Most solo founders over-build the backend. They wire up nine tools before the first customer shows up, then spend more time gluing services together than shipping. The truth is narrower: what’s the 4-API stack that runs a solo SaaS? It comes down to four jobs — take money, email your audience, email individual users, and store data with logins — and one well-chosen API for each. This is the exact stack behind 500k.io, picked after testing the alternatives and cutting everything that didn’t earn its place. Prices are mid-2026 and every one of these vendors reprices; check the live pricing pages before you commit.
By the end you’ll have the four jobs mapped to four APIs, the real monthly cost at three growth stages, the order to wire them so you don’t redo work, and the failure modes that bite founders in production.
The four jobs a solo SaaS backend has to do
Strip a one-person software business down and the backend is four responsibilities. Everything marketed as essential beyond these is, for a pre-revenue or early-revenue founder, premature.
Take the money: Stripe
Stripe is the payments layer, and there is no real debate here for a solo founder. It charges 2.9% + $0.30 per successful card transaction in the US, with no monthly plan fee, per Stripe’s pricing. On a $20/month subscription that’s $0.88, or about 4.4% — the percentage feels bigger at low price points, which matters when you set your tiers. The part founders underestimate isn’t checkout, which takes an afternoon; it’s webhooks. Stripe tells your app what happened (payment succeeded, subscription cancelled, card failed) by posting events to an endpoint you have to build and verify. Skip that and your database silently drifts out of sync with who’s actually paying. Budget a day for Checkout, then a second day for webhook handling and the failed-payment retry flow Stripe calls dunning. That second day is the one that protects revenue.
Email your audience: Beehiiv
Beehiiv handles audience email — the one-to-many newsletter that turns readers into a list you own. The free Launch plan covers up to 2,500 subscribers, and paid plans start around $49/month at the 1,000-subscriber tier, scaling with list size per Beehiiv’s pricing. It’s built for the job a generic email API is bad at: deliverability at volume, signup forms, segmentation, and monetization through its ad network. We moved here deliberately — the reasoning is in why I deleted Substack for Beehiiv. The hard line to hold: Beehiiv is for broadcasts to your audience, never for receipts or password resets. The moment you route transactional mail through your newsletter sender, one spam complaint about a marketing email can tank delivery of the login codes your users actually need.
Email individual users: Resend
Resend is the transactional layer — one message to one person, triggered by your code: welcome emails, magic links, password resets, receipts. The free tier is 3,000 emails/month capped at 100/day, and the Pro plan is $20/month for 50,000 emails, per Resend’s pricing. That 100/day cap is the trap: it’s generous for a side project and instantly too small the week you get real signups, so plan to upgrade before a launch, not during one. The non-negotiable setup step is domain authentication — SPF, DKIM, and DMARC records on your sending domain. Skip it and your magic links land in spam, which reads to the user as “this product is broken.” Resend’s developer experience is the reason it wins for solo builders: templates in React, a clean API, and logs you can actually read when something bounces.
Store data and logins: Supabase
Supabase is the data and auth layer — Postgres, authentication, and file storage behind one API. The free tier includes 500 MB of database, 50,000 monthly active users, and 2 projects, and the Pro plan is $25/month per project with 8 GB of database and 100,000 MAUs, per Supabase’s pricing. For a solo founder it replaces three separate services with one, which is the whole point: fewer moving parts to wire, monitor, and pay for. Two things to know going in. The free tier pauses a project after one week of inactivity, so a quiet side project goes to sleep and the first visitor back gets an error. And Row Level Security — the rule layer that decides who can read which rows — is the single most common way solo founders ship a data leak. Configure RLS on day one, not after launch.
What this stack actually costs, at three stages
The headline numbers above are plan prices. The number that matters is what you pay at your stage, and which API forces the first bill.
Stage 0 — pre-revenue: $0/month
Before you have customers, the entire stack runs free. Beehiiv’s Launch plan carries your first 2,500 subscribers, Resend’s free tier covers 3,000 emails a month, Supabase’s free tier handles 50,000 monthly active users, and Stripe charges nothing until someone actually pays you — it takes a cut per transaction, not a monthly fee. So the honest fixed cost of a solo SaaS backend at the building stage is $0/month. This is why “I can’t afford to start” is rarely a real constraint at this layer; it’s the same logic behind the $0 stack of 12 free tools. Your runway on free tiers is long enough that the thing forcing you to upgrade should be growth, not the bill. If you’re paying for backend infrastructure before you have users, you bought too early.
Stage 1 — first subscribers: which API bills you first
As you grow, the four APIs don’t start charging at the same time, and knowing the order lets you plan cash flow. Beehiiv bills you first, when your list crosses 2,500 subscribers and the Launch plan ends — roughly $49/month at that point. Resend is second: you hit the 3,000-emails-a-month or 100-a-day ceiling once signups and notifications pick up, pushing you to the $20/month Pro tier. Supabase usually comes third — 50,000 monthly active users is a lot of runway for an early product. Stripe never sends a plan bill; it just takes 2.9% + $0.30 as revenue arrives. So the first real invoice in a solo SaaS is almost always the newsletter, which is fitting: it bills you exactly when your audience becomes an asset worth monetizing, the math behind premium newsletter tier pricing.
Stage 2 — scaling: the ~$130/month floor
Once you’re at real traction — call it $2-5K MRR, a few thousand subscribers, steady signups — the fixed cost settles into a narrow band. Beehiiv runs roughly $49-99/month depending on list size, Supabase Pro is $25/month, and Resend Pro is $20/month, for a fixed floor of about $115-145/month. On top of that sits Stripe’s variable cut: at $3,000 MRR across, say, 200 subscribers, that’s roughly 2.9% + $0.30 per charge, or about $130/month in processing. So the all-in backend cost of a solo SaaS doing a few thousand a month is on the order of $250-280/month, with Stripe’s share scaling with revenue and the rest staying flat. That flat-vs-variable split is the useful part: three of your four APIs cost the same whether you do $3K or $5K, so margin improves as you grow.
Where each API breaks (the parts nobody warns you about)
Plan prices are easy to compare. The failures that cost you a weekend are not on any pricing page.
The transactional-vs-marketing email mistake
The single most common way this stack breaks is collapsing two email jobs into one tool. Founders see “Beehiiv sends email” and route password resets through it, or see “Resend sends email” and blast a newsletter from it. Both backfire. Beehiiv optimizes for one message to thousands and ties your sending reputation to marketing engagement; a wave of spam complaints on a promo can delay the login code a user is waiting on right now. Resend optimizes for one message to one user and isn’t built for list management or unsubscribe compliance at newsletter scale. Keep audience email on Beehiiv and transactional email on Resend, on separate sending domains or subdomains. This is the rule that protects deliverability on both sides, and it’s the one most solo founders learn the expensive way, after their reset emails start landing in spam.
Supabase’s two free-tier traps
Supabase’s free tier is generous, but two defaults catch founders. First, a free project pauses after one week of inactivity — fine for a busy app, a real problem for a side project that goes quiet, because the next visitor hits a paused database and sees an error that looks like your product died. If a project matters, the $25/month Pro tier removes the pause. Second, and more serious: Row Level Security is off by default on tables you create through some flows, and RLS is what decides which user can read which rows. Ship without it and any authenticated user can often query everyone’s data — a quiet data leak you won’t notice until someone else does. The fix is cheap if it’s first: enable RLS and write the access policies on day one, before there’s real data to expose.
Stripe webhooks: the half everyone skips
Stripe Checkout is the half founders finish; webhooks are the half they skip, and it’s the half that keeps your records honest. Checkout takes the payment, but it’s the webhook events — checkout.session.completed, invoice.payment_failed, customer.subscription.deleted — that tell your app to grant access, flag a failed card, or revoke a cancelled plan. Without verified webhook handling, your database slowly drifts out of sync with who’s actually paying: users keep access after cancelling, failed payments go unnoticed, and your revenue numbers stop matching Stripe’s dashboard. The trap is that everything looks fine in testing, because you tested the happy path. It breaks in production, on the edge cases — the declined renewal, the chargeback, the mid-cycle cancellation. Build webhook handling on day one of payments, and verify the signature on every event so a forged request can’t grant free access.
How 500k.io wired this exact stack
This isn’t a stack we read about. It’s the one running underneath 500k.io, and the order we built it in saved real rework.
The build order that avoids rework
We wired it back-to-front: data and auth first, payments second, email last. Supabase went in on day one because every other piece reads from it — there’s no point sending a receipt or granting a paid feature before there’s a user record to attach it to. Stripe came next, with webhooks writing subscription state straight back into Supabase, so “who’s paying” lives in one place. Email went last because both Beehiiv and Resend are triggered by events the first two layers produce: a new row triggers a welcome email, a Stripe webhook triggers a receipt. Building in that order meant each layer had something real to connect to when we added it. Wire the system of record first, the money second, and the messages last — do it in reverse and you rebuild the connections twice.
What we’d do differently
Two things, in hindsight. We turned on Resend’s domain authentication late, and paid for it with a stretch of magic links landing in spam — the kind of bug that reads to users as a broken product when it’s really three missing DNS records. Do SPF, DKIM, and DMARC the same hour you create the Resend account, not the week after launch. The second: we under-used Supabase’s Row Level Security at the start, leaning on application code to gate data instead of the database itself. That works until one missed check exposes a row it shouldn’t. Pushing the rules down into RLS from day one would have been less code and a smaller attack surface. Neither mistake was expensive to fix early; both would have been painful to fix after a leak. Your own setup will differ, so treat these as defaults to pressure-test, not laws.
Wire your own this week
You can stand up all four APIs in a normal work week without rushing. Here’s the sequence.
Days 1-2: data, auth, payments
Start with Supabase: create the project, model your core tables, turn on Row Level Security, and write the access policies before any real data exists. Wire authentication next — Supabase’s built-in auth covers email, magic link, and OAuth, so you rarely need a separate provider. Then add Stripe: build Checkout for your tiers, then immediately build and verify the webhook endpoint, pointing the key events at functions that write subscription state back into Supabase. By end of day two you should be able to create a user, take a test payment, and see that payment reflected in your database without touching the Stripe dashboard. That round-trip — signup to paid status, fully automated — is the spine of the whole product, and it’s worth getting right before you add a single email.
Days 3-5: email and go live
With data and money flowing, add the two email layers. Create the Resend account and set up SPF, DKIM, and DMARC on your sending domain the same hour — this is the step that decides whether your transactional mail lands in inboxes or spam. Wire the core transactional emails (welcome, magic link, receipt) to fire from the events your first two layers already produce. Then connect Beehiiv for the audience side: embed the signup form, and pipe new users into your list so audience-building starts on day one. Spend the last day testing the unhappy paths — a failed payment, a cancelled subscription, a reset request with a typo’d address — because that’s where this stack breaks in production. Then ship. For the wider tool set around this core, see the best AI tools for solopreneurs and the minimum viable AI stack.
The stack, pulled together
So the 4-API stack that runs a solo SaaS is four jobs and four APIs: Stripe for payments, Beehiiv for audience email, Resend for transactional email, and Supabase for data and auth. It costs $0 to start, bills you first through Beehiiv at 2,500 subscribers, and settles around $115-145/month in fixed cost at scale — three of those four staying flat while Stripe’s share rises with revenue. The decisions that matter aren’t which tools, they’re the details: split transactional from marketing email, enable Row Level Security on day one, and build Stripe webhooks before you launch.
The point of keeping the backend this small is that it leaves your attention for the part that actually grows the business — the product and the audience. 500k.io documents that build in real time, with the real invoices, as the stack gets stress-tested from the first paid user toward $500K ARR.
FAQ
What is the 4-API stack that runs a solo SaaS?
Four APIs that cover the four backend jobs: Stripe for payments, Beehiiv for audience email (your newsletter list), Resend for transactional email (receipts, magic links, password resets), and Supabase for data plus authentication. Everything else — analytics, support, CRM — is optional until you have real volume.
How much does this stack cost per month?
$0 to start: all four have free tiers and Stripe only charges when you get paid. The first paid bill is usually Beehiiv at 2,500 subscribers (~$49/mo). At roughly $2-5K MRR the fixed cost is about $115-145/month (Beehiiv + Supabase Pro $25 + Resend Pro $20), plus Stripe's 2.9% + $0.30 per transaction.
Why not send all email through one tool?
Because audience email and transactional email have opposite requirements. Beehiiv is built for one message to thousands of subscribers; Resend is built for one message to one user, triggered by code. Sending receipts through Beehiiv or newsletters through Resend wrecks deliverability on both. Keep them on separate APIs.
Which API forces you to pay first as you grow?
Beehiiv, almost always — its free Launch plan caps at 2,500 subscribers. Resend is second (free tier is 3,000 emails/month, 100/day). Supabase's free tier (50,000 monthly active users) usually lasts the longest. Stripe has no plan fee at all — it takes a percentage per charge.
Do I need Supabase, or can I use something else?
Supabase is the default because it bundles Postgres, auth, and storage behind one API with a generous free tier. You can swap it for Neon + Clerk, or Firebase, but you'll be wiring two services instead of one. For a solo founder, fewer moving parts wins.