SpringLaunch API - Spring Boot 4.1.0 SaaS boilerplate — skip the auth setup
by•
Production-ready Spring Boot 4.1.0 boilerplate with JWT auth,
Google OAuth2, email verification, password reset, Docker, CI/CD,
and 7 doc guides. 42 tests passing. Start building on day one.
Replies
Best
Maker
📌
Hi Product Hunt! 👋
I'm Sujan, a solo developer from Nepal.
Every time I started a new Spring Boot project,
I spent 2-3 weeks building the same things:
→ JWT authentication
→ Email verification
→ Forgot password flow
→ Google OAuth2
→ Docker setup
→ CI/CD pipeline
So I packaged all of that into SpringLaunch API.
What makes it different:
• Spring Boot 4.1.0 (released June 2026 — very latest)
• Argon2id password hashing (OWASP recommended)
• HTTP-only cookie refresh tokens (not localStorage)
• 42 tests included — unit, slice, context
• 7 documentation guides
• Docker Compose + GitHub Actions CI ready
Built for solo developers and small teams who want to
skip the boilerplate and start building their actual product.
Happy to answer any questions about the tech decisions!
Report
Ran the boilerplate locally and had auth endpoints responding in under 10 minutes, the docker compose setup just worked without any fiddling. Honestly impressed by how thorough the docs are, especially the security checklist.
Report
Maker
@atakank18468 Thank you so much for actually running it locally — that means a lot!
The Docker Compose setup was something I spent extra time on. I wanted buyers to go from clone to working API in one command, not spend an hour configuring PostgreSQL.
The security checklist came from my own mistakes honestly. I kept forgetting things like cookie Secure flag, CORS origins, JWT secret rotation — so I documented everything I wish someone told me on day one.
If you run into anything or have suggestions for the docs, I am all ears. Always improving it.
Replies
Ran the boilerplate locally and had auth endpoints responding in under 10 minutes, the docker compose setup just worked without any fiddling. Honestly impressed by how thorough the docs are, especially the security checklist.
@atakank18468 Thank you so much for actually running it locally — that means a lot!
The Docker Compose setup was something I spent extra time on. I wanted buyers to go from clone to working API in one command, not spend an hour configuring PostgreSQL.
The security checklist came from my own mistakes honestly. I kept forgetting things like cookie Secure flag, CORS origins, JWT secret rotation — so I documented everything I wish someone told me on day one.
If you run into anything or have suggestions for the docs, I am all ears. Always improving it.