Everything a B2B SaaS needs on day one
Replace this page with your product's feature story. Until then, it documents what the boilerplate itself gives you.
Authentication
Sign up, sign in, and stay secure
Email and password authentication with bot protection, password reset, session management, and TOTP two-factor authentication. New signups land in their own workspace with a trial already running.
- Registration with Cloudflare Turnstile
- Password reset over email
- TOTP two-factor authentication with QR setup
- Session revocation and login throttling
Workspaces
Multi-tenant from the first migration
Accounts are the tenant boundary. Every domain record you add is scoped with acts_as_tenant, URLs carry the workspace slug, and background jobs restore tenant context automatically.
- Workspace creation, switching, and settings
- Slug-scoped URLs (/w/your-team/…)
- Automatic tenant scoping on queries and jobs
- Workspace logos and timezones
Team Management
Invite teammates with the right access
Owners invite people by email with a role. Invitations expire, can be resent or revoked, and count toward plan seat limits. Roles gate everything: viewers read, editors manage content, owners run the workspace.
- Email invitations with expiry and resend
- Viewer / editor / owner roles via Pundit policies
- Seat limits enforced from plan entitlements
- Member deactivation and removal
Billing
Trials, plans, and Stripe checkout
Signup creates a 14-day trial with full entitlements — no card required. Upgrading goes through Stripe Checkout; managing payment methods goes through the Customer Portal. Webhooks keep local state in sync.
- Automatic trials on signup
- Stripe Checkout and Customer Portal
- Entitlement limits synced from product metadata
- Offline fake billing for local development
Developer Platform
OAuth API, MCP server, and webhooks
A Doorkeeper OAuth 2.0 provider secures the REST API and the MCP endpoint. Owners mint scoped API keys in the UI; AI clients register themselves via dynamic client registration and discover the auth server per RFC 9728.
- REST API v1 with rate limiting and OpenAPI reference
- MCP server with whoami and webhook tools
- Workspace-scoped API keys with scopes
- HMAC-signed outbound webhooks with retries
Take it for a spin
Sign up, invite a teammate, start a trial, and call the API — the whole journey works out of the box.