Tenant Context
Tenant-Based Data Isolation: A Guide to Using X-Cobra-TenantId Header
Introduction
At cobra, we prioritize data security and isolation, and our approach involves organizing customer data into distinct units known as “Tenants”. Each Tenant acts as an independent container, holding all Customer Relationship Management (CRM) data in isolation. Additionally, users and access management are strictly tied to each Tenant. This guide outlines the significance of our Tenant-based architecture and how to interact with our APIs using the X-Cobra-TenantId header.
Understanding Tenants
CRM Data Isolation
Tenants provide a clear boundary for CRM data, ensuring that information related to one customer or entity is segregated from another. This isolation enhances data privacy and security, meeting the diverse needs of our clients.
User and Access Management
User accounts and access controls are managed at the Tenant level. This means that each Tenant has its own set of users, and permissions are granted based on the specific requirements of that Tenant. This model offers fine-grained control over who can access and modify data within a given Tenant.
Interacting with APIs Using X-Cobra-TenantId Header
To access data of a specific Tenant through our APIs, it is essential to include the X-Cobra-TenantId
header in every request. This header serves as the key identifier, allowing our system to route the request to the appropriate Tenant and enforce the associated access controls.
Example API Request
Here's an example of how to include the X-Cobra-TenantId
header in an API request:
GET /api/v1/resource
X-Cobra-TenantId: your_tenant_id
Replace your_tenant_id
with the actual Tenant identifier for the specific CRM data you intend to access.
Security and Compliance
This Tenant-based approach enhances security and compliance measures, as it ensures that data is accessed and managed in alignment with the rules and regulations governing each Tenant. It also enables auditing and tracking of activities on a per-Tenant basis.
Best Practices
Secure Handling of Tenant Identifiers: Treat Tenant identifiers with care and securely manage them to prevent unauthorized access.
Consistent Usage of Headers: Ensure that the
X-Cobra-TenantId
header is consistently included in all API requests requiring Tenant-specific data.User Authentication per Tenant: Authenticate users within the context of the specific Tenant they are associated with to maintain the integrity of the isolation model.
Conclusion
Our Tenant-based data isolation model, coupled with the use of the X-Cobra-TenantId
header, provides a robust and secure framework for managing CRM data. This approach aligns with our commitment to data privacy, security, and compliance. If you have any questions or require assistance in working with our Tenant-based architecture, feel free to reach out to our support team. Happy coding!