People with their Knowledge, Skills, Abilities, and personalities.
  • HRM Processes, Procedures, and Policies
  • Outcomes- Organizational Perspective and Employee Perspective
  • Feedback – Internal or External

Core objectives of any HRM system from Org side

  • Productivity or Performance (Ability * Motivation* Opportunity)
  • Job Satisfaction
  • Motivation or Engagement
  • Low Attrition

Objectives from Employee side

  • Employee Contract: When an employee joins a company, there is a formal contract between employee and company. It is HR’s responsibility to make sure terms are fulfilled (leaves, medical benefits, etc)
  • Psychological Contract: A more important aspect from the employee’s side is a psychological contract which is unwritten, for example, the firm will help employees to learn and grow.

HR system has following processes

  • Recruitment and Selection
  • Orientation
  • Performance Management -> Compensation (Increments & Incentives), Training and development
  • Exit Processes

HR Environment impacting policies


  • Economic
  • Product Market
  • Labor Market
  • Government regulations
  • Social environment


  • Organization Culture
  • Business strategy
  • Org Size
  • Leadership
  • Technology
  • Lifecycle stage

Any organization goes through various lifecycle stages like startup -> Growing -> Mature -> Decline. HR policy will be impacted by the current stage of the organization. For example, an org in the startup phase will have different policies to attract organizations like profit-sharing in terms of ESOPs.

HR Strategies

Innovative Strategy: Firms need employees to be innovative, risk-taking, develop new skills, and exchange ideas. Firms allow employees to become stockholders by providing stock options as part of pay.

Quality Enhancement Strategy: Firms that are looking to gain a competitive advantage by improving the quality of products and production. Mostly comes with a fixed job description but employees need to be flexible and adaptable to new technologies. Performance appraisals are mostly short-term and result-oriented.

Cost reduction strategy: Firms with relatively fixed and explicit job descriptions try to gain a competitive advantage by cost reduction strategy. Narrowly designed career paths encourage specializations, expertise, and efficiency. Appraisals are short-term and result-oriented.

Different organizations are looking for different aspects in an employee. For example, a startup would look for employees

  • Risk-taking
  • Ready to experiment
  • Tolerance for failure- fail fast and learn
  • Entrepreneurial
  • Problem solver
  • Handle ambiguity

Innovation = AMO (Ability * Motivation * Opportunity)

Land, Labor, and Climate- Nonmarket forces

When we talk about nonmarket strategy, there are many factors that impact a firm. Here we will talk about the three most important aspects that a firm needs to be thinking about are – land, labor, and climate. We already talked about the climate in the last post. We will discuss more labor and land here.

Volkswagen Emission Scandal: An important case to understand the impact of non-market forces on a company is the case of Volkswagen which came into light in 2014-15. The company used a defeat device to cheat the emission tests giving false readings while the cars were being tested for emission against CCA emission standards. Volkswagen had ambitious revenue and sales goals, but at the same time, it suffered from high labor and manufacturing cost due to the way decision-making power had a big role in labor representations. Once the scandal was highlighted, Volkswagon came up with a strong nonmarket strategy under the new CEO where they invested heavily in future-oriented electric cars.

Land: Land is an important input for any business, to open factories, offices, storage units, etc. any firm needs land. Along with being important, the land is also a very complicated input to attain. Most land is owned by private owners or households. Obtaining a big chunk of land in a developing country like India which has a high population density can be a big challenge. The difficulty factor will vary based on factors like population density, type of land (land currently used for agriculture or residential purpose), connectivity (factories want easy access to roads, airports, shipping ports, etc.), and so on.

An interesting case study for land acquisition in India is the Tata motors Singur case in West Bengal, where the organization failed to set up the factory due to opposition from landowners. Without getting into political aspects, we will look at the Land acquisition act LARR which was the result of the Singur case.

image source: https://www.downtoearth.org.in/news/agriculture/-state-govts-acquire-land-by-subverting-rights-and-bending-the-law–62463

Rather than a forceful acquisition of land, consent-based ownership transferred needs to be in place. One solution is to go for an auction-based option given to landowners, where every owner can give their expected value of the land. The firms can choose the lowest bidders and an option of giving an alternate land can be given to people who are not ready to give up land for money. Another option that is in need of the hour is to rather than going horizontally, firms need to think more of going vertically when setting up new factories to help optimized usage of land. Also, profit-sharing options should be given to landowners.

Labor Laws: Labor is a necessary requirement for any kind of business. Any firm looking to set up a business at any location needs cost-effective skilled labor. A very simple calculation is how much investment of X per hour in labor is yielding in terms of outcome. Labor laws in any country will give directions for the discharge or dismissal of workers, wages, bonuses, lay-offs, retrenchment, and work conditions. For example, minimum wages laws help ensure that firms are paying a basic minimum wage so that workers can live a decent lifestyle.