FEATURES

Tenants

Top-level account boundary for billing, RBAC, and API scoping.

Overview

Top-level account boundary for billing, RBAC, and API scoping.

Who should use this

Anyone building multi-customer SaaS on StartupCore.

Core concepts

Each user may belong to one tenant context per session (tenantId in JWT). Tenant types: customer, internal, agency, marketplace_seller.

Setup

Register via org portal → POST /tenants with name/slug → GET /tenants/current.

Required entitlement

Core — no separate feature flag.

Required permissions

tenant.view, tenant.update (Owner/Admin).

REST API

GET /me, GET /tenants/current, POST /tenants, GET/PATCH /tenants/{tenantId}.

SDK (@startupcore/api-client)

startupCore.tenants.getCurrent(), startupCore.tenants.create({ name, slug }).

Security notes

Never expose tenant secrets in the browser for server integrations.

Troubleshooting

UNAUTHORIZED — refresh Cognito access token via your portal BFF /api/auth/refresh or re-login.