The dashboard is the control plane for tenants and tenant applications.
Use it to create apps, assign plans, select a license region, and configure optional storage for your tenant.
Main Concepts
Tenant
A tenant represents one organization boundary.
- it owns apps, plans, billing, and users
- tenant status affects whether tenant apps can issue tokens
App
Each tenant can create one or more apps.
- each app gets its own
client_id and client_secret
- each app is tied to one license region at creation time
- each app can optionally have its own S3-compatible storage configuration
- each app can be enabled or disabled independently
Plan
A plan defines the monthly usage and feature entitlements available to an app.
- plans are assigned per app
- a usable plan adds the
entitlements claim to the app token
- a missing plan does not block token issuance
- a retired plan blocks token issuance
License Region
License regions are host-managed records used during app creation.
- app creation validates the region code
- the selected region must have an active region database
- the resolved
DbCode is stamped onto the app
Storage
Apps can optionally use a tenant-owned S3-compatible storage backend.
- storage is configured per app
- the platform uses the stored credentials on your behalf
- your application still retrieves results through the API
Demo UI
The Demo UI is a tenant-facing workspace for manual testing.
- one Demo UI workspace is connected to one tenant application
- you paste that app’s credentials into the workspace
- it is meant for demos and validation, not production backend traffic
Security Model
Apps can store up to three allowed domains.
- domains are normalized before storage
- wildcards are rejected
localhost with an optional port is allowed
- when present, allowed domains are added to the issued access token as claims
Token Issuance Model
Tenant apps use OAuth 2.0 client_credentials against the token endpoint.
- the token endpoint is
/connect/token
- access token lifetime is configured to 15 minutes
- the token includes tenant, app, region, and database claims
- if the app has a usable plan, the token also includes
entitlements
Typical M2M claims include:
tenantid
appId
licenseRegionCode
dbCode
allowed_domain_1, allowed_domain_2, allowed_domain_3
entitlements when a usable plan is assigned
Suggested Reading Order
If you are new to the platform, read these next:
- Onboarding
- App Setup and Credentials
- Demo UI
- Authentication
- Billing
- License Regions
Last modified on April 28, 2026