Multi-Tenant Architecture

The platform operates under a strict multi-tenant architecture. Each Client represents an independent organization integrated with the platform. Data, configuration, and permissions are isolated per Client. Cross-tenant access is not permitted unless explicitly authorized.

Platform Hierarchy

The platform follows a defined entity hierarchy:

Client
→ Product
 → Card
  → Cardholder

Client
An organization integrated with the platform.

Product
A card configuration defined under a Client.

Card
A payment instrument issued under a Product.

Cardholder
The individual associated with a Card.

All entities are scoped to a Client.

Role Structure

Access is governed by defined roles.

Developer
Technical integrator calling the platform APIs using application credentials.

Backoffice Rep
Client-scoped operational user responsible for managing card-related activities.

Client Admin
Client-scoped administrative role with elevated privileges.
Admin-level operations require explicit authorization.

Global Admin
Cross-tenant administrative role with elevated privileges.
Admin-level operations require explicit authorization.

Access Boundaries

Access control is enforced through:

• Application provisioning

• Token-based authentication

• Role-based authorization

A Client-scoped token cannot access another Client's resources.

Administrative capabilities are restricted and granted only when required.

Responsibility Separation

The platform provides:

• Card infrastructure

• Security capabilities (tokenization, 3DS)

• Operational controls

• Transaction retrieval

Clients are responsible for:

• Wallet and ledger management

• Balance accounting

• Business logic and end-user applications