SaaS Platforms
Per-Tenant API Policies Without Custom Middleware
Every tenant has different API access rights and rate limits — but writing custom middleware per tenant doesn't scale. RequestRocket enforces tenant-level policies at the proxy layer with no code.
The Challenge
Shared API Infrastructure Creates Cross-Tenant Risk
A B2B SaaS platform needed to give each tenant different levels of access to shared upstream APIs. Premium tenants had higher rate limits and access to additional endpoints; free tenants were restricted. The platform's existing approach was to encode access rules in application middleware — a fragile, hard-to-audit codebase that grew more complex with each new tenant tier.
Tenant Access Rules in Application Code
Access policies were enforced in middleware that was difficult to test, harder to change, and impossible to audit without reading the source code.
No Per-Tenant Rate Limiting
A single misbehaving tenant could exhaust the shared upstream API quota, degrading service for all other tenants with no automatic enforcement.
Cross-Tenant Bleed Risk
All tenants shared the same upstream API credential. A bug in the access control middleware could allow a tenant to access another tenant's data or endpoints.
Onboarding a New Tenant Required a Code Change
Adding a new tenant tier or adjusting an existing tenant's permissions required a code review, merge, and deployment cycle.
The Solution
Model Each Tenant as a Credential with Its Own Policy Set
The platform team used RequestRocket's control plane API to provision a RequestRocket credential for each tenant at onboarding time. Each credential is bound to a proxy with an authorization rule set and rate limit configuration matching that tenant's plan tier. Policy changes are API calls to RequestRocket — no application code changes required.
How it works
- 1
Create RequestRocket proxies for each upstream API that tenants are permitted to call, with the upstream credential stored in RequestRocket's vault.
- 2
At tenant onboarding, use the RequestRocket Developer API to create a new credential for the tenant and bind it to the proxies it is authorised to use.
- 3
Apply authorization rules per credential: free-tier credentials are restricted to read-only paths; premium credentials have full path access including write endpoints.
- 4
Configure rate limits per credential to match each tenant's plan: free tenants get 100 requests/minute, premium tenants get 1000 requests/minute, enterprise tenants get custom limits.
- 5
Use the observability API to surface per-tenant API usage metrics in the platform's admin dashboard and billing pipeline.
The Results
Measurable Impact
Complete cross-tenant access isolation
Since all access policies are enforced at the RequestRocket credential level, no tenant has been able to access endpoints or data outside its assigned scope — even during application-layer bugs.
Per-tenant rate limits enforced at the proxy layer
Every tenant's rate limit is enforced by RequestRocket before the request reaches the upstream API. A single tenant exhausting its quota no longer affects other tenants' service quality.
Tenant onboarding automated end-to-end
The platform's onboarding workflow calls the RequestRocket Developer API to create and configure the new tenant's credential automatically. No manual steps, no code deployments, no human review.
Policy changes applied without deployment
Upgrading a tenant from free to premium, adjusting a rate limit, or revoking access is a single API call to RequestRocket — changes take effect immediately with no application redeployment.
FAQ
Frequently Asked Questions
Add outbound API security
without changing code
Start on your own or talk to our team about improving the security of every API call you make.