> ## Documentation Index
> Fetch the complete documentation index at: https://docs.trueparser.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Dashboard Overview

> Core control plane concepts for tenants, apps, plans, regions, storage, and token issuance.

The dashboard is the control plane for tenants and tenant applications.

Use it to create apps, assign plans, select a license region, and configure optional storage for your tenant.

## Main Concepts

### Tenant

A tenant represents one organization boundary.

* it owns apps, plans, billing, and users
* tenant status affects whether tenant apps can issue tokens

### App

Each tenant can create one or more apps.

* each app gets its own `client_id` and `client_secret`
* each app is tied to one license region at creation time
* each app can optionally have its own S3-compatible storage configuration
* each app can be enabled or disabled independently

### Plan

A plan defines the monthly usage and feature entitlements available to an app.

* plans are assigned per app
* a usable plan adds the `entitlements` claim to the app token
* a missing plan does not block token issuance
* a retired plan blocks token issuance

### License Region

License regions are host-managed records used during app creation.

* app creation validates the region code
* the selected region must have an active region database
* the resolved `DbCode` is stamped onto the app

### Storage

Apps can optionally use a tenant-owned S3-compatible storage backend.

* storage is configured per app
* the platform uses the stored credentials on your behalf
* your application still retrieves results through the API

### Demo UI

The Demo UI is a tenant-facing workspace for manual testing.

* one Demo UI workspace is connected to one tenant application
* you paste that app's credentials into the workspace
* it is meant for demos and validation, not production backend traffic

## Security Model

Apps can store up to three allowed domains.

* domains are normalized before storage
* wildcards are rejected
* `localhost` with an optional port is allowed
* when present, allowed domains are added to the issued access token as claims

## Token Issuance Model

Tenant apps use OAuth 2.0 `client_credentials` against the token endpoint.

* the token endpoint is `/connect/token`
* access token lifetime is configured to 15 minutes
* the token includes tenant, app, region, and database claims
* if the app has a usable plan, the token also includes `entitlements`

Typical M2M claims include:

* `tenantid`
* `appId`
* `licenseRegionCode`
* `dbCode`
* `allowed_domain_1`, `allowed_domain_2`, `allowed_domain_3`
* `entitlements` when a usable plan is assigned

## Suggested Reading Order

If you are new to the platform, read these next:

1. [Onboarding](/dashboard/onboarding)
2. [App Setup and Credentials](/dashboard/app-setup)
3. [Demo UI](/dashboard/demo-ui)
4. [Authentication](/dashboard/authentication)
5. [Billing](/dashboard/billing)
6. [License Regions](/dashboard/license-regions)
