The MVP Checklist

Below is the evergreen checklist I use when assessing the scope of a new project. While no list could be fully comprehensive, this one catches most major factors influencing early, potentially-irreversible design decisions.

Authentication

1. Can users create accounts on this app?
   1. If so, how? Email/Password? Or can they log in with Google, Facebook, etc?
   2. If not, are users supposed to be able to create, read, update, or delete (CRUD) things?
      1. If so, they actually do need accounts.
      2. If not, this app will be read-only and accessible to anyone who downloads it. Recommended only for truly public resources like Google Search.
2. Does this app differentiate between internal or external users?
   1. In other words, is this app something your company will be using to interact with customers? (common examples include customer/client/patient portals).
   2. It’s important to ask because it fundamentally influences the nature of the app’s architecture. It needs to be designed with this in mind in order to prevent mid-dev rewrites of the auth structure because someone forgot to mention we need to integrate with their Azure organization.
3. Besides internal/external, can users have different roles?
   1. These would be the more commonly known examples of Admin vs Guest, Editor vs Viewer.
   2. If so, what different permissions does each role give the user?
      1. I.e. who can perform which CRUD operations?
4. Can users interact?
   1. If so, how? Examples:
      1. Buyers/sellers (Etsy)
      2. Friends/Non-Friends (Facebook)
      3. Followers/Non-followers (BlueSky)
      4. Subscribers/Unsubscribers (YouTube)
   2. This question tells me if we need to think about how users appear to each other, whether they should be able to block each other, whether or not they can communicate, do we need reporting/content moderation, etc.

Data

1. In your own words, what types of data are being stored in this app?
   1. Usually, the client will talk in terms of the user’s POV, with answers like “financial information” or “tasks.”
   2. I handle translating that into “int8” or “jsonb.”
2. You mentioned users can store _____ data. What does a ______ record look like?
   1. In other words, I’m trying to get them to think in terms of fields. For example, if they say users can store “tasks,” I’ll ask “What does a task look like? What are the attributes of a task? For example, each task will have a name, a due date, etc…”
   2. If they don’t know, that’s what we have product designers for.
   3. I ask this for each kind of record they mention.
   4. Some data types are implicit and I’ll consider them required even if they aren’t mentioned.
      1. For example, if a client’s describing a social media platform, I’ll safely consider each user needs a profile. Or if they’re describing a task manager for organizations to use, I’ll safely assume we need an Organizations table even if they don’t explicitly say so, because it’s a fundamental requisite of the app’s nature.
3. Can users share data within the app?
   1. For example, if I have a task management app, can I share tasks with other users? Which users?
4. Can users share data outside the app?
   1. For example, if I have a task management app, can I send a link to a task to just anyone on the internet, even if they don’t have an account?
   2. If so, what data? Are there constraints?
      1. For example, Google Drive lets you share links available to anyone on the internet, but you can control what permissions that link grants (View Only/Commenter/Editor).
5. Is any data considered legally sensitive?
   1. Examples would include medical data, social security numbers, bank account/routing numbers or other financial information.

Storage

1. Are users uploading files to this app?
   1. If so, what types of files? (Y/N)
      1. Media (Photo, Video, Audio)
         1. If yes, we’ll talk about what they’re used for and discuss content moderation, security, file size limits, file type limits, and go over storage costs (especially for video).
         2. If they want to host streaming video I’ll do almost anything to talk them out of it and suggest using Vimeo or something else instead, because the overwhelming majority of clients coming to me do not need their own video hosting service.
      2. Code (.json, .ts, .py)
         1. If yes, I put a huge red exclamation point next to it in my notes reminding me to run it past the actual back-end experts who can help me identify potential security vulnerabilities.
      3. Documents (Word, Pages, PDF)
      4. Tabular (.csv, .tsv, .xlsx)
      5. Other (3D models, uncommon application-specific types like .afphoto or .aep)
2. Can users download their own files?
   1. No one has ever said no to this, but I ask anyway.
3. Can users download each others’ files?
   1. If so, are there limits? What does that look like?
      1. Is it like Google Drive where you share something with another user first?
      2. Or is it like each user has their own public bucket for offering free downloads, etc?
4. Can users share files within/outside the app?

Ecommerce

1. Can users use your app for free? Y/N
2. Can users pay your company through the app?
   1. If so, what are they paying for?
      1. Subscription for license to use the app?
      2. Products purchased through the app?
      3. Metered use of the app?
3. Can users buy/sell from each other on the app?
   1. What are they buying/selling?
      1. Subscriptions? (Nebula)
      2. Digital goods? (Gumroad)
      3. Physical goods? (Etsy)
      4. Hotel reservations?
      5. Flights?
4. Who’s responsible for customer service?
   1. I.e. if a user has a complaint about something they bought, how do they resolve it? Do they come to you? How? Via live chat? VOIP? Email?
5. Does your business already have an Ecommerce solution that needs integration with this app?
   1. (Lots of businesses will already have Shopify, for example).
6. Does this app serve users in more than one country?
   1. If so, we’ll have to handle currency exchange.
7. Does this app support payments with cryptocurrency?
   1. If so, apologies in advance to our legal team
8. Do you have an SMTP solution for transactional emails?
   1. Is it different from the one we’re going to use for Auth flows?

Other Integrations

1. Does this application connect or integrate with any third-party API’s?
   1. If yes, are any of them used for:
      1. Analytics? If so, what are they? (good to know for cookie consent)
      2. Ads/Marketing? (good to know for cookie consent)
      3. Data fetching?
2. Will this application have its own API?
   1. If so, can anyone use it?
   2. Can users generate their own API keys?
      1. Are there public vs private keys?
   3. Is usage of the API rate-limited?
      1. Do you already have specific rate limits in mind?
3. Will it integrate with visual automation platforms like Zapier or Make?

Misc

1. Are there any core features of this application that have not been addressed in the previous questions?

‍