I am working on a multiTenant app. I have made some test-apps to practice and that went all fine. Tho now I have set-up an app where all the tables are protected and use REST-calls to manipulate or fetch data. But now I am facing the issue that my multiTenancy ain't working like I want to. It is showing all the data when a structure is returned, it doesn't filter by Tenant ID anymore. Is there a way to get it back to work or will I have to filter my data in the rest-calls by tenantID?

Thanks in advance!

I don't believe that you can do this automatically with REST calls. The automatic tenant is based on the tenant associated with the user that is logged in. That context is lost through REST calls.

Hi Roemer,

As Stacey as said the tenant is associated with the user logged in. So in the REST call you loose it.

Thus, if in your case you have the TenantId exposed then you have to filter by TenantId.

If not, then you can use the TenantSwitch (action from System) to switch to the corresponding tenant depending on the request. This will change the context to the tenant that you pass as input parameter.



Hi Roemer, you can also have a look at OAuth2 Provider forge component, which allows you to use the OAuth2 standard to propagate which user is invoking the REST API.

The TenantSwitch is handled automatically by the OAuth2 Provider component, so you can rely on your APIs being invoked on the context of the correct tenant. OAuth2 also has some standard support for security and access control, and interoperates quite nicely with clients in any technology.

Or you could implement authentication in your REST endpoint. Set the authentication to basic and that will create an OnAuthentication event. In there call User_Login and optionaly check any roles you want. This will then proceed with the rest of the REST call as a fully authenticated user in the correct tenant.