The Laravel SaaS Starter Kit
so good, you ship in days.
Stop paying BaaS providers that charge more as you grow. SaasKitFy gives you the full source code — auth, billing, multi-tenancy, RBAC, and a full admin panel — on your own server, under your control.
One-time purchase · Full source code · Deploy anywhere
Three apps. Three responsibilities.
Zero dependencies.
Unlike kits that bundle everything into one monolith — married to Vercel, or locked into PHP-rendered views — SaasKitFy separates each concern into its own deployable app. Scale, host, and optimize each one independently.
Backend API
LaravelREST API with Sanctum auth, Cashier billing, queues, events, and all business logic. Stateless. Horizontally scalable. Deploy on any PHP host — $5 VPS, shared hosting, or AWS.
- 50+ API endpoints
- 5 payment gateways
- 14 admin controllers
- Queue workers & Redis
Frontend SPA
React + TypeScriptType-safe single-page app with TanStack Query, Zustand, and Shadcn UI. Static build — serve from any CDN, S3 bucket, or Nginx. No Node.js server needed in production.
- Static build (no SSR needed)
- Serve from CDN or Nginx
- Dark mode & theme presets
- Fully typed components
Marketing Site
Plain PHPZero dependencies. No framework, no build step, no Node.js. Loads instantly on any $3/mo shared host. i18n with JSON files, SEO with structured data, theme toggle — all in vanilla PHP.
- Zero dependencies
- i18n with JSON files
- SEO & structured data
- Any PHP host ($3/mo)
Why this matters
Your marketing site gets 100x more traffic than your app. With separate apps, you cache and scale each tier without affecting the others.
Next.js kits need Vercel. Nuxt kits need Netlify. SaasKitFy runs on any server — from a $5 VPS to bare metal.
Backend devs work in Laravel. Frontend devs work in React. Marketing edits PHP templates. No one blocks anyone else.
Stop renting your backend
from BaaS providers
Firebase, Supabase, and Clerk are great for prototypes. But when your SaaS takes off, you're stuck with bills that scale with your success. SaasKitFy runs on your $5/mo VPS — whether you have 10 users or 10,000.
- $25-500+/mo that grows with every user
- Vendor lock-in — migration is painful
- Limited customization of auth and billing flows
- Data lives on someone else's servers
- Rate limits and quotas you don't control
- One-time purchase, $0/mo recurring
- Full source code — modify anything
- Complete control over every auth and billing flow
- Your data, your servers, your rules
- No limits — scale as far as your server goes
Authentication
Five auth methods, MFA, account lockout, and session management. No Clerk, no Auth0 — it's all in your codebase.
Registration with validation and bcrypt hashing. Account lockout after 5 failed attempts (15-min cooldown). Password reset via signed email links. Toggleable from admin panel.
One-time login links via email. 15-minute expiry, single-use tokens. JIT provisioning — auto-creates accounts for new emails when registration is enabled.
Four providers via Laravel Socialite. JIT account creation on first login. Auto email verification. Avatar sync. Enable/disable each from admin without code.
Google Authenticator-compatible TOTP with QR setup, 6-digit verification, and 8 encrypted recovery codes. Admins can enforce MFA org-wide for compliance.
Global or per-org IdP configuration. Supports Okta, Azure AD, any SAML 2.0 provider. Domain verification, auto-provisioning, attribute mapping, and forced SSO mode.
Multi-Tenancy & Teams
Organization workspaces with invitations, roles, and automatic data isolation. Supports both multi-org and personal workspace modes.
Users create and switch between organizations. All queries auto-scoped to active org via middleware. Two tenant modes: multi-org (B2B) or personal workspace (B2C).
Invite by email with role assignment. Token-based with expiration and revocation. Existing users get in-app notification; new users guided through registration. Seat billing auto-syncs on accept.
Owner, Admin, Member with granular permissions. Create custom roles via admin panel. Frontend <Can> component and backend org.can middleware for access control.
Transfer ownership to another admin. Members can self-remove. Org-level MFA enforcement. Org admins can view and revoke sessions for all members.
Billing & Subscriptions
Stripe, Paddle, MercadoPago, Lemon Squeezy, and PayPal. Switch gateways from the admin panel — no code changes.
Stripe, Paddle, MercadoPago, Lemon Squeezy, and PayPal — each with live & test modes. Same BillingGateway interface. Configure credentials from admin settings.
Recurring (monthly/yearly), One-time, Per-seat (price × members), Metered (base + usage), Credits (buy a pack). Each with features, limits, trial days, and per-gateway price IDs.
Configure included seats and per-extra-seat price. SeatSyncService auto-updates the gateway quantity when members join, leave, or invitations are accepted.
Gate routes with entitled:feature middleware. Enforce limits: $org->isOverLimit(). Check remaining quota. Frontend /entitlements endpoint returns access & limits for current org.
Admin Panel
Manage users, organizations, plans, emails, feature flags, queues, and every setting — from one dashboard.
Total users (verified, suspended), total organizations, signup rates, 30-day growth charts, recent audit events, and top 5 orgs by member count.
Search by name/email. Suspend/unsuspend. Delete. Assign/remove global roles. Impersonate any user with a 1-hour scoped token.
App branding, auth providers, SSO config, 5 billing gateways, mail drivers (SMTP, Mailgun, Postmark, Resend, SES), storage (S3/R2), onboarding, theme presets, and infrastructure settings.
Audit logs with event/user/IP filtering. Queue monitoring with retry/purge. System health checks for database, Redis, cache, queue, mail, and storage connectivity.
Everything included, nothing hidden
Every feature is built, tested, and ready for production.
API Keys
Per-org keys with SHA-256 hashed storage, scoped permissions, per-key rate limits, and expiration
Webhooks
HMAC-SHA256 signed delivery, event filtering, delivery tracking, and queued retry logic
Feature Flags
Percentage rollouts, user & org targeting, deterministic evaluation, admin toggle
Audit Logs
Tracks every mutation with user, IP, user agent, and old/new value diffs
Usage Metering
Record custom metrics per org. Daily series for charts. Ties into metered billing
File Uploads
Avatars, org logos, signed URLs for private files. S3 and Cloudflare R2 compatible
Notifications
Email + in-app channels. 11 notification classes. Unread count, mark read, delete
Email Templates
12 editable templates with variable substitution, preview, test send, and reset
Session Management
View active sessions with IP & user agent. Revoke individual or all. Org-level view
Security
Rate limiting, account lockout, CSP headers, CSRF, hashed keys, token expiration
Modular Architecture
Add features in /Custom directories. Routes, controllers, models, nav — all separate from core
Example Module
Projects with CRUD, comments, permissions, webhooks, and plan limits as a reference
Built on a battle-tested stack
Technologies trusted by thousands of production applications.
Laravel
Sanctum auth, Cashier billing, Queues, Events, Notifications, and Socialite pre-configured.
React + TypeScript
Type-safe SPA with React Router, TanStack Query for data fetching, and Zustand for state.
Tailwind + Shadcn UI
Beautiful, accessible components. Theme presets, dark mode, and sidebar customization.
PostgreSQL / MySQL
Full migration suite with seeders. Works with both databases out of the box.
Redis
Cache, sessions, and queue driver. Optional — falls back to database drivers.
5 Payment Gateways
Stripe, Paddle, MercadoPago, Lemon Squeezy, and PayPal. Switch from admin panel.
Up and running in minutes
Get started in minutes, ship in days.
Clone & Install
Clone the repo, run composer install and npm install. Docker Compose handles MySQL, Redis, and Mailpit.
Configure & Seed
Set your .env, run migrations and seeders. Configure plans, branding, and auth providers from the admin panel.
Build Your Product
Add your features in the /Custom directories. The modular architecture keeps your code separate from the core.
Ready to own your SaaS stack?
Stop renting your backend from BaaS providers. Get the full source code, deploy on your own server, and keep 100% of your revenue.