🗞 What's New: Finding time for side projects

How do you find time for side projects?

• With all of your responsibilities, it can be difficult to focus on completing a side project. Founders weigh in below about how they remain excited about, and dedicated to, building on the side!
• Finding the right tools to secure your software is sometimes daunting. This guide can help you determine which authorization solutions you need, keeping your project safe and bot free.
• Founder Nikola Velkovski hit $190,000 in revenue in 4 days with his AppSumo launch for HeyReach, a LinkedIn outreach tool. Below, he shares his AppSumo launch strategy, including how his team prioritized stellar customer support.

Want to share something with over 75,000 indie hackers? Submit a section for us to include in a future newsletter. —Channing

⏳ Finding Time for Side Projects

by John Smith

I have a major question: I'm really struggling to find time for my side project. After work, I'm exhausted! Whatever little energy I have left, I devote to my wife and my son.

So, I'm curious, how do you manage to find time for side projects?

Build momentum

Dylan recommends doing something every day, even if it's just for five minutes:

Momentum is key, and missing two days in a row is a huge momentum killer. Even if it's just five minutes, the impact of that time goes beyond that day. It's all about keeping momentum.

I've been working on my side project for two-and-a-half years, and there have been plenty of days when I didn't have motivation. Getting started each day is always the hardest part. Don't make it harder for yourself by feeling like you need to do an hour of deep work on it every day.

Red Bell agrees, and adds the idea of not breaking the chain:

In its simplest form, this is applied by putting an X on your calendar each day you work towards your goal. In the long run, you will see a chain of X's that stretches for days, which becomes weeks, then months. Seeing the X's on your calendar can provide a sense of accomplishment, and deter you from breaking that chain.

Break it into small chunks

Craig Campbell says that if you really want to do it, you'll make the time:

I pulled a lot of all-nighters working on side projects or work projects, often starting on them after my family goes to sleep.

Also, remember that you don't need eight hours a day to work on a side project. Often 1-2 hours before or after your family goes to sleep, or during your lunch break, is enough to keep going. Small chunks of time every day consistently add up over months or years. Two hours per day over the course of a month is 60 hours, and 730 hours a year. That's enough to get a solid MVP up and running in a couple of months, or even the start of a larger polished project over a year. Don't think it has to be completed immediately.

Use the limited time you have. Find hours before or after the family sleeps. Be consistent. Remember that consistent small chunks of time add up over the long haul.

Embpdaniel seconds the advice on consistency:

I also struggle with this, and it's not easy. For me, two practices have been absolute key in meeting some of my side project goals:

1. I wake up at five or six in the morning, and work on my side project until eight or nine. I've realized that I can get a tremendous amount done during that time, since there are zero distractions. My family is still asleep, and no one is emailing or messaging me. Once I'm done, I take a break, eat breakfast or work out, then get ready for work.

2. Staying consistent. Consistency will help build the habit in your mind to the point where your mind won't allow you to not work on your project, even when you don't feel like it. Habits are a powerful thing.

I give myself flexibility on the amount of hours that I work each day. On days that I'm not feeling it, I just work for 15 minutes. The important thing is that you work on it. Even 15 minutes of completely focused work is surprisingly productive.

Before you know it, you will have made some great progress!

Keep the joy

Hans de Ruiter has two suggestions:

1. Choose a side project that you're genuinely interested in. It's easier to work on something that you want to do!
2. Choose a small side project, then simplify it as much as possible. What's the bare minimum you need to deliver a usable MVP?

A small side project that you're genuinely interested in feels both fun and doable, making it easier to work on.

Arthur Barros adds:

It needs to be something that you find joy in doing. It should be kind of like an escape button from other things when you are not feeling motivated.

Keep going! You've got this.

How do you find time for side projects? Share your experience below!

Discuss this story.

📰 In the News

from the Growth Trends newsletter by Darko

💻 LinkedIn has removed native carousels and in-image links.

🔗 Adding internal link modules could improve your organic traffic.

💲 TikTok has become the first app to surpass $1B in quarterly consumer spend.

💸 Google has sold Google Domains in an effort to cut costs.

👀 The customer satisfaction metrics that matter.

Check out Growth Trends for more curated news items focused on user acquisition and new product ideas.

🔐 Adding Auth to Your Project

by Dorota Parad

Finding the right solution to secure your software can be confusing.

We launched Authress over three years ago, and I stay up-to-date on existing products in the auth space. I spend countless hours researching our competition and the broader market, while talking to our users about their needs as software makers.

With this article, I hope to bring some clarity on what parts of auth and data security are relevant if you’re building software, and how to think about the space!

Login

When most people hear “auth,” they think login. Login is authentication, and it’s the first step in securing your software.

Even if you’re building a small project just for yourself, as soon as you host it somewhere outside of your machine, you want to implement some sort of authentication. If it runs on the internet, it has to require login (unless it’s just a static website).

The good news is that it’s really easy to add login to your software, and it will cost nothing if you play it right. The bad news is that it can get really complicated and expensive, unless you know exactly what you need.

Username and password

Username and password may seem like the easiest, most basic thing to implement, but it's not.

It puts you on the hook for storing and processing personal identifiable information (PII). For this to work, you need to collect and store a user’s email address. Why? Because sooner or later, someone will forget their password, or will want to change their existing one. To facilitate it, you need an email, and just like that, you now have to comply with local regulations surrounding PII: GDPR, CPRA, CPPA, LGPD, PDPA, and the list goes on.

You really don’t want to do that unless you absolutely have to, and have the resources to do so.

Social login

If you want to add login functionality to your project quickly, use a social login. This is also known as a federated login provider, and it is the way to go. It’s free, fairly painless to configure (although there are caveats), and you won’t have to worry about handling PII; the provider will do that for you.

Login with Facebook, Google, GitHub, etc., and if you stick to a single provider, integration is fairly easy. However, as soon as you want to support multiple options, it may be easier to use an identity aggregator or a login box solution. Those usually aren’t free.

SSO (single sign-on)

If your software is used by other companies, and your users are their employees, you want to allow those users to login via their standard corporate login. There are multiple standards here, and each company will have its own authentication format.

It gets complicated really fast, and that’s why you probably want to go with one of the identity aggregators, or a full featured auth SaaS. It’s worth noting that this is different from using SSO internally at your own company. You can’t extend your own SSO to your customers.

Login box and identity aggregation

If you know your users will need multiple options for login, or you simply don’t want to worry about the whole authentication thing, there are quite a few providers that offer a login box that you can simply drop into your website. When picking a solution, make sure that all the login options your users will care about are supported.

There are a few potential "gotchas" here. Sometimes, an aggregator promises support of all the different login providers, but when you try to integrate, you end up having to do all the hard work yourself. That’s something you can only evaluate through proof of concept.

Another thing to look for is reliability. If login is down, your software is down.

Access control

Now that your users can log in, let’s talk about the hard part: The actual authorization. Historically, this was lumped together with login. Today, solutions range from classically sticking the claims into a user token, to full-fledged authorization decision engines.

Simple authorization

If all of your users can do exactly the same things in your software, or if you’re building it just for yourself, the quickest way to secure access is by piggybacking on the access tokens. This means sticking the resources that a given user should have access to directly into the token using claims.

This works when you have a simple access model where users can see and do everything in your software, while nasty bots can’t. It may also work if your model is slightly more nuanced, as long as all your users follow the same pattern. It breaks as soon as you have a lot of users, your users can have multiple roles, or your resource hierarchy is a little more complex than a very short list.

How to choose a solution

There are a few things to consider when picking your solution:

• Features.
• Whether you want to be running the solution yourself.
• The ease of getting started, and the overall developer experience.
• The ease of use once you’ve set everything up.
• Pricing.

There’s a bunch of options to choose from! Some of the more established ones include Authress, Ory, Oso, and Permit.

Here's a visual summary of what is offered by various providers:

Recommendation for side projects and personal use

When you’re building a small side project, or something just for yourself, friends, and family, you don’t want to overcomplicate things. You want things to be cheap, if not free. For login, use one of the social logins, like Facebook or Google.

You want to run it in the cloud rather than through your own machine. It’s super easy, comes with a lot of security options out of the box, and it costs very little.

If you need to restrict access to specific resources (i.e., your mom can delete her own data, but she can’t delete yours), use claims and simple authorization access control in the access token to save this information.

Recommendation for MVPs

When you want to build a product quickly to validate it, you may need something slightly more robust, especially if you’re going to share it with the wider public. If you can get away with a single social login, great. If not, use any provider that offers a login box cheaply. Authress or Auth0 both have free tiers that fit the bill.

If you have a monolithic app and don’t need SSO, Auth0 should be good enough. If you are building micro-services, and you need machine-to-machine auth, Auth0 gets expensive, though. You should be able to work around this using your cloud provider’s key management service, and storing your encrypted keys in GitHub.

Recommendation for B2C software

If you build something intended for consumers at any reasonable scale, you shouldn’t cut corners regarding the login experience. Use a well-established login box provider, such as Auth0 or Clerk.

If your software involves any sort of data sharing, you can use Auth0 if you only have one or two simple permissions. For fine-grained access control, use Authress or Ory. The latter two also include login box support.

Recommendation for B2B software

If your software is meant to be used by companies, regardless if we’re talking about small businesses or enterprises, you absolutely have to support SSO. Some login box providers offer this: Auth0, Clerk, FusionAuth, Ory, and Authress, although most of them charge an absurd amount of money for the privilege. Still, if you’re selling to enterprises, this may pale in comparison to your other costs, but it could land you in a spot on SSO tax.

Proper access control is essential in B2B, because most companies will have various user roles with different levels of access, and different data visibility depending on who’s logged in. If you would like a solution that only handles access control, use Oso or Permit. If you want one solution that also handles sign-on, machine-to-machine auth, monitoring, and auditing, use Authress or Ory.

Recommendation for public APIs

When your product is an API, you don’t have all that much choice. You want to go with a solution that supports API security as a first-class notion, like Authress or Ory. This will give you machine-to-machine auth and resource-based access control, to protect yourself from broken object level auth.

Will you implement any of these auth recommendations? Share below!

Discuss this story.

🧠 Harry's Growth Tip

from the Marketing Examples newsletter by Harry Dry

Capture your product with a throwaway line that a customer might say:

Go here for more short, sweet, practical marketing tips.

Subscribe to Marketing Examples for more.

🗓 Nikola Velkovski Hit $190K in Four Days

by Nikola Velkovski

Hi, indie hackers! I'm Nikola Velkovski, founder of HeyReach, a LinkedIn outreach tool. We sold $190K+ worth of licenses in just four days through our AppSumo campaign.

Here are the results:

• $190K+ in total sales.
• $95K+ in net revenue.
• 1.1K+ total licenses sold.
• 34 refunded licenses (3% churn rate).
• 95%+ of all of the licenses sold were of the highest tier.
• 33 five tacos reviews.
• 9.01% conversion rate.
• Best-selling tool on the platform!

Before AppSumo

At the end of February, we launched the beta version of HeyReach, a next generation LinkedIn outreach tool built for agencies and teams.

After being in the outreach market for nearly two years, and trying everything on the market, we concluded that there was no tool that really addressed the needs of agencies and sales teams in regards to lead gen.

The free beta launch went really well, and we gathered a lot of feedback, but we still didn’t have paying customers, therefore no validation.

When we launched our paid version at the end of March, we decided to completely focus on traction, and double down on sales-led growth.

Focusing primarily on lead gen and outreach (selling HeyReach using HeyReach), with just a sales team of four people (including myself), we managed to scale to nearly $10K MRR in just 77 days.

AppSumo launch

In December 2022, another founder connected me with the AppSumo team to discuss potentially promoting HeyReach on the platform. We hadn't launched the tool yet, and based on our estimated ROI, we decided not to move forward at the time.

However, after the beta launch in February 2023, and the initial traction we generated, AppSumo reached out to me again with a really interesting offer. We discussed launching HeyReach at SumoDay 2023, just for four days.

SumoDay is the biggest event on AppSumo, where AppSumo sees triple the traction compared to any other period of the year.

After long negotiations with the AppSumo team, we finally came to a 50-50 revenue share deal, and I had to sign the partnership agreement immediately, at 2:00 AM.

We started preparing ourselves for the launch, working with AppSumo’s team. I was amazed by the organization and its processes. We implemented the features that we agreed on, helped with the content, and organized ourselves for the big event.

SumoDay

We took SumoDay really seriously. We decided to establish processes for customer support and PR (community presence and driving traffic to our AppSumo product), but didn’t want to stop with the development of the product, or have a gap in our lead gen and sales.

AppSumo’s community is really smart and appreciates good products. However, they can also be extremely harsh! We knew that we could not fail to deliver the best product and experience for them.

We strongly believe in documenting things. All questions that can be addressed by our knowledge base were directed to the article. If we didn’t have an article that addressed the customer’s question, we manually answered, then documented it in the knowledge base. Also, my teammates Stefan and Tomislav manually activated more than 300 licenses during the launch.

Our goal was to keep our support response time under 10 minutes during the work days, be super responsive, and if there was a technical problem, fix it in just a few hours.

We joined 30+ Facebook communities, hosted three giveaways, did two live webinars, and spoke with 1K people over the course of the four days. During this whole AppSumo launch, I met a ton of nice people, and made a bunch of friends and supporters!

Takeaways

AppSumo is a great way to get your product and positioning validated at scale. Don’t treat it as a way to earn money (although you can get a decent cash injection), but as a way to determine early product-market fit.

Treat all of your customers with the utmost respect. Be responsive and customer-oriented, but also bold and true to your vision.

Don’t forget that there’s life after AppSumo, as well. Treat AppSumo as a kickstarter for your company, ride that momentum, engage further with the community, and build and deliver what you promise!

Discuss this story.

🐦 The Tweetmaster's Pick

by Tweetmaster Flex

I post the tweets indie hackers share the most. Here's today's pick:

🏁 Enjoy This Newsletter?

Forward it to a friend, and let them know they can subscribe here.

Also, you can submit a section for us to include in a future newsletter.

Special thanks to Jay Avery for editing this issue, to Gabriella Federico for the illustrations, and to John Smith, Darko, Dorota Parad, Harry Dry, and Nikola Velkovski for contributing posts. —Channing