Contract Services

Web Basics

CMS

Content Management System – manage website content without coding.

CRM

Customer Relationship Management – helps you track contacts, leads, and client interactions.

API

Application Programming Interface – enables systems to exchange data.

DNS

Domain Name System – maps domain names to servers.

CDN

Content Delivery Network – speeds up site load by caching globally.

HTTPS (SSL)

Secure protocol that encrypts browser-server traffic.

SEO

Search Engine Optimization – boosts visibility in Google and others.

Plugin

Modular add-on that extends your site’s functionality (e.g. shipping calculator, social login).

FAQ

Frequently Asked Questions – common answers for site visitors.

Business & Payments

Stripe

A platform to accept online payments securely.

PayPal

Online payment system supporting secure transactions and buyer protection.

nopCommerce

Open-source e-commerce platform based on .NET. Flexible, scalable, and widely used.

IR35

UK tax rule determining employment status for contractors.

Development & DevOps

Microservices

Design pattern using small, self-contained services for each feature.

Webhook

Automatic message sent from one system to another when an event occurs — often used for integrations and real-time triggers.

Background Jobs

Automated tasks that run behind the scenes — like sending emails, processing queues, or scheduled cleanups.

Terraform

Tool to define and deploy infrastructure as code (IaC).

Azure Pipelines

CI/CD system that automates build, test, and deployment in Azure.

YAML

YAML Ain’t Markup Language – a human-readable format often used for config files in CI/CD pipelines and infrastructure tools.

CI

Continuous Integration – automatically building and testing code with each change.

CD

Continuous Deployment – automatically releasing tested changes to production.

MVP

Minimum Viable Product – a basic version of a product for testing.

Security & Compliance

GDPR

General Data Protection Regulation – EU/UK law on personal data.

reCAPTCHA

Google service that protects websites from bots and abuse.

OAuth

Open Authorization – a secure way for apps to access user data without sharing passwords.

API Key

Unique identifier used to authenticate a request to an API, often used for basic access control.

JWT

JSON Web Token – a compact, secure way to transmit identity and claims between systems.

2FA

Two-Factor Authentication – adds an extra layer of security by requiring a second form of verification.

RBAC

Role-Based Access Control – restricts system access based on a user's role (e.g. admin, editor, viewer).

Key Vault

Azure service for securely storing secrets, certificates, and encryption keys, often used in secure infrastructure deployments.

B2C

Azure Active Directory B2C – a Microsoft identity service for customer-facing apps, supporting social and enterprise logins.

PBKDF2

Password-Based Key Derivation Function 2 – a secure hashing algorithm commonly used to store user passwords.

MFA

Multi-Factor Authentication – requires two or more verification methods to enhance login security.

OpenID

OpenID Connect – an identity layer on top of OAuth 2.0 used for federated authentication.

SSO

Single Sign-On – allows users to log in once and gain access to multiple systems without re-authenticating.

DNSSEC

Domain Name System Security Extensions – protects DNS from spoofing by digitally signing DNS data to verify its authenticity.

Security Headers

Common HTTP headers used to harden apps:

CORS

(Cross-Origin Resource Sharing) – restricts cross-origin access to APIs.

HSTS

(Strict Transport Security) – enforces HTTPS connections.

CSP

(Content Security Policy) – limits executable scripts and resources.

X-Frame Options

– prevents clickjacking by disallowing iframes.