If you've used Cursor or Claude to build a SaaS, you've probably hit this wall.
You type "add Stripe billing" and get a code that half works, skips webhooks, and doesn't account for any edge cases. You ask for "auth" and get a happy-path login form with no error handling and no session management.
The problem isn't the AI. It's the prompt.
After building several Next.js SaaS projects with Cursor and Claude, I found that the quality of AI output has almost nothing to do with the model and everything to do with how structured your request is.
Here are 5 prompts I actually use for auth, billing, database, debugging, and deployment that consistently produce code I can ship.
The pattern behind every good prompt
Before the examples, here's what every effective prompt has in common:
Stack context tell it exactly what you're using (Next.js App Router, Supabase, shadcn/ui, Stripe, Zod). Don't make it guess.
Ordered steps ask it to do things in sequence. "Do this in order: 1. List files, 2. Show schema, 3. Build the component" produces far better output than one open-ended ask.
Constraints These are the most underused part. "Do not rely on client-only checks." "Avoid over-engineering." "Call out security-sensitive parts." Constraints trim the hallucinations.
Prompt 1: Stripe subscription checkout
Most developers ask for "Stripe integration" and get a half-baked checkout that doesn't think about webhooks, metadata, or failure cases.
Help me implement Stripe subscription checkout for a SaaS app.
I need:
- checkout session creation
- user metadata attached correctly
- trial support if useful
- redirect flow
- webhook-friendly setup
Please:
1. List required environment variables
2. Show the server-side checkout logic
3. Explain what metadata should be attached
4. Explain what the webhook will need later
5. Mention failure cases and edge cases
Important:
- do not skip webhook considerations
- do not assume the database sync already exists
- call out security-sensitive parts clearly
The key line: "do not skip webhook considerations." Without it, you almost always get checkout code that has no plan for what happens after the payment.
Prompt 2: Supabase auth with real error handling
Help me implement Supabase email/password auth in a Next.js App Router app.
I need:
- login page
- signup page
- server-side submission handling
- field validation
- redirect on success
- useful error handling
Please do this in order:
1. List required files
2. Show the validation schema
3. Build the auth actions
4. Build the login and signup forms
5. Explain session handling briefly
6. Mention common auth mistakes
Important:
- keep it production-minded
- avoid fake helper functions
- do not hide important security steps
The phrase "avoid fake helper functions" is one I use constantly. Without it, Cursor loves to invent utility wrappers that don't actually exist in your codebase.
Prompt 3: Route protection middleware
Help me create middleware or route protection for a Next.js SaaS app.
Requirements:
- protect dashboard routes
- allow public marketing pages
- redirect unauthenticated users to login
- preserve the original path for redirect after login
- keep behavior predictable
Please:
1. Show the route-matching strategy
2. Explain how auth will be checked
3. Show the middleware or server-side protection approach
4. Mention common redirect bugs
5. Point out edge cases
Important:
- keep it easy to debug
- do not rely on client-only checks
- call out any security-sensitive assumptions
"Do not rely on client-only checks" is critical here. A surprising amount of AI-generated auth code puts protection only in the UI which is security theater, not actual security.
Prompt 4: Debugging a slow API route
I have a slow API route in my app.
Route:
[paste code]
Please:
1. Identify every async operation
2. Estimate where the delay is likely happening
3. Show what can run in parallel
4. Suggest caching only where it makes sense
5. Point out query improvements and index needs
6. Rewrite the route with comments on what changed
Important:
- avoid generic performance advice
- prioritize the biggest wins first
- mention tradeoffs clearly
The constraint "avoid generic performance advice" stops it from listing things like "use a CDN" when your problem is a sequential database call.
Prompt 5: RLS policies for multi-tenant data
Help me design row-level security policies for a multi-tenant SaaS in Supabase.
Data model:
- organizations
- memberships
- projects
- tasks
Roles: owner, admin, member, viewer
Please:
1. Suggest helper SQL functions if useful
2. Write policies table by table
3. Explain each policy simply
4. Show how to test them
5. Call out likely mistakes or bypass risks
Important:
- keep the policies readable
- reduce repeated logic
- do not use unclear shortcuts
RLS is one of the hardest things to get right with AI assistance. The instruction "call out likely mistakes or bypass risks" is what turns a technically correct policy into one you can actually trust.
The takeaway
The developers getting the most out of Cursor and Claude aren't using smarter models, they're using better prompts.
The formula: stack context + ordered steps + explicit constraints.
If you want to skip building your own library of these, I packaged 25 of the highest-value prompts for Next.js SaaS development into a single PDF covering auth, billing, database, AI features, debugging, and deployment.
Ship Faster Lite €9 on Gumroad
It's the starter version of a larger 100-prompt system I'm building. If the prompts above were useful, the pack has 20 more in the same format.
Built with Next.js, Supabase, Stripe, shadcn/ui, and Cursor. If you found this useful, share it with someone building their first SaaS.
Top comments (0)