← Back to blog

How ValidonX Multi-Tenancy Works

At ValidonX, every customer gets their own isolated database. Here's how we built it and why database-per-tenant was the right choice for a licensing platform.

Why Database-Per-Tenant?

There are three common approaches to multi-tenancy: shared database with a tenant column, shared database with separate schemas, and separate databases. We chose separate databases for three reasons:

  • Complete data isolation — a bug in one tenant's query can never leak data from another
  • Independent scaling — enterprise tenants can have their database on dedicated hardware
  • Simple backup/restore — restore a single tenant without affecting others

The 12-Stage Provisioning Pipeline

When a new tenant is created, our provisioning pipeline executes 12 deterministic, idempotent stages:

  1. Validate the tenant record exists and is in "provisioning" status
  2. Create the tenant database (vx_tenant_company_xxxx)
  3. Run tenant-specific migrations (license_keys, activations, entitlements, usage)
  4. Seed configuration defaults (timezone, limits, branding)
  5. Initialize subscription linked to selected plan
  6. Seed plan-specific entitlements
  7. Initialize usage counters to zero
  8. Set branding defaults
  9. Generate HMAC-SHA256 hashed API key
  10. Create webhook endpoint placeholder
  11. Emit TenantProvisioned audit event
  12. Health check and status update to "active"

Every stage is idempotent — if provisioning fails midway, retrying picks up where it left off. Each stage logs its outcome to the audit trail for observability.

Tenant Resolution

Every API request is routed to the correct database via middleware. For the Integration API, we hash the X-API-Key header with HMAC-SHA256 and look it up in the platform database. The matching tenant's database connection is then activated for the duration of the request.

Rate Limiting Across Tenants

Our multi-layer rate limiter ensures one tenant can't degrade the platform for others. Layer 1 limits per-API-key (per minute), Layer 2 limits per-tenant aggregate (monthly), and Layer 3 applies endpoint-specific limits. Enterprise tenants with unlimited plans bypass monthly quotas.

What's Next

We're building toward multi-region deployment and horizontal scaling architecture, which will allow tenants to be distributed across geographic regions for data residency compliance and lower latency.

We use essential cookies for authentication and session management. Privacy Policy