Skip to content
You are reading Codefi Orchestrate development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Configure Multi-tenancy

Codefi Orchestrate supports separation of resources in namespaces called “tenants” with the use of JSON Web Tokens. Orchestrate is not an identity provider and does not generate JWTs, use an identity provider such as Auth0 to generate JWTs.

To make requests in a multi-tenant environment, specify the JWT in the request header.

Follow these steps to configure multi-tenancy when starting [Orchestrate Gateway API]


Configure each microservice using microservice-specific environment variables. Command line options are also available and take precedence over environment variables.


Environment Variable Command line option Description Default
MULTI_TENANCY_ENABLED multi-tenancy-enabled Whether or not to use Multi-tenancy false
AUTH_JWT_CERTIFICATE auth-jwt-certificate Certificate (public key) of the authentication service (ex: Auth0) encoded in base64
AUTH_JWT_CLAIMS_NAMESPACE auth-jwt-claims-namespace Tenant namespace to retrieve the tenant ID from custom JWT claims

Configuration: Machine-to-machine authentication

In multi-tenancy mode, you should set an API key used for secure communication between internal Orchestrate microservices, bypassing the JWT authentication.


It is not recommended using the API key to communicate with [Orchestrate Gateway API]. See how to use multi-tenancy for more details.

Environment Variable Command line option Description Default
AUTH_API_KEY auth-api-key Key used for authentication false

Orchestrate Gateway API

ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can obtain paid professional support by Consensys at