Multi-Tenant Platform Architecture
One codebase serving biodiversity and governance platforms with URL-based routing, company isolation, and shared authentication.
Key Results
Client
Enterprise SaaS Client
Industry
Sustainability & ESG
Location
Europe
Overview
The product serves two distinct platforms—biodiversity assessment and governance compliance—across many company tenants. Users might have access to biodiversity, governance, or both, depending on their company and profile.
Rather than maintaining separate applications, we built a unified architecture where platform and company access are enforced at the middleware and decorator level, keeping one codebase, one deployment, and zero data leakage between tenants.
Architecture Overview
The Challenge
Platform Routing
The app needed to determine which platform a request targets from the URL and enforce that the user has access to it—without separate deployments.
Company Isolation
Users should only see data for companies they’re assigned to—not a filtered view, but complete invisibility of other companies’ data.
Consistent Auth
Both platforms share the same user accounts and authentication—no separate logins or duplicate user tables.
Our Solution
Architecture Overview
URL Router
Path-based platform detection
Access Control
Company + platform decorator
Shared Models
Same Company & User tables
URL-Based Platform Detection
Governance routes are mounted first (/governance/dashboard/...), giving them priority. All other paths default to biodiversity. Middleware reads the path and sets request.platform before any view runs.
Company + Platform Decorator
A single decorator checks both company membership (via roles and assignments) and platform access (via profile flags). Three outcomes: proceed, 403 for wrong company, or 403 for disabled platform with a link to enabled platforms.
Shared Tenant Model
Both platforms use the same Company and User models. No cross-app joins, no duplicate tenant tables—governance queries the same company_id as biodiversity.
Graceful 403 Pages
Wrong-company and disabled-platform errors show different templates with helpful context—no generic ‘forbidden’ walls. Users see which platforms they have access to.
Performance Metrics
Transaction Throughput
Response Time Distribution
2
Platforms
1
Codebase
Zero
Data Leaks
Shared
Authentication
Technology Stack
Backend
- Django
- Python 3.11
- Django Middleware
Data
- PostgreSQL
- Django ORM
- Shared Models
Infrastructure
- Azure App Service
- Single Deployment
- Profile Flags
Outcomes & Impact
Business Impact
- One deployment serves both biodiversity and governance platforms
- Platform access controlled per-user via profile flags, changeable without code
- Shared authentication eliminates duplicate login flows and user management
Technical Achievements
- Route priority ensures governance URLs are never caught by biodiversity routes
- Middleware sets request.platform early—views branch on it without re-resolving
- Single decorator handles authentication, company access, and platform access
Security
- Users see only their assigned companies—complete tenant isolation
- Cross-tenant data access is impossible at the query level
- Graceful 403 pages with helpful context instead of generic forbidden walls
“The multi-tenant architecture gave us the flexibility to launch a second platform without doubling our infrastructure or team. The isolation guarantees give our enterprise clients the confidence they need.”
Product Director
Enterprise Client
Related Case Studies
Dual-Queue Task System
Zero-infrastructure background processing with dual-queue architecture handling heavy GEE analysis alongside lightweight tasks without Redis or Celery.
GDPR Audit Logging
Middleware-based audit system automatically capturing login, logout, data access, modification, and deletion for every request.
Security Middleware Stack
Defense-in-depth request hardening with size limits, injection logging, brute-force tracking, and rate limiting—all without external services.
Ready to build something similar?
Let's discuss how we can apply the same engineering excellence to your project.