Building MVPs Quickly with Strapi: The Good and the Bad

In today's fast-paced digital landscape, building Minimum Viable Products (MVPs) is crucial for testing ideas and getting them to market rapidly. Entrepreneurs and developers are always on the lookout for tools that can expedite this process while offering flexibility and customization. One such tool that has gained prominence in recent years is Strapi – an open-source Headless Content Management System (CMS) that enables efficient content management and customization for various applications.

Understanding the Headless CMS

A CMS traditionally offers a comprehensive solution for creating, managing, and publishing content on websites or applications. These systems often come bundled with frontend templates, making it easier to create both the content and the public user interface (think Wordpress). However, the emergence of headless architectures has led to a paradigm shift in CMS functionality.

A headless CMS, like Strapi, focuses on content management alone, decoupling the backend content management from the frontend presentation, unlike traditional solutions such as Wordpress or Drupal. This separation allows developers to use their preferred frontend technologies, whether it's a web application, mobile app, or any other platform.

When should I use a headless CMS?

As with any technical issue, it depends. If your system has a well defined scope with reasonable design constraints and it's technical complexities are relatively low, then by all means you should consider using a headless CMS, it might even be the better solution for you to keep costs low and focus on your core business.

There are, of course, cases where your project might be better suited with customized solutions. But first, let's discuss what Strapi brings to the table so you can decide for yourself what approach fits your business model best.

1. Content Management, API's and User Access

The most basic feature a CMS needs to offer is an Administration Panel. Strapi allows you to easily define the format of your content and relationships between content models directly inside the Admin panel, with a very minimal amount (if any) of code written by you. Additionally, they make it easy to manager user access to the Admin panel, giving you three base roles, "Super Admin", "Editor" and "Author", with room for more that you can create, with customizable permissions to the different parts of the administration panel.

Automatically generated API's

One of the big advantages of Strapi is it's automatic generation of REST API's, allowing you or your developers to quickly and easily query data inside Strapi to develop your application or service. Additionally, Strapi allows you to define which API endpoints are public, and which require authorization directly from withing the Admin panel, giving you the ability to easily secure your API's without any extra code. If GraphQL is your thing, Strapi has an official solution for that as well.

File Uploads Made Effortless

Uploading files, images, or documents is a common requirement in web applications, from media-rich blogs to e-commerce platforms. Strapi simplifies this process by allowing you to effortlessly configure and manage file uploads. What's more, Strapi can be extended to automatically store these files on cloud storage services like AWS S3, complete with content delivery network (i.e. CDN, e.g. AWS CloudFront) integration. This ensures that your uploaded files are cached, accessible at high speeds, and cost-effective to manage.

API Extensibility

All API's in Strapi are customizable. Whether you need custom middleware to validate incoming data or parse outgoing responses, or you need to create extra endpoints for custom features, Strapi has your back and you can easily extend the base API.

2. Customizability - The Plugin Ecosystem

Strapi's plugin ecosystem is a dynamic and expansive collection of add-on modules that significantly extend the functionality of the Strapi CMS. You can use plugins to add additional functionality to your Strapi deployment, such as integrations with search tools like Algolia, adding caching mechanisms, integrating analytics and much more.

Pretty much every technical component in Strapi is a plugin, even the built-in functionalities are plugins. You can, of course, build your own plugins for additional functionality based on your business' needs. With enough coding experience, you can build custom dashboards, add extra buttons or fields to manage content, implement new storage, email or authentication mechanisms, and more. For example, the text you are reading now was written using a custom text field plugin, built on top of the TipTap editor.

3. TypeScript Integration

A good way to ensure codebase maintainability is by using TypeScript. Using JavaScript alone to code does not give enough assurance that the data you are working with is correct, furthermore, TypeScript allows developers to easily document the code they are writing directly using language features rather than comments.

Fortunately, Strapi integrates relatively nicely with TypeScript, giving developers the necessary tooling to be productive when developing new features in Strapi. While this feature is not completely perfect, with enough discipline developers can ensure the maintainability of the backend.

Where Strapi falls short

Despite its numerous benefits, Strapi is not without challenges. TypeScript support is not perfect, and it sometimes lacks the flexibility to build more advanced tooling to share code between repositories (a common and popular pattern today). Additionally, certain aspects of the Strapi documentation sometimes require reading between the lines or referencing multiple pages to understand how to build a specific thing. This of course can be improved through open-source contributions.

One rather big problem we faced with Strapi is related to the way they expose their API's. The Strapi API provides a so-called populate feature, which allows clients to request related data. In other words, if your Users table is related to a Projects table, when requesting a User, you can tell Strapi to populate the user's projects. This is a very useful feature, but unfortunately it comes with a security flaw.

The populate feature allows you to populate deeply nested structures, even recursively. We found that you could, in this case, extract what other projects a user is part of, even if you by default would not see those project. This flaw allows an attacker to extract more data than they are allowed to, sometimes even personal data.

Thankfully, we were able to mitigate this security flaw by implementing a validation middleware that restricts the depth and breadth of data that can be requested by a client. This middleware is customizable and can be adjusted per-endpoint.

Another flaw Strapi has is the way it structures the database. Its opinionated content model adds a lot of complexity to the database schema which results in increased difficulty to create custom features outside of Strapi.

Because Strapi is designed in a monolithic structure, it is quite difficult to break it up into smaller components that can scale separately when your business reaches a certain level. A clear indication of this problem is through its Cron scheduling feature. Strapi allows you to define custom functions that run on a specified schedule. However, once you want to scale your Strapi backend to multiple servers, the schedules will run on all active instances, resulting in multiple runs of the same code, which could cause race conditions and pollute your database.

We are confident most of these issues will be fixed in the future, but we also want to show how seemingly perfect solutions can come with hidden complexities.


In conclusion, Strapi offers a powerful solution for building MVPs, websites or e-commerce platforms quickly and effectively. The features it provides are very useful when time and money are limited, or the scope of the project does not present high complexity.

Strapi (or any other CMS for that matter) can be good choices to build your dream product, but sometimes custom-built can be much more future proof. If you're unsure, we are able to help you through our Product Discovery Workshop, so we can find what approach fits your product the best.