Stop rebuilding auth, organizations, RBAC, billing, and API keys from scratch on every project. SaaS Starter gives you a production-ready Next.js 15 foundation so you can ship your idea — not the infrastructure.
One-time payment · Perpetual license · Instant download
3-min walkthrough demo
Register → org → invite member → API key → /api/v1/projectsAuth, multi-tenancy, RBAC, billing hooks, API keys, and audit logs are the same on every B2B SaaS project. Stop rebuilding them. Start with SaaS Starter and spend your weekend on what makes your product unique.
Each module is production-quality, fully typed, and designed to extend — not a toy example.
Email/password + OAuth (Google) via Auth.js v5, bcrypt, JWT sessions.
Organizations, memberships, tenant-scoped data — all data gated by organizationId.
Owner / Admin / Member roles with a central permission matrix (lib/rbac.ts).
Subscription model, Stripe webhook handler, and a plans UI — just add your keys.
SHA-256-hashed keys shown once; versioned public API at /api/v1/* with key auth.
Every mutation records who/what/when, scoped per org. Drop-in compliance trail.
Vercel deploy button provisions a Neon Postgres DB, runs migrations, seeds demo data.
route() wrapper, Zod validation, ok()/err() helpers — add a new module in minutes.
Not a skeleton. Every file below is implemented and tested end-to-end.
| Module / File | What it does |
|---|---|
| Prisma schema | User, Account, Session, Organization, Membership, Invitation, Subscription, ApiKey, Project, AuditLog |
| Auth.js config | Credentials + Google OAuth, JWT strategy, Prisma adapter |
| Middleware | Route-level session guard for /dashboard and /settings |
| Tenant isolation | lib/tenant.ts resolves { userId, organizationId, role } on every request |
| RBAC | lib/rbac.ts — can() / assertCan() + permission matrix |
| Audit log helper | lib/audit.ts — one line to record any mutation |
| API-key system | Generate, hash, prefix, verify — lib/api-auth.ts |
| Stripe webhook | Production-grade signature verification (HMAC-SHA256, constant-time, replay-protected); add your Stripe keys to go live |
| Public API | app/api/v1/projects — shows the key-auth pattern end-to-end |
| Settings UI | Members, API keys, Billing pages wired to route handlers |
| Dashboard | Overview + recent audit activity, projects CRUD module |
| Seed script | Demo org + user → owner@acme.test / password123 in one command |
Built with
Lite is everything you need to validate an idea. Full is the complete production stack — plus support and lifetime updates so you never start from scratch again.
| Capability | Lite — free | Full — $99 |
|---|---|---|
| Authentication (email/password + OAuth) | ✓ | ✓ |
| Multi-tenancy (orgs + members) | ✓ | ✓ |
| RBAC (Owner / Admin / Member) | ✓ | ✓ |
| Projects CRUD module | ✓ | ✓ |
| Dashboard overview | ✓ | ✓ |
| Stripe billing + webhook (HMAC-verified) | — | ✓ |
| API keys (hashed) + versioned public API | — | ✓ |
| Per-org audit logs | — | ✓ |
| 1-click Vercel deploy + Neon provisioning | — | ✓ |
| Typed API layer (route() + Zod) | — | ✓ |
| 90-second setup walkthrough (Loom) | — | ✓ |
| Deploy help | — | ✓ |
| Priority email support | — | ✓ |
| Lifetime updates | — | ✓ |
One-time payment · Perpetual license · Lifetime updates included
No subscriptions. No per-seat fees. Own it forever.
A perpetual, personal-use license to build unlimited SaaS products for yourself or clients. You may not resell the boilerplate itself.
PostgreSQL via Prisma. Works with Neon (free tier available), Supabase, or any managed Postgres.
Auth.js v5 (NextAuth v5) is in stable beta and widely used in production. The starter pins a specific beta release and will track stable on release.
No. Stripe is a skeleton — the webhook handler and Subscription model are wired but the actual Stripe SDK calls are left as clear TODOs. Flip it on when ready.
Lite includes auth + multi-tenancy + RBAC — enough to validate an idea. Full adds billing, API keys, audit logs, 1-click deploy, the typed API layer, priority support, and lifetime updates — the complete production stack.
Pay once, get every future update to the boilerplate at no additional charge. When new modules or Next.js major-version upgrades land, you get them free.
Questions about setup, customisation, and deployment — answered within one business day. Lite users are welcome to open GitHub issues, but response time isn't guaranteed.
Yes — it was built on Next.js 15 App Router with React 19 from day one. No legacy pages/ router.
Stop starting from zero. Get the complete production stack — billing, API keys, audit logs, deploy walkthrough, priority support, and lifetime updates — all for a single $99 payment.
Buy on Gumroad — $99Price goes to $149 after launch week · One-time payment · Instant download