Skip to main content

Multi-Tenancy Architecture

SureStage uses a shared-database, schema-per-service approach with tenant isolation enforced at the application layer.

Tenant Isolation Model

How It Works

JWT contains tenant context - tenantId and tenantSlug are embedded in the JWT
TenantGuard extracts context - Sets req.tenantId on every request
Services filter by tenant - All queries include WHERE company_id = tenantId
Indexes enforce performance - All tables have indexes on company_id

Tenant Switching

Users who belong to multiple organizations can switch tenants:

POST /auth/switch-tenant { tenantSlug: "acme-corp" }

This issues a new JWT scoped to the target organization.

Data Isolation Guarantees

No cross-tenant data leakage in queries
API keys are scoped to a single organization
Audit logs are tenant-isolated
Redis cache keys are tenant-prefixed

Tenant Isolation Model
How It Works
Tenant Switching
Data Isolation Guarantees