Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

2.1 Planning, System Analysis, Design & Tech Stack

Lesson 8 of 21 in the free E-Commerce notes on Siksha Sarovar, written by Rohit Jangra.

2.1 Planning, System Analysis, Design & Choosing Tech Stack

The 5-stage Build Plan (Laudon)

---

Stage 1: Strategic Planning

Before any code, answer five questions:

  1. What is the business vision? (Storefront? Marketplace? Subscription? Quick-commerce?)
  2. Who is the target audience? (Geography, demographics, language)
  3. What is the value proposition? (Lowest price? Fastest delivery? Curated quality?)
  4. What is the revenue model? (Commission, subscription, ads, freemium, transaction fee)
  5. What is the budget? (Bootstrap vs ₹10 lakh vs ₹10 crore)

Revenue models in e-commerce

ModelDescriptionExample
SalesProfit on product soldAmazon retail, Flipkart
Transaction fee% of GMV transactedRazorpay (~2% per txn), Stripe
SubscriptionRecurring feeNetflix, Amazon Prime
AdvertisingDisplay ads to usersGoogle, Meta, YouTube
AffiliateReferral feeCuelinks, EarnKaro
FreemiumFree + premium tierLinkedIn, Zoom, Spotify
Marketplace commission% from each seller's saleeBay, Etsy, OLX
Listing feesFee to list productOLX paid promotions
B2B SaaSPer-seat / per-featureShopify, BigCommerce

---

Stage 2: System Analysis (Requirements)

Capture what the system must do — input to design:

Functional requirements

  • User registration, login, profile management
  • Product catalogue browse, search, filter
  • Cart management — add, update, remove
  • Checkout — address, payment, confirmation
  • Order tracking — status updates, history
  • Returns and refunds
  • Reviews and ratings
  • Admin panel — manage catalogue, orders, customers

Non-functional requirements

  • Performance — page load < 2s, 95th percentile < 4s
  • Scalability — handle 100K concurrent users, 10× peak load
  • Availability — 99.9% uptime (43 min downtime/month)
  • Security — PCI-DSS for payment data, OWASP Top 10 prevention
  • Compliance — IT Act 2000, DPDP Act 2023, GST e-invoicing
  • Accessibility — WCAG 2.1 AA
  • Localisation — Multi-language, multi-currency, regional formats
  • Mobile responsiveness — works on every screen size

---

Stage 3: System Design

Translate requirements into a buildable spec. Standard outputs:

ArtefactContent
High-Level Design (HLD)Architecture diagram, major components, data flow
Low-Level Design (LLD)Per-component details, class diagrams, sequence diagrams
Database schemaTables, relationships, indexes (covered in DBMS course)
API designREST endpoints, request/response, authentication
UI/UX wireframesScreen flows, design mocks (Figma, Sketch)
Security designAuthentication, authorisation, encryption choices

Typical e-commerce HLD (3-tier)

   Presentation Tier  →  Application Tier  →  Data Tier
   ─────────────────     ───────────────────     ────────────
   Web / Mobile App      Auth, Catalog,           Postgres,
   (React, Flutter)      Cart, Order,             Redis,
                         Payment, Search          Elasticsearch
                         services

---

Stage 4: Build / Choosing Tech Stack

The most important strategic choice: build, buy, or both.

Build vs Buy decision matrix

OptionWhen to chooseExamples
Custom (build from scratch)Large scale, unique requirements, full controlAmazon, Flipkart, Myntra
Open-sourceMid-scale, technical team, customisation neededMagento, WooCommerce, OpenCart, PrestaShop
SaaS (Software-as-a-Service)Small-mid scale, fast launch, no/limited dev teamShopify, BigCommerce, Wix Stores, Square Online
Headless commerceModern, omnichannel, decoupled UIcommercetools, Saleor, Medusa, BigCommerce Headless
Marketplace listingTest market, low costAmazon Seller, Flipkart Seller, Meesho Reseller, JioMart Seller

Popular e-commerce platforms (2024)

PlatformTypeBest ForNotable Users
ShopifySaaSSMB to mid-enterpriseAllbirds, Gymshark, FashionNova
WooCommerceOpen-source (WordPress plugin)Small business, content + commerce25%+ of all stores globally
Magento (Adobe Commerce)Open-source / SaaSMid-large enterpriseCoca-Cola, Ford
BigCommerceSaaSMid-to-largeSkullcandy, Toyota
Salesforce Commerce CloudSaaS EnterpriseLarge enterpriseAdidas, L'Oréal
commercetools / SaleorHeadlessModern brands, omnichannelAudi, Lego
JioMart MarketplaceIndia-specificIndian sellersReliance JioMart
ONDCIndia network protocolAny Indian sellerBuyer apps: Paytm, Phonepe, Magicpin

---

Stage 5: Test & Deploy

Specific to e-commerce, test:

Test TypeSpecific to E-Commerce
FunctionalFull checkout flow, payment success/failure, returns
PerformanceBig-billion-day load — 10× normal traffic, 100× search
SecurityPCI-DSS audit, OWASP scan, penetration test
MobileTest on 10+ devices, slow 3G/4G networks
Cross-browserChrome, Safari, Firefox, Edge — mobile and desktop
Payment gatewayTest with each provider's sandbox
LocalisationMulti-currency, multi-language, RTL languages
SEOCrawlability, meta tags, schema.org markup, sitemap

Deployment strategies

  • Blue-Green — two environments; switch traffic instantly
  • Canary — release to 1% of users first; expand if healthy
  • Rolling — replace servers gradually
  • Feature flags — release code but hide features behind toggles

---

Software requirements for a typical e-commerce site

CategorySoftware Examples
OSLinux (Ubuntu, RHEL) — most common; Windows Server (Microsoft stacks)
Web ServerNginx, Apache, Caddy
App ServerNode.js, Tomcat, Gunicorn, PM2
DatabasePostgreSQL, MySQL, MongoDB
CacheRedis, Memcached
SearchElasticsearch, Algolia
EmailSendGrid, AWS SES, Mailgun
PaymentRazorpay, PayU, Stripe SDK
AnalyticsGoogle Analytics, Mixpanel, Adobe Analytics
CRMSalesforce, Zoho, HubSpot
Marketing automationMoEngage, CleverTap, Braze
Customer supportFreshdesk, Zendesk, Intercom
MonitoringDatadog, New Relic, Grafana, Sentry
LoggingELK stack, Splunk

---

Hardware requirements (or cloud equivalents)

ComponentNeedCloud equivalent
Web serversMultiple, behind load balancerAWS EC2 / Auto Scaling
DatabaseHigh RAM, fast SSDAWS RDS / Aurora
CacheHigh RAMAWS ElastiCache
StorageLarge, durable for images/videosAWS S3
BackupOff-site, automatedS3 + Glacier
CDNGlobal edge presenceCloudFront / Cloudflare
NetworkingLoad balancers, firewallsAWS ALB, Cloudflare

Almost no modern e-commerce buys physical hardware. Cloud is the default.

---

Choosing the right approach — heuristic

   Annual GMV target  Tech team size      Recommended approach
   ─────────────────────────────────────────────────────────────
   < ₹1 crore         Solo / no dev      Shopify, WooCommerce, Sell on marketplace
   ₹1–10 crore        2-5 devs           Shopify Plus, BigCommerce, Magento Open
   ₹10–100 crore      10+ devs           Magento Commerce, Salesforce, custom
   > ₹100 crore       50+ devs           Custom stack, headless, microservices

---

Key Terms — Lesson 2.1

The vocabulary below recurs at every stage of an e-commerce build and on practically every paper that asks about the build process.

Strategic Planning — The first stage of a project where the founders or sponsors decide why the system exists and who it serves. Outputs include vision statement, target audience definition, value proposition, revenue model, and budget. Most failed e-commerce launches are failures of strategic planning, not engineering — the product is built well but solves the wrong problem.

System Analysis — The activity of capturing what the system must do before deciding how to build it. The deliverable is a Software Requirements Specification (SRS) that lists functional requirements (features the system performs) and non-functional requirements (qualities the system must have — performance, security, scalability).

Functional Requirement (FR) — A statement of a behaviour the system must perform. "The system shall allow a registered user to add a product to the cart" is a functional requirement. FRs are typically organised by user role and by user journey.

Non-Functional Requirement (NFR) — A statement of a quality attribute — performance ("checkout response under 2 seconds at p95"), availability ("99.9% uptime"), scalability ("100K concurrent users"), security ("PCI-DSS compliance"), accessibility ("WCAG 2.1 AA"). NFRs decide architecture; FRs decide features.

High-Level Design (HLD) vs Low-Level Design (LLD) — HLD describes the macro architecture — major services, data stores, integration points, and how they interact. LLD describes the internals of each component — classes, methods, database schemas, API contracts, sequence diagrams. HLD answers "what are the boxes?"; LLD answers "what is inside each box?".

Three-Tier Architecture — The classical e-commerce layout with a presentation tier (the browser/app), an application tier (business logic — auth, catalog, cart, checkout services), and a data tier (databases, caches, search indices). Each tier can be scaled independently; the boundaries also act as security and team-ownership boundaries.

API (Application Programming Interface) — A defined contract that lets one piece of software call another. Modern e-commerce APIs are almost always REST (HTTP+JSON, resource-oriented) or GraphQL (single endpoint, client picks fields). Internal services, mobile apps, partner integrations, and webhook callbacks all flow through APIs.

Build vs Buy — The single most important strategic technology decision in e-commerce. "Build" means writing your own stack; "buy" means using a SaaS platform (Shopify, BigCommerce) or licensed software (Magento Commerce, Salesforce Commerce Cloud); "open-source" sits in between. The right choice depends on scale, differentiation needs, technical capacity, and time-to-market.

SaaS / IaaS / PaaS — The three cloud service models. SaaS (Software-as-a-Service) — vendor-hosted application; you log in and use it. Examples: Shopify, BigCommerce, Salesforce. PaaS (Platform-as-a-Service) — vendor-hosted runtime; you deploy code. Examples: Heroku, Vercel, AWS Elastic Beanstalk. IaaS (Infrastructure-as-a-Service) — vendor-hosted hardware; you manage OS and everything above. Examples: AWS EC2, Azure VMs.

Headless Commerce — A modern architecture pattern where the storefront frontend (the user-visible UI) is decoupled from the commerce backend (catalog, cart, checkout). Communication is via APIs. The benefit is the freedom to build distinctive UIs (React, Next.js, mobile, even smart speakers) on top of a reliable, well-tested commerce engine. Notable headless platforms: commercetools, Saleor, Medusa, BigCommerce Headless.

Microservices — An architectural style where the application is split into many small, independently deployable services, each owned by a small team and communicating over APIs or message queues. Amazon famously runs ~10,000 microservices. Microservices buy independent scaling and faster team velocity at the cost of operational complexity (more moving parts, harder debugging).

Auto-Scaling — A cloud feature where the number of application servers automatically increases or decreases in response to load (CPU, requests per second, queue depth). Auto-scaling is what makes "Big Billion Day" possible: you start with 50 servers, grow to 500 during peak, return to 50 afterwards, and pay only for what you used.

Load Testing / Stress Testing — Performance testing that simulates concurrent users to see how the system behaves under load. Load testing validates the system at the EXPECTED peak (e.g., Black Friday). Stress testing pushes the system beyond expected peak (10×, 50×) to find the breaking point and how it degrades.

Deployment Strategies — How new code goes to production safely. Blue-Green runs two parallel environments (blue = live, green = new); switching traffic from one to the other is instantaneous, and rollback is one DNS flip. Canary releases the new version to a tiny slice (1%) of traffic first, expands to 10%, 25%, 100% if metrics stay healthy. Rolling replaces servers a few at a time. Feature Flags decouple deployment from release — code ships, but the new feature stays dark behind a toggle until explicitly turned on.

PCI-DSS (Payment Card Industry Data Security Standard) — A mandatory compliance standard for any site that handles credit/debit-card data. Twelve requirements covering network security, encryption, access control, monitoring, and policy. Most modern Indian e-commerce avoids the full burden by tokenising card data — Razorpay/PayU hold the card; the merchant holds only a token.

OWASP Top 10 — The Open Web Application Security Project's ten most critical web-application risks: injection (SQL/NoSQL), broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting (XSS), insecure deserialisation, vulnerable components, insufficient logging. Every e-commerce security audit and penetration test checks against this list.

Sandbox — A simulated, non-production version of an external API used for testing. Payment gateways (Razorpay sandbox), logistics APIs (Shiprocket test mode), and SMS gateways all provide sandboxes where you can send fake transactions to verify integration without moving real money or messages.

ONDC (Open Network for Digital Commerce) — A 2022 Government of India network that defines open protocols for discovery, ordering, and fulfilment so that a buyer using any app (Paytm, PhonePe, Magicpin) can transact with a seller listed on any other app (JioMart Seller, ONDC Mitra, MyStore). ONDC is to commerce what UPI is to payments — a public network that prevents any one company from owning the rails.

---

Study deep

  1. Most failures are planning failures, not technical failures. Most e-commerce startups die from wrong audience, wrong pricing, or wrong unit economics — not bad code. Strategic planning matters more than tech-stack choice.
  1. Shopify is the SMB default for a reason. Beautifully designed, mature platform, ~10K third-party apps, hosted and secured. ~₹2,000/month entry-level. Most brands under ₹10 crore GMV should start here, not custom-build.
  1. Custom is required for scale. Flipkart famously rewrote its stack 3 times — from PHP to Python to Java microservices. Amazon migrated from monolith to ~10,000 microservices. At scale, off-the-shelf platforms become bottlenecks.
  1. The headless commerce wave. Modern brands separate the frontend (React/Next.js) from the backend (commercetools, Saleor) — get the benefits of SaaS reliability with the flexibility of custom UI. India: Shopify Hydrogen, Saleor, Plasmic.
  1. ONDC is reshaping India. Open Network for Digital Commerce (UPI-style network for commerce) decouples buyer apps from seller apps. A Paytm user can buy from a JioMart seller. Aiming to do for commerce what UPI did for payments.
PYQ pattern: "Explain the steps in building an e-commerce site." — 5 stages (Planning, Analysis, Design, Build, Test); list 2-3 sub-tasks per stage; mention build-vs-buy decision.
PYQ pattern: "Compare SaaS, open-source and custom-built e-commerce platforms." — Three-row table (best-for, cost, control, examples); recommend by scale (use the heuristic).