Skip to content
You are reading Codefi Orchestrate development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

How to make requests in a multi-tenant environment

Prerequisites

Setting the Tenant ID

When using multi-tenancy, all client requests require an authorization token (JWT) used to identify and authorize the caller.

In production, the custom claim used to generate the JWT is provided by an identity provider such as Auth0. The custom claim specifies a tenant_ID, a value indicating the authorized tenant. Its value can be:

  • The string _, which grants access only to resources available to all tenants (public resources).

  • A specific tenant name, which grants access to the tenant identities and keys, plus the public resources belonging to tenant _.

  • The string *, which grants access to all resources regardless of restriction (this is like root access, so be careful using it).

When receiving a request, once the server has successfully performed standard checks on the JWT, it extracts the tenant_ID and a X-Tenant-ID header that is optionally set by the client indicating the tenant to impersonate. The combination of these two values determines to whose resources access is granted, as shown in the following table (using foo and bar as example tenant names):

tenant_ID X-Tenant-ID Read access Write access
foo empty foo, _ foo
foo bar (invalid) n/a n/a
foo foo foo foo
foo _ _ _
foo * (invalid) n/a n/a
* empty all tenants, _ _
* foo foo foo
* _ _ _
* * all tenants, _ _

Make a request

Simply pass the Bearer token as part of the Authorization header when doing an HTTP call or fill the authToken parameter when using the JS SDK.

Example

curl --location --request GET 'https://orchestrate.consensys.net/chains' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiaHR0cHM6Ly9hdXRoMC5jb20vYXBpL3YyLyJdLCJleHAiOjE2MjAzODM3NDEsImlhdCI6MTYyMDI5NzM0MSwiaXNzIjoiT3JjaGVzdHJhdGUiLCJqdGkiOiIzY2Q5OWY5NC0zNTZjLTRmYjUtOTI5MS1hNTMyOTM5NTFkMTkiLCJuYmYiOjE2MjAyOTczNDEsIm9yY2hlc3RyYXRlLmluZm8iOnsidGVuYW50X2lkIjoiZm9vIn0sInNjcCI6WyJyZWFkOnVzZXJzIiwidXBkYXRlOnVzZXJzIiwiY3JlYXRlOnVzZXJzIl0sInN1YiI6ImUyZS10ZXN0In0.eMPFfdLTAutD1TFEhbpWxBwhTVewmn1NFjZl6opNheX7JJqzRgWzTgeK28QiIUjLa3kpBHA5vQZk6xjIHs-q1jcXCHn1PzmBaJYljuHd_gcL60RCFI-OsDW8GHxdXdiFanITe-Py-aTzXrXjnKJMQwdoOTXwMmmYUzKG54ETbSIHkyLM6RKwipV217KT6qqibChcua5bVeR7Bz0d5WbOb9ESImMLbw298Ka4YDatjcSoQ6mf_GQLWBjZ_C8fkwW8wPX2BsSdGkmBeH25HAW-MTYsBuQtG8MHY5SNhj0n-bb5m6lVQ7yAn8IsnKvIWQy9JfvgbpFF4qkR8tqurQJoVg'
const authToken = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiaHR0cHM6Ly9hdXRoMC5jb20vYXBpL3YyLyJdLCJleHAiOjE2MjAzODM3NDEsImlhdCI6MTYyMDI5NzM0MSwiaXNzIjoiT3JjaGVzdHJhdGUiLCJqdGkiOiIzY2Q5OWY5NC0zNTZjLTRmYjUtOTI5MS1hNTMyOTM5NTFkMTkiLCJuYmYiOjE2MjAyOTczNDEsIm9yY2hlc3RyYXRlLmluZm8iOnsidGVuYW50X2lkIjoiZm9vIn0sInNjcCI6WyJyZWFkOnVzZXJzIiwidXBkYXRlOnVzZXJzIiwiY3JlYXRlOnVzZXJzIl0sInN1YiI6ImUyZS10ZXN0In0.eMPFfdLTAutD1TFEhbpWxBwhTVewmn1NFjZl6opNheX7JJqzRgWzTgeK28QiIUjLa3kpBHA5vQZk6xjIHs-q1jcXCHn1PzmBaJYljuHd_gcL60RCFI-OsDW8GHxdXdiFanITe-Py-aTzXrXjnKJMQwdoOTXwMmmYUzKG54ETbSIHkyLM6RKwipV217KT6qqibChcua5bVeR7Bz0d5WbOb9ESImMLbw298Ka4YDatjcSoQ6mf_GQLWBjZ_C8fkwW8wPX2BsSdGkmBeH25HAW-MTYsBuQtG8MHY5SNhj0n-bb5m6lVQ7yAn8IsnKvIWQy9JfvgbpFF4qkR8tqurQJoVg'
const chain = await chainRegistry.registerChain(chainRequest, authToken);

Tip

The Quorum Developer Quickstart showcases usage of the multi-tenancy.

ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can obtain paid professional support by Consensys at orchestrate@consensys.net