How fast can Kaizen deliver a project?

A landing page or single-page product typically takes 1 to 3 days from brief to deployment. A full marketing website or web application takes 3 to 10 business days depending on scope. We use an AI-native development workflow that compresses timelines without cutting quality.

How much does a website cost at Kaizen?

A SaaS landing page starts around €3,000 and takes about 2 days. A full company website with 5 to 10 pages is typically €7,000 to €15,000. AI integrations (chatbots, document processing, AI search) start at €4,000. All projects are fixed-price with no hourly billing.

What kind of projects does Kaizen build?

We build SaaS landing pages, restaurant and hospitality websites, AI writing tools, interactive product demos, marketing sites, MVPs for new products, and AI integrations for existing products. We work best on well-scoped, fast-turnaround projects where speed matters.

How does the AI-native development workflow work?

We start with a detailed specification that defines the problem, user flows, data model, and success criteria. AI agents then handle the implementation: scaffolding, coding, and iterating. A senior developer reviews every output for quality, correctness, and security. The result is production-ready code that would take a traditional team weeks, delivered in days.

Does Kaizen offer fixed pricing?

Yes. All projects are quoted at a fixed price before work begins. No hourly billing, no surprise invoices. The fixed price model aligns our incentives with yours: we scope carefully, build efficiently, and deliver what was agreed.

Can Kaizen add AI features to my existing product?

Yes. We integrate Claude API, OpenAI, and other AI services into existing web products. Common integrations include conversational chatbots, document Q&A, AI-assisted writing, and semantic search. A typical AI integration takes 1 to 2 weeks and starts at €4,000.

What is Kaizen's relationship to Stormfors?

Kaizen is the speed-tier development brand of Stormfors AB, a Stockholm-based software agency. Kaizen handles fast-turnaround work for founders and small teams. Stormfors handles larger enterprise engagements. Both share the same team and quality standards.

API Design for Startups: Keep It Simple

Your API is the contract between your product and everything that interacts with it: your frontend, your mobile app, your integrations, and eventually your customers' developers. Getting it right early saves months of pain later. Getting it wrong means breaking changes, confused consumers, and support tickets that should never have existed.

The good news: API design for startups is simpler than the internet makes it sound. You do not need GraphQL. You do not need HATEOAS. You do not need a 50-page API design guide. You need five rules and the discipline to follow them.

Start with REST. Stay with REST.

GraphQL solves a real problem: when a frontend needs to fetch data from many related entities in a single request, and different views need different subsets of that data. If you are building Facebook or Shopify, GraphQL makes sense.

If you are building an early-stage product with a small team, GraphQL is premature optimization. It adds a schema layer, a resolver layer, caching complexity, and tooling overhead. The learning curve is real, and the benefits do not materialize until your data graph is complex enough to warrant them.

REST is simple, well-understood, and has decades of tooling. Every developer you hire knows REST. Every debugging tool speaks HTTP. Every integration guide assumes REST. Start there. If your product grows to the point where REST causes real friction (you will know because your frontend makes 8 API calls to render one page), evaluate GraphQL then. That day is probably years away.

The five rules

1. Consistent naming

Pick a convention and never deviate. Plural nouns for collections, singular for specific items. Lowercase with hyphens. No verbs in URLs (the HTTP method is the verb).

GET /api/invoices lists invoices
GET /api/invoices/inv_123 gets one invoice
POST /api/invoices creates an invoice
PATCH /api/invoices/inv_123 updates an invoice
DELETE /api/invoices/inv_123 deletes an invoice

Not /api/getInvoice. Not /api/invoice/list. Not /api/Invoices. Consistency means a developer can guess the endpoint for a resource they have never used before and be right. That is the hallmark of a well-designed API.

2. Predictable status codes

Use HTTP status codes correctly. This is not optional, it is what makes your API interoperable with every HTTP client and middleware in existence.

200 for successful reads and updates
201 for successful creation
204 for successful deletion (no content)
400 for validation errors (bad input from the client)
401 for unauthenticated (no valid credentials)
403 for unauthorized (valid credentials, insufficient permissions)
404 for not found
429 for rate limited
500 for server errors (your fault, not theirs)

The biggest mistake we see: returning 200with an error message in the body. This breaks every HTTP client's error handling. If the request failed, the status code must reflect that. Always.

3. Pagination from day one

Every list endpoint must be paginated. No exceptions. Even if you have 12 records today. Because when you have 12,000 records next year, adding pagination to an endpoint that returns everything is a breaking change for every consumer.

Cursor-based pagination is more robust than offset-based, but offset-based is simpler to implement. For most startups, offset pagination with a limit and offset parameter is fine. Default limit of 20 or 50. Maximum limit of 100. Return a total count so the client can build pagination UI.

4. Versioning strategy

You will need to make breaking changes eventually. Have a plan before you need one. The simplest approach: prefix your API with a version number. /api/v1/invoices. When you need to make breaking changes, introduce /api/v2/invoices and keep v1 running for a deprecation period.

You might never need v2. Many startups run on v1 for years. But having the versioning in place from the start means you can make breaking changes without breaking existing integrations. That flexibility costs nothing to add upfront and is painful to retrofit.

5. Health endpoint

Every API needs GET /health that returns 200 with a JSON body confirming the service is running and can reach its dependencies. This is what your monitoring tools hit. This is what your load balancer uses to route traffic. This is how you verify a deployment succeeded.

A minimal health check confirms the process is alive and the database is reachable. A better one also checks external service connectivity and returns the application version. Keep the response fast (under 100ms) because it will be called frequently.

Authentication: start simple, add complexity when needed

For most early-stage APIs, bearer tokens (API keys) are sufficient. Generate a random token for each client, store it hashed in your database, and validate it on every request. This takes an hour to implement and covers 90% of authentication needs.

Add OAuth 2.0 when you have enterprise customers who need it for their compliance requirements, or when you are building a public API that third-party developers will integrate with. OAuth adds significant complexity (token refresh flows, scopes, authorization servers) and is not worth the investment until you have a specific need.

Regardless of the auth mechanism, always:

Rate limit authentication endpoints (5 attempts per minute per IP)
Log all authentication failures
Use HTTPS exclusively (no HTTP fallback)
Set reasonable token expiration times
Store tokens hashed, never in plain text

Error handling that helps developers

When something goes wrong, your API's error response is the developer's first debugging tool. Make it useful.

A good error response includes: the HTTP status code, a machine-readable error code, a human-readable message, and optionally details about which field or parameter caused the issue.

For example, a validation error should return:

{
  "error": {
    "code": "validation_error",
    "message": "Invoice amount must be positive",
    "field": "amount"
  }
}

Not a generic "Bad Request" with no further detail. Not a stack trace (which is a security risk). Not an HTML error page (which happens more often than you would think when a framework is misconfigured).

Machine-readable error codes (validation_error, not_found, rate_limited) allow consumers to handle errors programmatically. The human-readable message is for the developer reading logs at 11 PM trying to figure out why their integration broke.

Documentation: less is more

An OpenAPI spec plus three curl examples is better than a 50-page PDF that nobody reads. Here is what actually helps developers integrate:

An OpenAPI/Swagger spec. This is both documentation and a contract. Tools can generate client libraries from it. Developers can import it into Postman or Insomnia. It is the single source of truth for your API surface.
A quick-start guide.Three curl examples that demonstrate: authenticate, create a resource, list resources. A developer should go from "I have an API key" to "I made my first successful request" in under 5 minutes.
Error code reference. A table of every error code your API returns, what it means, and what the consumer should do about it.

That is it. Write these three things before you write anything else. Every additional page of documentation has diminishing returns and a maintenance cost.

Monolith first, split later

The question of microservices comes up early in every startup. The answer is almost always: do not. Start with a monolith. One API, one database, one deployment.

Microservices add network latency, deployment complexity, distributed tracing requirements, and data consistency challenges. They make sense when your team is large enough that independent deployment matters, or when specific components have radically different scaling needs. For a team of 1 to 5, a monolith is faster to build, easier to debug, and simpler to deploy.

When you do split, follow the composable services approach: one concern per service, HTTP API boundary, own database. But wait until the monolith gives you a specific, concrete reason to split. "It is best practice" is not a reason. "Our payment processing needs to scale independently and has different uptime requirements" is.

Start here

If you are designing your first API, start with these five rules. Use REST. Be consistent in naming. Use status codes correctly. Paginate everything. Version from the start. Add a health endpoint. Authenticate with API keys. Return useful errors. Document with OpenAPI and three curl examples. Deploy as a monolith.

This gives you an API that is clean, predictable, and extensible. It takes a few days to build properly, and it will serve you well for years. The time to add complexity is when you have evidence that simplicity is holding you back, not before.