{"id":1752,"slug":"rule-rent-commodity-parts-build-only-differentiated-logic","title":"R3 — Rent the commodity parts (Stripe / Auth0 / Algolia / RDS / Lambda); build only what is genuinely differentiated logic","kind":"rule","scope":"business","status":"current","audiences":["kevin","smb-owner","candid-team"],"topics":["agency-methodology","build-vs-buy-software","commodity-web-parts","bespoke-build-economics"],"reference_body":"**Rule:** For SMB client work, default to **renting the commodity parts** — payments ([[stripe-launch-2011-tokenized-cards]]), auth ([[auth0-founded-2013-managed-identity]] / [[cognito-firebase-auth-2014]]), search ([[algolia-founded-2012-search-as-a-service]] / [[elasticsearch-first-release-2010]]), managed DB ([[rds-launch-october-2009-managed-db]]), serverless ([[lambda-launch-november-2014-serverless]]). **Build only what is genuinely differentiated** — the client's actual business logic.\n\n**Why:** Each commodity service replaces a person-month-or-more bespoke build (see the \"pre\" entries: [[pre-stripe-merchant-account-plus-gateway-plus-pci]], [[pre-auth0-roll-your-own-password-hashing]], [[pre-elasticsearch-sql-like-or-custom-lucene]]). Building any of these in-house is paying twice — once at build, again at maintenance — for a worse outcome.\n\n**How to apply:**\n- Scope conversations explicitly call out which parts are commodity (rent) vs differentiated (build).\n- \"We want our own auth\" is almost always a red flag — surface [[pre-auth0-roll-your-own-password-hashing]] and the security implications.\n- The differentiated logic is usually narrower than the client first imagines; help them see it.","rationale_body":null,"metadata":null,"links":{"outgoing":[{"slug":"rds-launch-october-2009-managed-db","title":"Amazon RDS announced October 2009 (MySQL first); GA May 31, 2011 — managed DB absorbs admin/backup/failover","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"lambda-launch-november-2014-serverless","title":"AWS Lambda previewed November 13, 2014; GA April 9, 2015 — code with no servers to provision","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"stripe-launch-2011-tokenized-cards","title":"Stripe launched 2011 — card data never touches merchant server (Stripe.js → token), removing the heaviest PCI burden","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"pre-stripe-merchant-account-plus-gateway-plus-pci","title":"Pre-Stripe payments: merchant account + payment gateway (e.g., Authorize.net ~$25/mo) + PCI compliance burden","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"elasticsearch-first-release-2010","title":"Elasticsearch first release 2010 — open-source on Apache Lucene; commodity search","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"algolia-founded-2012-search-as-a-service","title":"Algolia founded 2012 (Dessaigne & Lemoine; Y Combinator W2014) — search-as-a-service, no infra to manage","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"pre-elasticsearch-sql-like-or-custom-lucene","title":"Pre-Elasticsearch site search: weak SQL LIKE queries or a costly custom Lucene/Solr build","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"auth0-founded-2013-managed-identity","title":"Auth0 founded 2013 — managed identity, social login, SSO, SAML","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"pre-auth0-roll-your-own-password-hashing","title":"Pre-Auth0 auth: roll-your-own password hashing, sessions, resets, lockouts — security-critical and error-prone","kind":"reference","scope":"business","link_type":"depends-on"},{"slug":"rule-floor-fell-ceiling-did-not-bespoke-still-costs","title":"R4 — The floor fell, the ceiling did not: bespoke client portals still cost $20k–$50k + $10k–$25k/yr — say so honestly","kind":"rule","scope":"business","link_type":"relates-to"}],"incoming":[{"slug":"research-brief-falling-cost-floor-real-web-functionality-smb-june-2026","title":"Research brief: the falling cost floor of \"real\" web functionality for SMBs (June 2026)","kind":"reference","scope":"business","link_type":"relates-to"},{"slug":"enterprise-tier-customer-portal-example","title":"Enterprise-tier example: customer account portal — Auth0 + RDS + role-based permissions; commodity parts, bespoke assembly still costs","kind":"reference","scope":"business","link_type":"relates-to"},{"slug":"enterprise-tier-live-dashboard-example","title":"Enterprise-tier example: live-data dashboard — NWS API / open data + D3/Chart.js on managed DB; pre-2010 demanded a custom build","kind":"reference","scope":"business","link_type":"relates-to"},{"slug":"enterprise-tier-product-search-example","title":"Enterprise-tier example: typo-tolerant instant search over a product/document catalog — Algolia or Elasticsearch instead of a dedicated Lucene engineer","kind":"reference","scope":"business","link_type":"relates-to"},{"slug":"rule-three-drivers-decade-2004-2014-not-ai","title":"R1 — Anchor the falling-cost case on the decade 2004–2014 (infrastructure + parts + data); AI-assisted coding is NOT the spine","kind":"rule","scope":"business","link_type":"relates-to"},{"slug":"rule-build-features-customers-will-actually-use-pendo-80","title":"R5 — Build features customers will actually use; ~80% of software features go unused (Pendo 2019)","kind":"rule","scope":"business","link_type":"relates-to"}]},"created_at":"2026-06-21T13:17:00.703Z","updated_at":"2026-06-21T13:17:00.703Z"}