Skip to content
You are reading Codefi Orchestrate development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Updated on December 13, 2021

Configure multi-tenancy

Codefi Orchestrate supports separation of resources in namespaces called “tenants” with the use of JSON Web Tokens. Orchestrate is not an identity provider and does not generate JWTs. Use an identity provider such as Auth0 to generate JWTs.

To make requests in a multi-tenant environment, specify the JWT in the request header.

Follow these steps to configure multi-tenancy when starting [Orchestrate Gateway API].


Configure each microservice using microservice-specific environment variables. Command line options are also available and take precedence over environment variables.


Environment variable Command line option Description
MULTI_TENANCY_ENABLED multi-tenancy-enabled Indicates whether to use multi-tenancy. The default is false.
AUTH_JWT_ISSUER_URL auth-jwt-issuer-url JWT issuer server domain (for example,
AUTH_JWT_AUDIENCE auth-jwt-audience Expected audience (aud field) of the JWT tokens.
AUTH_JWT_ORCHESTRATE_CLAIMS auth-jwt-orchestrate-claims Path to the orchestrate claims in the JWT.

Configuration: Machine-to-machine authentication

In multi-tenancy mode, you should set an API key used for secure communication between internal Orchestrate microservices, bypassing the JWT authentication.


It is not recommended using the API key to communicate with [Orchestrate Gateway API]. See how to use multi-tenancy for more details.

Environment variable Command line option Description
AUTH_API_KEY auth-api-key Key used for authentication.

Orchestrate Gateway API

ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can obtain paid professional support by Consensys at [email protected]