★ OverviewAdvanced11 min
Authentication & Multi-Tenancy
Securing multi-tenant agent systems: user authentication, per-user tool permissions, session isolation, API key management, and tenant-scoped data access.
Quick Reference
- →Authenticate users before agent access: OAuth 2.0 for web apps, API keys for programmatic access, JWT tokens for session management
- →Implement tenant isolation at the state level: namespace checkpoints, memory, and store data by tenant ID
- →Per-user tool permissions: restrict which tools each user can access based on their role or subscription tier
- →Session isolation ensures one user's conversation cannot read or modify another user's agent state
- →API key rotation and scoping: issue keys with expiration dates and limit each key to specific agents or actions
Multi-Tenant Architecture
Multi-tenancy = shared infrastructure, isolated data
A multi-tenant agent system runs one deployment that serves many users or organizations, with strict isolation guaranteeing that tenant A can never access tenant B's conversations, state, or tool results.
Multi-tenant isolation: auth, routing, namespaced state, row-level security
Tenant isolation must be enforced at three layers: authentication (who is this user?), authorization (what can they do?), and data (which state do they see?). Relying on application-layer checks alone is fragile -- a single missing filter leaks data across tenants.
| Isolation Layer | Mechanism | Failure Mode |
|---|---|---|
| Authentication | OAuth 2.0 / JWT / API key | Missing auth lets anonymous users access any tenant |
| Authorization | RBAC / per-user tool permissions | Overly broad roles grant access to admin-only tools |
| Data | Namespaced state + row-level security | Missing tenant_id filter returns all tenants' data |
| Network | Tenant-scoped API routes | Shared endpoints without tenant context in headers |