Skip to main content
The dashboard is the control plane for tenants and tenant applications. Use it to create apps, assign plans, select a license region, and configure optional storage for your tenant.

Main Concepts

Tenant

A tenant represents one organization boundary.
  • it owns apps, plans, billing, and users
  • tenant status affects whether tenant apps can issue tokens

App

Each tenant can create one or more apps.
  • each app gets its own client_id and client_secret
  • each app is tied to one license region at creation time
  • each app can optionally have its own S3-compatible storage configuration
  • each app can be enabled or disabled independently

Plan

A plan defines the monthly usage and feature entitlements available to an app.
  • plans are assigned per app
  • a usable plan adds the entitlements claim to the app token
  • a missing plan does not block token issuance
  • a retired plan blocks token issuance

License Region

License regions are host-managed records used during app creation.
  • app creation validates the region code
  • the selected region must have an active region database
  • the resolved DbCode is stamped onto the app

Storage

Apps can optionally use a tenant-owned S3-compatible storage backend.
  • storage is configured per app
  • the platform uses the stored credentials on your behalf
  • your application still retrieves results through the API

Demo UI

The Demo UI is a tenant-facing workspace for manual testing.
  • one Demo UI workspace is connected to one tenant application
  • you paste that app’s credentials into the workspace
  • it is meant for demos and validation, not production backend traffic

Security Model

Apps can store up to three allowed domains.
  • domains are normalized before storage
  • wildcards are rejected
  • localhost with an optional port is allowed
  • when present, allowed domains are added to the issued access token as claims

Token Issuance Model

Tenant apps use OAuth 2.0 client_credentials against the token endpoint.
  • the token endpoint is /connect/token
  • access token lifetime is configured to 15 minutes
  • the token includes tenant, app, region, and database claims
  • if the app has a usable plan, the token also includes entitlements
Typical M2M claims include:
  • tenantid
  • appId
  • licenseRegionCode
  • dbCode
  • allowed_domain_1, allowed_domain_2, allowed_domain_3
  • entitlements when a usable plan is assigned

Suggested Reading Order

If you are new to the platform, read these next:
  1. Onboarding
  2. App Setup and Credentials
  3. Demo UI
  4. Authentication
  5. Billing
  6. License Regions
Last modified on April 28, 2026