Multitenancy

The platform implements multitenancy based on the concepts Service and SubService. Service corresponds to the top-level grouping, typically associated to tenants. Within each service, a given tenant can set several subservices. For example, tenants may represent cities (e.g. Madrid, Paris, London, etc.) and subservices within a tenant may represent the different vertical areas in that city (lightning, transport, health, etc.).

Authentication and authorization is based on service and subservices. In other words, user/roles access are per service and subservice. For example, you can define that a given user has read permissions in all subservices of a given service, but only modification permissions in a subset of such subservices.

Service and subservice are supported in platform APIs. In particular, service and subservice are specified by the Fiware-Service and Fiware-ServicePath HTTP header respectively. Using these headers, a given request (e.g. an entity creation request using the Data API) can be scoped in a particular service and subservice.

The following syntax rules apply to service:

• Only alphanumeric characters and underscores (_) are allowed.
• Maximum length is 50 characters.
• If uppercase characters are used, they are converted to lowercase.

The following syntax rules apply to subservice:

• It must start with the / character.
• Maximum length is 50 characters.
• Only alphanumeric characters and underscores (_) are allowed (apart from the initial /).
• It is interpreted in a case-sensitive way.