Reference · Guides
Long-form base44 reference and analysis.
Security hardening checklists, production readiness guides, SDK references, and platform analysis written by engineers who ship on base44 every day.
May 1, 2026 · wix · acquisition
Base44 After the Wix Acquisition: What Changed, What Didn't
In June 2025, Wix acquired Base44 for $80 million in cash. The platform was six months old and solo-owned at the time. Eleven months later, we have a clear picture of what changed: pricing trended up, support response times trended down, security disclosures landed, and the AI agent's behavior shifted in ways users noticed. This article walks the timeline and the user-visible differences with sources.
May 1, 2026 · authentication · auth
Base44 Authentication Patterns: Login, MFA, SSO, and Session Management
Authentication on Base44 is mostly handled by the platform's User module, but the defaults are insufficient for production. The July 2025 SSO bypass disclosure proved that. This article walks the auth patterns that work in 2026: email/password with proper reset flows, Google OAuth with domain verification, MFA enforcement at the role level, server-side session validation, and the specific extensions you need on top of the platform's built-in auth to meet OWASP A07.
May 1, 2026 · credits · pricing
Base44 Credit System Explained: Why You Run Out and How to Stop
Base44 credits are the platform's internal currency for AI generations, integration calls, and certain backend operations. The system has three structural quirks that catch teams: credits don't roll over month-to-month, you can't buy more mid-cycle without a tier upgrade, and the burn rate scales with prompt size, not with feature value. This article explains what consumes credits, how to measure your real usage, and the patterns that cut burn by 50–70% in our audit engagements.
May 1, 2026 · database · entities
Base44 Database Best Practices: Entity Schema, Queries, and Scale
The Base44 entity layer is a wrapped Postgres with opinions about how you can interact with it. The opinions matter: no transactions across entities, opaque indexing, no bulk delete, default-permissive reads. Designing entities for production means working with the platform's grain rather than against it. This article covers schema patterns that scale, query patterns that perform, and the platform-specific gotchas that bite teams once data grows past prototype scale.
May 1, 2026 · deployment · checklist
Base44 Deployment Checklist: Pre-Deploy Verification That Catches Real Bugs
Most Base44 incidents we audit could have been caught by a 15-minute pre-deploy checklist. The platform has no native CI, no automatic smoke tests, no deployment gating. The defense is discipline: a written checklist that runs every deploy, with explicit go/no-go criteria. This is the checklist we use on every client engagement, refined across hundreds of deploys, and the rollback procedures for when something goes wrong anyway.
May 1, 2026 · errors · reference
Base44 Error Reference: 30+ Documented Errors and Their Fixes
A tabular reference for every documented Base44 error we have seen in audit work. Each row gives the symptom (what users see), the underlying cause (why it happens), and a one-line fix or workaround. Errors are grouped by category — generation, deployment, runtime, integration, billing, auth, and platform — and cross-link to the relevant /fix/ pages where deeper diagnosis is needed.
May 1, 2026 · limitations · architecture
Base44 Limitations Explained: What the Platform Cannot Do
Every platform has limitations. Most marketing materials hide them. This is the complete catalog of what Base44 cannot do as of mid-2026: structural architecture limits (no WebSockets, no service-account mode, CSR-only rendering), data limits (no bulk delete, opaque storage caps, default-permissive entities), integration limits (custom integrations deprecated, deliverability shared), and compliance limits (no SLA, no SOC 2 attestation, limited audit trails). Read this before you build anything mission-critical.
May 1, 2026 · performance · core-web-vitals
Base44 Performance Optimization Guide: Make Your App Actually Fast
Base44 apps default to client-side rendering with unbundled entity queries, which produces LCP in the 4–6 second range and INP above 300ms on real-user mobile. The fixes are mechanical: code-split routes, paginate entity lists, cache LLM calls, move blocking work to backend functions, and put a CDN with rules in front of the platform. This guide walks each bottleneck with measurements and the specific changes that move the numbers.
May 1, 2026 · pricing · cost
Base44 Pricing: The Real Total Cost of Production Apps in 2026
Base44's marketed price is the smallest line on a production app's bill. The real total cost is subscription plus credit overage plus third-party integration fees plus migration insurance plus support contract gaps. For a typical small SaaS, the headline $200/month plan turns into $600–1,200/month at modest scale, and 3–5x that for any app with significant AI agent usage. This analysis walks every cost surface with worked numbers.
May 1, 2026 · production · readiness
Base44 Production Readiness Guide: What to Fix Before Real Users Touch It
A Base44 app is not production-ready when the demo works. It is production-ready when reliability, observability, security, billing safety, performance budgets, accessibility, support runbooks, and a documented exit plan are all in place. This guide walks each pillar with what is good enough, what is not, and the specific Base44 quirks that catch teams off guard between MVP and 1,000 users.
May 1, 2026 · migration · schema
Base44 Schema Migration Best Practices: Don't Lose Data
Schema migration is where Base44 apps lose data. The AI agent will rename a field, drop a column, or change a type without warning the user that the change is destructive. Safe migration is mechanical: snapshot first, version the schema, dual-write during transitions, never trust the agent for migrations, and always test rollback before applying. This guide is the playbook we run on every migration audit.
May 1, 2026 · sdk · reference
Base44 SDK Reference: Entities, Auth, Functions, and Integrations
The Base44 SDK is the only supported way to talk to your data, auth, files, and backend functions from the frontend. This reference covers the public surface — Entity CRUD, the User module, file uploads, integration helpers, and backend function invocation — plus the undocumented behavior that catches teams off guard. It is opinionated about what to use, what to avoid, and where the SDK's design forces unsafe defaults you must override server-side.
May 1, 2026 · security · checklist
Base44 Security Hardening Checklist: 32 Concrete Steps for Production Apps
Base44 ships with permissive defaults: every authenticated user can read every entity, JWTs leak through URL fragments, and the SDK exposes app_id publicly. Hardening means flipping each default and instrumenting what the platform does not. This checklist covers 32 concrete items grouped by auth, data access, secrets, headers, integrations, and observability — every one is something we have personally fixed in client audits.
May 1, 2026 · seo · search
Base44 SEO Best Practices: Make Your App Visible to Google
Base44 ships client-side rendering by default, which means Google sees an empty page on most public routes. Default meta tags do not vary per page. There is no native sitemap, no schema markup, no canonical URL handling. SEO on Base44 requires putting an SSR or pre-rendering layer in front of the platform — typically a Cloudflare Worker or a Vercel rewrite that fetches your data and serves rendered HTML to crawlers. This guide is the working playbook.
May 1, 2026 · stripe · payments
Base44 Stripe Integration: A Production Guide for Subscriptions and Payments
Stripe on Base44 mostly works, until the parts that don't: webhooks fire only when users are active, signature validation is your job, the platform doesn't support in-app purchase for iOS apps, and AI agent regenerations regularly break checkout flows. This guide walks the production-grade integration: Checkout vs. Elements, customer model, subscription lifecycle, webhook signature validation, refund handling, and the iOS rejection trap.
May 1, 2026 · lock-in · migration
Base44 Vendor Lock-In: What's Actually Locked, What's Portable
Base44's lock-in is not a single thing. It is a stack of bindings: the SDK that calls home to base44.com, the entity layer with no portable schema, the integrations bound to platform credentials, the rendering layer assuming Base44's runtime, and the auth tokens issued by Base44's identity service. Each binding has different escape costs. This article walks each one with realistic estimates of what you can take with you and what you have to rebuild.
May 1, 2026 · cost · comparison
Base44 vs Custom Development: Real Cost Comparison in 2026
The fastest way to mislead yourself about Base44 cost is to compare its monthly subscription to nothing. The right comparison is against building the same app on Next.js + Supabase or similar custom stack. This article runs the math: first-year totals, three-year totals, hidden multipliers on both sides, and the breakpoint where custom development pays back. Conclusion: Base44 wins for prototypes; custom wins clearly above $1,500/month effective Base44 spend.
May 1, 2026 · webhooks · integrations
Base44 Webhooks Complete Guide: Receiving, Sending, and Reliability
Webhooks are how Base44 talks to the rest of the internet. Inbound webhooks arrive as POSTs to backend functions; outbound are fetch calls. The complications: Base44 has documented behavior where webhooks fire only when users are active, signature validation is your job, retries are your job, and the routing layer occasionally returns 405 on POST. This guide covers reliable patterns for both directions, plus the reconciliation that catches what the platform misses.
May 1, 2026 · production · decision
Is Base44 Production Ready? A 2026 Decision Framework
Most articles on this question say 'it depends.' That's a non-answer. Base44 is production-ready for some use cases and explicitly not production-ready for others, and the difference is knowable in advance. This article gives a decision framework that scores your specific app against eight criteria, then maps the score to a recommendation: ship, harden first, or migrate. The framework is the one we use on every audit.
May 1, 2026 · owasp · security
OWASP Top 10 in Base44: How Each Risk Manifests and How to Mitigate
OWASP's Top 10 framework names the ten most critical web app security risks. On Base44, several of those risks manifest in platform-specific ways: broken access control surfaces as default-permissive entities, cryptographic failures show up as JWTs in local storage, security misconfiguration is the platform's default headers. This article walks each category with what it looks like on Base44, what the platform does and does not do for you, and the specific mitigations engineers must implement.
NEXT STEP
Need help with your base44 app?
Order a $497 audit or book a free 15-minute call.