Multi-Tenancy
The RSA Platform uses a dedicated database per retailer model. Every request is automatically routed to the correct database based on the tenant_slug claim in your JWT.
Key Identifiers
| Identifier | Type | Description |
|---|---|---|
tenant_id | UUID | Platform-level tenant (e.g., a retail chain company) |
tenant_slug | string | URL-safe slug, e.g. cardenas. Routes DB connections. |
retailer_id | UUID | A specific retailer within a tenant. Empty for platform users. |
One tenant can have multiple retailers (e.g., different store banners).
Tenant Lifecycle States
| State | Description | Effect on API |
|---|---|---|
Trial | New tenant, limited features | Normal access, feature flags may be limited |
Active | Fully provisioned and paying | Full access |
GracePeriod | Payment overdue | Warning header in responses |
Suspended | Access blocked | 402 Payment Required on all requests |
Churned | Permanently deactivated | 403 Forbidden on all requests |
If you receive a 402 Payment Required response, the tenant has been suspended. Contact the platform administrator.
Retailer Provisioning
When a new retailer is added, the Platform API asynchronously:
- Creates a dedicated SQL Server database
- Runs all EF Core migrations
- Seeds initial configuration
This is an async operation. Poll the status:
GET
/platform/api/v1/retailers/{slug}/statusSee Tenant Onboarding for the full provisioning guide.
Database Isolation
Each retailer database contains schemas for: retail, offer, loyalty, transaction, campaign, consent, notification, vendor, reporting, audit, feature.
- Your JWT's
tenant_slugdetermines which database connection is used - EF Core query filters apply an additional tenant guard as defense-in-depth
- There is no cross-retailer data access — even platform-level queries use aggregated views
Impact on Your Integration
- Include retailer context in your token by requesting the appropriate scopes
- The
tenant_slugis resolved automatically from your JWT — you do not need to pass it as a header - Multi-retailer integrations require separate tokens or separate API key registrations per retailer