Using JWT tokens to secure multi-tenant applications.
As a SaaS or consumer app developer, securing your multi-tenant data application is one of your main tasks. Propel offers a simple, yet powerful, solution using Access Policies and JWT tokens.
Here’s how to implement multi-tenant access control for your app:
Create a single, dynamic access policy
Instead of creating a separate policy for each tenant, define one policy with dynamic filtering:
Creating an Access Policy for multi-tenant access control
Creating an Access Policy for multi-tenant access control
—
This policy uses ${{ tenant_id }}
as a placeholder, which will be filled with the actual tenant ID at runtime.
Generate tenant-specific JWT tokens
When a user logs in, mint a JWT token that includes their tenant ID:
Use the token for data queries
When querying Propel’s API, include this token in the Authorization header. Propel will automatically apply the correct tenant filter.
By following this approach, you can efficiently secure your multi-tenant application, ensuring that each customer only accesses their own data while minimizing the overhead of policy management.
Using JWT tokens to secure multi-tenant applications.
As a SaaS or consumer app developer, securing your multi-tenant data application is one of your main tasks. Propel offers a simple, yet powerful, solution using Access Policies and JWT tokens.
Here’s how to implement multi-tenant access control for your app:
Create a single, dynamic access policy
Instead of creating a separate policy for each tenant, define one policy with dynamic filtering:
Creating an Access Policy for multi-tenant access control
Creating an Access Policy for multi-tenant access control
—
This policy uses ${{ tenant_id }}
as a placeholder, which will be filled with the actual tenant ID at runtime.
Generate tenant-specific JWT tokens
When a user logs in, mint a JWT token that includes their tenant ID:
Use the token for data queries
When querying Propel’s API, include this token in the Authorization header. Propel will automatically apply the correct tenant filter.
By following this approach, you can efficiently secure your multi-tenant application, ensuring that each customer only accesses their own data while minimizing the overhead of policy management.