2.1 Planning, System Analysis, Design & Choosing Tech Stack
The 5-stage Build Plan (Laudon)
---
Stage 1: Strategic Planning
Before any code, answer five questions:
- What is the business vision? (Storefront? Marketplace? Subscription? Quick-commerce?)
- Who is the target audience? (Geography, demographics, language)
- What is the value proposition? (Lowest price? Fastest delivery? Curated quality?)
- What is the revenue model? (Commission, subscription, ads, freemium, transaction fee)
- What is the budget? (Bootstrap vs ₹10 lakh vs ₹10 crore)
Revenue models in e-commerce
| Model | Description | Example |
|---|---|---|
| Sales | Profit on product sold | Amazon retail, Flipkart |
| Transaction fee | % of GMV transacted | Razorpay (~2% per txn), Stripe |
| Subscription | Recurring fee | Netflix, Amazon Prime |
| Advertising | Display ads to users | Google, Meta, YouTube |
| Affiliate | Referral fee | Cuelinks, EarnKaro |
| Freemium | Free + premium tier | LinkedIn, Zoom, Spotify |
| Marketplace commission | % from each seller's sale | eBay, Etsy, OLX |
| Listing fees | Fee to list product | OLX paid promotions |
| B2B SaaS | Per-seat / per-feature | Shopify, BigCommerce |
---
Stage 2: System Analysis (Requirements)
Capture what the system must do — input to design:
Functional requirements
- User registration, login, profile management
- Product catalogue browse, search, filter
- Cart management — add, update, remove
- Checkout — address, payment, confirmation
- Order tracking — status updates, history
- Returns and refunds
- Reviews and ratings
- Admin panel — manage catalogue, orders, customers
Non-functional requirements
- Performance — page load < 2s, 95th percentile < 4s
- Scalability — handle 100K concurrent users, 10× peak load
- Availability — 99.9% uptime (43 min downtime/month)
- Security — PCI-DSS for payment data, OWASP Top 10 prevention
- Compliance — IT Act 2000, DPDP Act 2023, GST e-invoicing
- Accessibility — WCAG 2.1 AA
- Localisation — Multi-language, multi-currency, regional formats
- Mobile responsiveness — works on every screen size
---
Stage 3: System Design
Translate requirements into a buildable spec. Standard outputs:
| Artefact | Content |
|---|---|
| High-Level Design (HLD) | Architecture diagram, major components, data flow |
| Low-Level Design (LLD) | Per-component details, class diagrams, sequence diagrams |
| Database schema | Tables, relationships, indexes (covered in DBMS course) |
| API design | REST endpoints, request/response, authentication |
| UI/UX wireframes | Screen flows, design mocks (Figma, Sketch) |
| Security design | Authentication, authorisation, encryption choices |
Typical e-commerce HLD (3-tier)
Presentation Tier → Application Tier → Data Tier
───────────────── ─────────────────── ────────────
Web / Mobile App Auth, Catalog, Postgres,
(React, Flutter) Cart, Order, Redis,
Payment, Search Elasticsearch
services
---
Stage 4: Build / Choosing Tech Stack
The most important strategic choice: build, buy, or both.
Build vs Buy decision matrix
| Option | When to choose | Examples |
|---|---|---|
| Custom (build from scratch) | Large scale, unique requirements, full control | Amazon, Flipkart, Myntra |
| Open-source | Mid-scale, technical team, customisation needed | Magento, WooCommerce, OpenCart, PrestaShop |
| SaaS (Software-as-a-Service) | Small-mid scale, fast launch, no/limited dev team | Shopify, BigCommerce, Wix Stores, Square Online |
| Headless commerce | Modern, omnichannel, decoupled UI | commercetools, Saleor, Medusa, BigCommerce Headless |
| Marketplace listing | Test market, low cost | Amazon Seller, Flipkart Seller, Meesho Reseller, JioMart Seller |
Popular e-commerce platforms (2024)
| Platform | Type | Best For | Notable Users |
|---|---|---|---|
| Shopify | SaaS | SMB to mid-enterprise | Allbirds, Gymshark, FashionNova |
| WooCommerce | Open-source (WordPress plugin) | Small business, content + commerce | 25%+ of all stores globally |
| Magento (Adobe Commerce) | Open-source / SaaS | Mid-large enterprise | Coca-Cola, Ford |
| BigCommerce | SaaS | Mid-to-large | Skullcandy, Toyota |
| Salesforce Commerce Cloud | SaaS Enterprise | Large enterprise | Adidas, L'Oréal |
| commercetools / Saleor | Headless | Modern brands, omnichannel | Audi, Lego |
| JioMart Marketplace | India-specific | Indian sellers | Reliance JioMart |
| ONDC | India network protocol | Any Indian seller | Buyer apps: Paytm, Phonepe, Magicpin |
---
Stage 5: Test & Deploy
Specific to e-commerce, test:
| Test Type | Specific to E-Commerce |
|---|---|
| Functional | Full checkout flow, payment success/failure, returns |
| Performance | Big-billion-day load — 10× normal traffic, 100× search |
| Security | PCI-DSS audit, OWASP scan, penetration test |
| Mobile | Test on 10+ devices, slow 3G/4G networks |
| Cross-browser | Chrome, Safari, Firefox, Edge — mobile and desktop |
| Payment gateway | Test with each provider's sandbox |
| Localisation | Multi-currency, multi-language, RTL languages |
| SEO | Crawlability, meta tags, schema.org markup, sitemap |
Deployment strategies
- Blue-Green — two environments; switch traffic instantly
- Canary — release to 1% of users first; expand if healthy
- Rolling — replace servers gradually
- Feature flags — release code but hide features behind toggles
---
Software requirements for a typical e-commerce site
| Category | Software Examples |
|---|---|
| OS | Linux (Ubuntu, RHEL) — most common; Windows Server (Microsoft stacks) |
| Web Server | Nginx, Apache, Caddy |
| App Server | Node.js, Tomcat, Gunicorn, PM2 |
| Database | PostgreSQL, MySQL, MongoDB |
| Cache | Redis, Memcached |
| Search | Elasticsearch, Algolia |
| SendGrid, AWS SES, Mailgun | |
| Payment | Razorpay, PayU, Stripe SDK |
| Analytics | Google Analytics, Mixpanel, Adobe Analytics |
| CRM | Salesforce, Zoho, HubSpot |
| Marketing automation | MoEngage, CleverTap, Braze |
| Customer support | Freshdesk, Zendesk, Intercom |
| Monitoring | Datadog, New Relic, Grafana, Sentry |
| Logging | ELK stack, Splunk |
---
Hardware requirements (or cloud equivalents)
| Component | Need | Cloud equivalent |
|---|---|---|
| Web servers | Multiple, behind load balancer | AWS EC2 / Auto Scaling |
| Database | High RAM, fast SSD | AWS RDS / Aurora |
| Cache | High RAM | AWS ElastiCache |
| Storage | Large, durable for images/videos | AWS S3 |
| Backup | Off-site, automated | S3 + Glacier |
| CDN | Global edge presence | CloudFront / Cloudflare |
| Networking | Load balancers, firewalls | AWS ALB, Cloudflare |
Almost no modern e-commerce buys physical hardware. Cloud is the default.
---
Choosing the right approach — heuristic
Annual GMV target Tech team size Recommended approach
─────────────────────────────────────────────────────────────
< ₹1 crore Solo / no dev Shopify, WooCommerce, Sell on marketplace
₹1–10 crore 2-5 devs Shopify Plus, BigCommerce, Magento Open
₹10–100 crore 10+ devs Magento Commerce, Salesforce, custom
> ₹100 crore 50+ devs Custom stack, headless, microservices
---
Key Terms — Lesson 2.1
The vocabulary below recurs at every stage of an e-commerce build and on practically every paper that asks about the build process.
Strategic Planning — The first stage of a project where the founders or sponsors decide why the system exists and who it serves. Outputs include vision statement, target audience definition, value proposition, revenue model, and budget. Most failed e-commerce launches are failures of strategic planning, not engineering — the product is built well but solves the wrong problem.
System Analysis — The activity of capturing what the system must do before deciding how to build it. The deliverable is a Software Requirements Specification (SRS) that lists functional requirements (features the system performs) and non-functional requirements (qualities the system must have — performance, security, scalability).
Functional Requirement (FR) — A statement of a behaviour the system must perform. "The system shall allow a registered user to add a product to the cart" is a functional requirement. FRs are typically organised by user role and by user journey.
Non-Functional Requirement (NFR) — A statement of a quality attribute — performance ("checkout response under 2 seconds at p95"), availability ("99.9% uptime"), scalability ("100K concurrent users"), security ("PCI-DSS compliance"), accessibility ("WCAG 2.1 AA"). NFRs decide architecture; FRs decide features.
High-Level Design (HLD) vs Low-Level Design (LLD) — HLD describes the macro architecture — major services, data stores, integration points, and how they interact. LLD describes the internals of each component — classes, methods, database schemas, API contracts, sequence diagrams. HLD answers "what are the boxes?"; LLD answers "what is inside each box?".
Three-Tier Architecture — The classical e-commerce layout with a presentation tier (the browser/app), an application tier (business logic — auth, catalog, cart, checkout services), and a data tier (databases, caches, search indices). Each tier can be scaled independently; the boundaries also act as security and team-ownership boundaries.
API (Application Programming Interface) — A defined contract that lets one piece of software call another. Modern e-commerce APIs are almost always REST (HTTP+JSON, resource-oriented) or GraphQL (single endpoint, client picks fields). Internal services, mobile apps, partner integrations, and webhook callbacks all flow through APIs.
Build vs Buy — The single most important strategic technology decision in e-commerce. "Build" means writing your own stack; "buy" means using a SaaS platform (Shopify, BigCommerce) or licensed software (Magento Commerce, Salesforce Commerce Cloud); "open-source" sits in between. The right choice depends on scale, differentiation needs, technical capacity, and time-to-market.
SaaS / IaaS / PaaS — The three cloud service models. SaaS (Software-as-a-Service) — vendor-hosted application; you log in and use it. Examples: Shopify, BigCommerce, Salesforce. PaaS (Platform-as-a-Service) — vendor-hosted runtime; you deploy code. Examples: Heroku, Vercel, AWS Elastic Beanstalk. IaaS (Infrastructure-as-a-Service) — vendor-hosted hardware; you manage OS and everything above. Examples: AWS EC2, Azure VMs.
Headless Commerce — A modern architecture pattern where the storefront frontend (the user-visible UI) is decoupled from the commerce backend (catalog, cart, checkout). Communication is via APIs. The benefit is the freedom to build distinctive UIs (React, Next.js, mobile, even smart speakers) on top of a reliable, well-tested commerce engine. Notable headless platforms: commercetools, Saleor, Medusa, BigCommerce Headless.
Microservices — An architectural style where the application is split into many small, independently deployable services, each owned by a small team and communicating over APIs or message queues. Amazon famously runs ~10,000 microservices. Microservices buy independent scaling and faster team velocity at the cost of operational complexity (more moving parts, harder debugging).
Auto-Scaling — A cloud feature where the number of application servers automatically increases or decreases in response to load (CPU, requests per second, queue depth). Auto-scaling is what makes "Big Billion Day" possible: you start with 50 servers, grow to 500 during peak, return to 50 afterwards, and pay only for what you used.
Load Testing / Stress Testing — Performance testing that simulates concurrent users to see how the system behaves under load. Load testing validates the system at the EXPECTED peak (e.g., Black Friday). Stress testing pushes the system beyond expected peak (10×, 50×) to find the breaking point and how it degrades.
Deployment Strategies — How new code goes to production safely. Blue-Green runs two parallel environments (blue = live, green = new); switching traffic from one to the other is instantaneous, and rollback is one DNS flip. Canary releases the new version to a tiny slice (1%) of traffic first, expands to 10%, 25%, 100% if metrics stay healthy. Rolling replaces servers a few at a time. Feature Flags decouple deployment from release — code ships, but the new feature stays dark behind a toggle until explicitly turned on.
PCI-DSS (Payment Card Industry Data Security Standard) — A mandatory compliance standard for any site that handles credit/debit-card data. Twelve requirements covering network security, encryption, access control, monitoring, and policy. Most modern Indian e-commerce avoids the full burden by tokenising card data — Razorpay/PayU hold the card; the merchant holds only a token.
OWASP Top 10 — The Open Web Application Security Project's ten most critical web-application risks: injection (SQL/NoSQL), broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting (XSS), insecure deserialisation, vulnerable components, insufficient logging. Every e-commerce security audit and penetration test checks against this list.
Sandbox — A simulated, non-production version of an external API used for testing. Payment gateways (Razorpay sandbox), logistics APIs (Shiprocket test mode), and SMS gateways all provide sandboxes where you can send fake transactions to verify integration without moving real money or messages.
ONDC (Open Network for Digital Commerce) — A 2022 Government of India network that defines open protocols for discovery, ordering, and fulfilment so that a buyer using any app (Paytm, PhonePe, Magicpin) can transact with a seller listed on any other app (JioMart Seller, ONDC Mitra, MyStore). ONDC is to commerce what UPI is to payments — a public network that prevents any one company from owning the rails.
---
Study deep
- Most failures are planning failures, not technical failures. Most e-commerce startups die from wrong audience, wrong pricing, or wrong unit economics — not bad code. Strategic planning matters more than tech-stack choice.
- Shopify is the SMB default for a reason. Beautifully designed, mature platform, ~10K third-party apps, hosted and secured. ~₹2,000/month entry-level. Most brands under ₹10 crore GMV should start here, not custom-build.
- Custom is required for scale. Flipkart famously rewrote its stack 3 times — from PHP to Python to Java microservices. Amazon migrated from monolith to ~10,000 microservices. At scale, off-the-shelf platforms become bottlenecks.
- The headless commerce wave. Modern brands separate the frontend (React/Next.js) from the backend (commercetools, Saleor) — get the benefits of SaaS reliability with the flexibility of custom UI. India: Shopify Hydrogen, Saleor, Plasmic.
- ONDC is reshaping India. Open Network for Digital Commerce (UPI-style network for commerce) decouples buyer apps from seller apps. A Paytm user can buy from a JioMart seller. Aiming to do for commerce what UPI did for payments.
PYQ pattern: "Explain the steps in building an e-commerce site." — 5 stages (Planning, Analysis, Design, Build, Test); list 2-3 sub-tasks per stage; mention build-vs-buy decision.
PYQ pattern: "Compare SaaS, open-source and custom-built e-commerce platforms." — Three-row table (best-for, cost, control, examples); recommend by scale (use the heuristic).