I’m building a SaaS Startup from scratch (SOLO)
This has always been a dream of mine. Run my own company, a Software as a Service, and be my own boss. Finally I have gathered all the materials and knowledge to finally start this journey.
Join me as I share every step of the way with you, the ups and the downs, of this amazing tech journey. Come along and learn with me – and code with me. This is all about me building a SaaS from scratch.
Chapters for easy navigation:
0:00 intro
0:26 why this startup journey is different
1:15 what the series will cover
2:18 topics covered in this video
2:45 THE IDEA
5:10 executing the idea – HOW?
6:38 my current progress + sexy UI
7:18 why nextjs?
8:50 joining the platform (very sexy UI)
11:10 instantly check if email exists (SMART SOLUTION)
12:34 why mongodb?
13:09 please leave FEEDBACK and LIKE video
Get your Developer Resume Template ➡ ✏️📋
Join my Newsletter ➡ 🔥
Join my Discord Server ►
Follow me on Twitter ►
Follow me on Instagram ►
Check me out on GitHub ►
INQUIRIES AND COLLABORATIONS ► grebowskifilip@gmail.com
MUSIC BY ► @epidemicsound
#saas #startup #developer
I love what you did with the validation and I am looking forward to see the next part of this series! 🙂
Just to clarify: I’m sending emails to the frontend for showcase reasons, I’m not going to be exposing them like this in the actual app. Emails are considered personally identifiable information. Never expose them on the frontend.
Okay and where is then the smart solution? When this logic resides in the backend then you have basically what everyone does
I get the intention, giving realtime feedback is nice. But, please don’t do it. All requests will be exposed on the Network tab. Even if you encrypt/decrypt the content, you’re already opening the door for anyone with malicious intent to exploit, given they put the effort to crack it. Also, always aim to minimize requests to the server, the only time not to, is when it is money making feature. Best of luck & keep on growing!
@Irfan Ismail Are you saying do NOT do a real time request to server as the user types.. to show validation of email? I see a lot of sites do this.
@Kevin Duffey You’re right, but It’s a bad practice and a terrible experience for the users with a slow internet
@Muhawenimana janvier I generally agree.. but there is some convenience in not having to use the enter key and seeing it narrow down results as you type. What I had come to the conclusion was using a timeout to send the request if the user isn’t typing for 2 seconds or so.. like start the timer every time a key press happens.. and if it times out.. the user paused/looked away/etc.. that way you’re making a lot less calls.
Positive:
I really like the UX of the password insert. It’s very reactive, and the user can clearly see which conditions are met.
I also agree that you should go at it the way that feels good to you. There are always more “correct” ways of doing stuff, but sometimes you gotta do it your way.
Negative:
I think the proposal is lacking. You justified the idea by giving 2 examples of existing problems but did not showcase actual solutions.
How will your platform make it easier to learn? how will it encourage students’ engagements, considering every course owner today has a dedicated discord?
These are the core concepts of your product and should be defined before writing any code.
Also be wary that this is a community-based product, aka an egg and a chicken problem. Creators won’t spend time on a platform with no students, and students won’t pay money for courses in a low-activity site, or even check it out, considering they have such cheap existing options.
Great feedback! Thank you!
I do realise there is a lot of stuff I need to cover, and things to discuss, and deeper information about the proposal. I definitely didn’t want too go too deep into detail as this video would have ended up like an hour long! Everything should clarify itself as we move on through the series!
As per the community based product, this is also a reason why I want to make it a platform for me to host my own courses, get users to come over and start being active, and then continue expanding to attract external creators!
These are valid comments but I just want to say that I’ll definitely make a course on your platform when it’s finished! Keep it up, Filip!
Also, I love the confetti that appears when you sign up. You should do something similar after each user completes a course module. Something to celebrate the progress. That’s one thing I think Udemy is lacking.
@Comp Sci Central Yeah! Udemy seems too dry.
great idea filip. I love community where you can ask question without fear of criticized by others. for the authentication and password, it better to use third party than hashing by yourself.
I use bycrypt for hashing and next-auth for authentication 😎
Very best luck to you fillip!
I like your content and the way you express your content with great humor!
As for the idea – I think that the fact that you are building something with this scale is a great step!
I dont understand what is uniqe about your idea but there is a lot you havebt told us probably….
Way to go and good luck!
I personally like how you’re thinking through every possibility of a security or system breakdown and proactively working against it. I think with the help of this video, I’ve gotten some new insights on how I should validate and secure user inputs and simplify the user experience at the same time.
Really looking forward to seeing this progress as a mini series. Hopefully it’ll give me some inspiration!
Hey Filip, I am really looking forward for this series and i really want you to share all your experiences, challenges, and thoughts, throught this journey, because I think this will help me and other in their future careers.
I was just wondering, but maybe for your startup, you could add a code editor? I know it seems a bit out of reach but I think it could benefit the users as it could add more interaction between the courses and the code you are learning. It’s a great idea you have and it could be a really profitable startup! i doubt you’re gonna see this but just putting it out there
I read all the comments (especially startup ones)! This is a great idea and definitely something I already thought about and will consider. Someone previously pointed out it would be cool to have sections in the video, and wherever someone clicks, the code in the editor would adjust accordingly. There is a lot of cool possibilities to make it much better? Thanks for the feedback!
Great sharing this, the biggest advice I can share is its never all about tech skills for it to be sucessful, business skills are needed too.
This is so correct!
What a great idea to film your process and a coincidence for me to stumble upon this video.
I myself am in the last week of finishing a GTM edition of my SaaS product. I developed it the past 2 years 100% alone and felt like living on an island, missing many social events and solving pieces of code in my head, while on a holiday with my girlfriend.
The first year was making it work for my own company while learning to develop and the second was knowing how to develop and focused on the first market edition.
I closed the first 5 recurring customers and that’s a proud moment living and breathing it for such a long time. It’s a life changing journey. Even if it will not become successful, the journey is amazing.
Might be still a fun idea to share the story like you, but then from GTM onward 🙂
Thanks for this! It’s very inspiring! Did you work on it everyday, consistently? What were your biggest mistakes? I need to know!! 😁
Great video Filip! And a great idea to document your journey. The information that you are going to will be share really helpful for the people willing to start their own SaaS, like me. Best of luck man.
Good project.
Saving Card info imply you should be PCI compliant which imply a bunch of stuff to setup. Maybe you should better store them in another system like Stripe (if you use it as a payment processor).
Everything you said about stackoverflow is soooo true
I like your idea 💡
I really like your video. I have also been thinking on starting the same type of video series for my journey.
One honest feedback as a Test Engineer, you should never revel the list of user id, right now any one get the list of all user data – email id which can easily be sold off or used for any digital marketing. There should be some other way so just showing the complete list of users to the open world
I like your idea for the series a lot. I really hope that you manage to bring it further down the road and launch it.
I wanted to share some feedback about the functionality side. This email validation for taken email accounts looks cool but is a big security vulnerability… The user can “guess” some email addresses that are registered with some type of brute force. e.g. There is a leak somewhere and I have a list of email addresses and passwords. I can try them all here to see if someone is registered and try the same password. There is a big chance that the password will match since most of the users use one password everywhere. Apart from that you are fetching all email addresses that start with the first part on @ – this makes things for the hackers a lot easier to scan your whole user database 🙂 In my opinion this instant verification is not worth it. Also from UX standpoint, why would the user need this. He has an email and tries to enter it – if the email is taken then he has an account already and just forgot – no need for instant verification. What I am trying to point is that this brings almost no value to the end user experience and introduces a huge security vulnerability.
Nevertheless I like what you are doing and even if the business idea fails it will still be a valuable experience for you and for everybody watching so I will try to follow it as well.
Thank you!! And thanks for this. I genuinely really appreciate you taking your time to give me this information. Now thinking about it, I totally have to agree with you. It does case some sort of a security risk. All the checks are actually done on the backend (what I showcased was just for visual purposes, I don’t send back emails to the client) – the problem is however, that my UI sign-up is a step process, and I need to validate on the go. I have to agree that technically letting a user know an email is taken can give someone advantages. I could fix that by just replacing the error message with “email validated” or something along those lines (more of an ambiguous message). Other than that, like I mentioned, I don’t see other security risks as everything is checked on the server, and a status code is the only thing sent back! 😎 but still… someone could internet the status code… but how far do I want to take this? 😅
Hey Filip! Great content! Keep it up.
I have a small question regarding the email checking functionality. More specifically checking whether or not the email has already been used. This makes for a great user experience, but isn’t this some sort of a security risk? If someone looked at the network tab, they would be able to identify user email addresses stored in your backend.
Thank you! This is absolutely correct, I’ve already had someone just before you leave a message about this. This is an awesome aspect of having a whole community engage, so thank you. I think I will either have to remove the message, or change the error message to something much more ambiguous. Would you have any suggestions? ☺️
@Filip I don’t really know of a way that would be as fluent as yours. Every other way I can think of will require an additional call to the backend when the user has finished typing.
The trick would be to make that call as fast as possible to minimize the delay in the validation. Something like cached data or a collection optimized specifically for email lookup. Something like that. I think it might be difficult to find a proper solution, but I am looking forward to the rest of the series and seeing how your software progresses 🙂
First of all: A really great initiative to build a saas and let us follow your process and be part of it! Loved the idea and instantly became a subscriber! 🙂 I am a full-time web developer myself and also have a dream of starting my own company!
I noticed one thing. When signing up for an account using an email that was already taken I noticed that your API response was that the email has already been taken. It’s great user feedback, but my question is: Do you really want to reveal that detail, if the web application is going to be secure. Thinking about that you just revealed half the user credentials of an existing user. This way you can sit and potentially figure out emails of existing users and afterward crack the passwords to gain access to their accounts. If you instead just said something went wrong or gave a specific error code, the user wouldn’t know that the email already existed in the database. I know it’s small shoes, but questions like these are asked many times during my 9 to 5 hours.
PS: I really loved your way of handling password validation. It’s a nice twist instead of the traditional boring message telling you to add a special character or a number.
Came to say the same thing. Flip, you’re giving up your entire user database.
I wasn’t going to make this comment until I got to the 13 minutes mark and heard you also plan to store credit card numbers… Even if “hashed” this is a huge responsibility which has quite a few legal requirements in various countries.
With that said I’m looking forward to the rest of the series focusing on the business aspects of your project.
I’m looking forward to seeing what you do, I subscribed. By the way – that feature to check previously used emails is cool, but it’s also an easy way to leak user data. It makes more sense to do the check in the backend instead of the frontend. I wouldn’t even risk loading it in memory with an API call to the client. Backend is definitely the way to go for a feature like that. I might also be concerned with processing that when there are a lof of users; so using a data structure like a map might be a good call there.
Great video! I would love to take a look at the code because I work with NextJs and React for my current job and saw a few things that could be improved upon! No criticism though because it if works it works!