See the hard parts
JWKS-cached auth, idempotent Stripe webhooks, and race-safe provisioning — the plumbing every SaaS needs and nobody wants to re-write. Architecture
The Unsexy Stack
Boring tech that ships. This is the real architecture, documented from the shipped code, so you can inspect it before you buy.
These docs are the open core of The Unsexy Stack — a
production SaaS boilerplate built on FastAPI + Next.js 15 + PostgreSQL 16 + Clerk + Stripe.
Everything here is documented from the real shipped code. The API Reference is generated
from the product’s own openapi.json — it is a browsable reference of the backend contract,
not a live server.
It ships tested
200 tests (145 backend, 55 frontend), 98% backend coverage, with a real-Postgres integration lane. Testing
Hardened by default
slowapi rate limiting, locked-down CORS, structured request-ID logging, and a 22-item checklist mapped to OWASP ASVS L1. Security
Deploy without lock-in
systemd + nginx + certbot for any $5/month VPS. Docker + CI/CD in the Agency tier. Deployment
What this is (and is not)
Section titled “What this is (and is not)”This is a single-tenant boilerplate by default, with clean patterns to extend for B2B multi-tenancy. It is the clean, complete core: auth and billing wired and tested, with deploy configs included. It is not a tutorial and not a framework that owns you — every dependency is a mainstream, swappable choice behind a clear boundary.
Ready to ship? Get it on the landing page →