Today I'd like to tell you the story of the startup I've been a part of for the past 3 years, initially as co-founder and CTO and now sole owner and also CEO.
It all started out in 2017, when my best friend called me up to meet because he had a great app idea that will turn into a profitable business. We met downtown for a coffee and he passionately told me about what was keeping him up at night. The idea came to him during his last visit to the barber. While he was cutting his hair, the barber started small talking and asked him what he did for a job. After he'd told him that he was working as a programmer, the barber asked him if he would be willing to make him a website for his clients to book appointments with him online, because he was going crazy with all of them calling his personal phone number. That's when my friend realized that probably most barbers have this problem and that we should build a platform where all of them could register a profile and people could search and book any one of them.
After a few weeks of fantasizing about the idea, we decided to go full in, quit our 9-5 jobs and started working on an MVP. Right from the start, we had to decide what our roles would be. As I had a lot more programming experience, we agreed that only I was going to work on the tech side and be the CTO and he would start learning everything else, marketing, sales etc and be the CEO.
Fast forward a couple of months, the MVP was ready and we were going to onboard our first barbershops and start beta testing. One unique selling point of our platform was that we required users to fill in their phone numbers which we validated with an SMS short code send to their devices. This was to make sure people wouldn't make fake appointments from accounts created using random email addresses.
Seeing how our company was bootstrapped, we didn't have much money to spend so our core value was to build everything as cheap as possible or FREE. With that in mind, we had a problem in sending the SMS codes for validating user phone numbers. We couldn't use an API because that would get expensive pretty quick. So we decided to SCIENCE THE SHIT OUT OF IT. I started looking for ways to build a cheap SMS server and use a prepaid SIM card to send out messages. In about a week I had a working system that used a RaspberryPi and a 3G USB dongle (which can be used to also send SMS using some open source software). This was a great and cheap solution and most importantly, IT WORKED.
A few months after our release, we were having problems getting users on the platform. Most of them found it easier to just call for an appointment. From a technical perspective there was nothing wrong with the software, so we started investigating why users found it hard to use. This wasn't hard because most of them had the same complaint. They either didn't have an email address in order to be able to register an account or, if they did manage to sign up, the next time they wanted to book a haircut and had to log in again, they forgot their passwords and could not get into their account. This is when my partner suggested that we ditch emails altogether and use phone numbers as primary keys for user accounts and log them in with SMS codes. At first, I was outraged. Not using an email and password for user accounts seemed absurd, a blasphemy. But after some talks, I was also convinced this was the way to go and went on to modify the platform. And surely enough, IT WORKED. User signups were through the roof and we started on boarding even more barbershops. Everyone now found the app easier to use than calling for an appointment. Looking back at this I've learned my lesson. Most of us programmers are so hung up on best practices/ideologies and we can't think about UX for shit.
The key lesson from the switch to SMS and ditch the emails is to know your audience. I was so against it at first because all of my career I've worked with email+password based authentication. All of the apps I saw were using it, every tutorial I've ever read about programming had this way of logging users in. But the thing I've always failed to notice was that most of that literature was coming from the US (or some other developed country like UK etc). But we were deploying an app in an eastern Europe country. The average user here doesn't use email because he has no need for it in his day to day life. The majority of people here pay for stuff using cash and most of them are against using credit cards because in our language, card written backwards is drac, which literally means the devil. If you're building apps targeted at similar cultures, mostly third and second world countries, I can't stress this enough, use phone numbers instead of emails as user IDs, you'll thank me later.
Alright, now that we had a solid product that people loved to use, it was time for disaster to strike. The SIM cards we were using to send SMS messages from got blocked by the carrier. At that point we used 3 of those raspberry boxes to load balance traffic. But we were sending around 5000 SMSs a month and phone companies frown on that :). They won't allow SMS bots to use their regular SIM cards. For that you'd have to sign up for a company subscription which was pretty costly and we could not afford it. All hell broke loose, we were at a dead end. We had no money to be able to use an SMS API like Twilio. That night I didn't sleep. I had to come up with a cheap or FREE solution to this. That's when I found Facebook Account Kit, a service build exactly for what we needed. It allowed developers to validate phone numbers using a short code sent to users' phone numbers via SMS or WhatsApp. And the best part of it? It was FREE for the first 100k messages. This was a life saver and it worked great .. for a while.
Fast forward one year later, I got an email from Facebook Account Kit that they were going to shut down the service in 3 months time. Oh boy, here we go again. At this point, our service was making ~3000$ in income each month and we were two employees. The money barely covered our salaries, government taxes and other costs like server hosting. And also our user base had doubled and now we were sending ~10.000 SMS messages using Facebook Account Kit each month. That volume would have cost us about 600$ if we were to switch to Twilio. Hello darkness, my old friend! I had to pun on my thinking hat and SCIENCE THE SHIT OUT OF IT again. I had 3 months to come up with a solution and implement it. And the gods have favored me again. I had an "AHA" moment which, in my mind, was similar to the time Isaac Newton was hit in the head by the apple and the idea came to me. What if we don't send SMS messages to the users, but require them to send one to prove they own that phone number? I immediately started prototyping this and found out that it can be done. In both Android and IOS you can open the default SMS app with the to and body fields pre filled. The only thing the user has to do is hit send. He doesn't even have to fill in his phone number, because it is inferred by the receiving end. This was an awesome solution, the UX was great, users can log in with only 2 taps and we move the costs to them, which isn't a problem because most users have unlimited messaging. Seeing how 90% of our traffic is coming from mobile devices this would cut our costs by 90%. And we'd offer a fallback for desktop users where we'd send the code to them.
And IT WORKED! We've been running on this system since January. We did have a couple of complaints and a few users who we're confused by this, but eventually they caught on. We run this system through an Android tablet which runs our custom proxy app. We receive ~2-300 messages daily and send about 500 each month (we also use this to send codes for users on desktop). All with a pre paid SIM card that is costing us $ 7/month.
So far it seems stable and should be future proof, but you never know :).