System metadata
Tenant registry, plan entitlements, subscription state, license state, and system health
information. This metadata is separate from contract content.
Tenant data
A tenant’s operational data: contracts, payments, dynamic fields, workflow, files, and
tenant-scoped audit. Every tenant-scoped row carries a tenant boundary.
tenantSlug.
How this shows up in the API
A tenant access token (scope: "tenant") carries tenantId, roleCode, and subjectScope as
claims and can only call tenant-scoped endpoints. There is no separate tenant header to set,
and tokens are not interchangeable across tenants — see Authentication.
Administration layers
| Layer | Role examples | Responsibility | Data boundary |
|---|---|---|---|
| Tenant | tenant admin and other tenant roles | Members, subjects, fields, workflow, saved views, files, export policy | Limited to the current tenant |
| Workspace | tenant member / viewer roles | Day-to-day contract work | Governed by role and workflow permissions |
Applications map to this split
| Application | Plane | Audience |
|---|---|---|
apps/deals | Tenant | Business users doing daily contract work |
apps/console | Tenant | Tenant admins managing their own organization |
apps/api | Tenant and system services | The shared backend behind the product and direct API integrations |
Tenant creation
Tenants are created through an Alforse onboarding process or by redeeming a code (POST /auth/redeem). There is no public “sign up with just an email” path in production.
See Plans & Editions for how codes and plans relate, and
Quickstart to get started.