A production FastAPI backend with multi-tenant teams, TOTP 2FA, Google & GitHub login, usage quotas, and signed customer webhooks — the features every B2B customer asks for and every $99 starter skips.
No video, no mockups. These are the actual endpoints and the actual JSON LaunchKit Pro returns. Click around — this is what you're buying.
Each one is wired end to end — models, routes, dependencies, and tests — not a TODO comment.
JWT access tokens plus rotating single-use refresh tokens — a stolen refresh token dies on first reuse. Email verification, forgot/reset password, all audit-logged.
TOTP with QR provisioning for Google Authenticator and Authy. Eight hashed single-use recovery codes. Login returns a 5-minute challenge_token instead of credentials.
Organizations with owner / admin / member roles, 7-day email invitations, and a one-line require_role("admin") dependency to gate any route you write.
Google and GitHub OAuth with signed state tokens, automatic account creation and linking, and GitHub's private-email edge case handled for you.
Issue and revoke keys for programmatic access. SHA-256 hashed at rest — a database leak leaks nothing. Last-used tracking and an X-API-Key auth dependency included.
Per-plan monthly quotas with 402 enforcement and a /usage/me endpoint. Sell usage-based pricing on day one instead of bolting it on at month six.
Your users register endpoints; deliveries carry an HMAC signature in Stripe's exact t=,v1= scheme, retry three times, and land in an inspectable delivery log.
Subscription checkout, customer portal, and signature-verified idempotent webhooks that keep user.plan in sync automatically — duplicates are detected and dropped.
Logins, 2FA changes, and team events recorded with IP automatically. Users see their own history; admins query everything. Add yours with one audit() call.
Per-IP rate limiting (Redis-ready), request-ID tracing on every response, DB-checked health endpoint, Docker Compose, and GitHub Actions CI on Python 3.11 + 3.12.
Three flows that separate a starter from a product — exactly as they ship in the box.
The features below only existed together in Django boilerplates priced up to $999. In FastAPI, they didn't exist at any price.
| Capability | LaunchKit Pro | Typical $99 FastAPI kit | ShipFast (Next.js) | SaaS Pegasus (Django) |
|---|---|---|---|---|
| Teams + role-based access | ✓ owner/admin/member | — | — | ✓ |
| TOTP 2FA + recovery codes | ✓ | — | — | ✓ |
| Google / GitHub login | ✓ | sometimes | ✓ | ✓ |
| Usage quotas / metering | ✓ per-plan, 402 enforced | — | — | partial |
| Signed customer webhooks | ✓ Stripe-style HMAC | — | — | — |
| Stripe subscriptions | ✓ idempotent webhooks | basic | ✓ | ✓ |
| Audit logging | ✓ with IP | — | — | partial |
| Async-first Python | ✓ SQLAlchemy 2.0 | varies | n/a | sync core |
| Test suite included | ✓ 22 integration tests | rare | — | ✓ |
| Price | $399 launch | ~$99 | $199 | $249–$999 |
Comparison based on publicly listed features as of mid-2026. ShipFast and SaaS Pegasus are excellent products in their own stacks — they're just not FastAPI.
Commercial license: build as many products and client projects as you want. One license per team. No subscriptions, no per-project fees.
pip install -r requirements.txt, copy .env.example, start uvicorn. SQLite works out of the box, so there's no database to set up for development. Interactive docs are live at /docs in under two minutes.pytest before you write a single line — 22 integration tests cover the full 2FA login flow, RBAC enforcement, quota exhaustion, refresh-token rotation, and webhook signature verification against a mock receiver. CI runs ruff and the suite on Python 3.11 and 3.12.Skip to the part only you can build.
Get LaunchKit Pro — $399