Automatic provisioning runs only when
MULTI_TENANT_ENABLED=true. In single-tenant deployments, products use a single pre-configured database and skip this lifecycle entirely.The provisioning lifecycle
Onboarding a tenant moves through five stages. Each stage builds on the previous one, ending with a tenant that is fully isolated and ready to serve traffic.
Tenant creation
A tenant is created with its identity and metadata. At this point the tenant exists as an identity only — the value the
tenantId JWT claim will resolve to — but has no infrastructure attached yet.Service registration
Each product the tenant will use is registered as a service under that tenant — for example, Midaz Ledger or Tracer. The service registration declares the isolation mode (
DATABASE or SCHEMA) and the configuration the platform needs to provision and reach the tenant’s resources.Automatic provisioning of infrastructure
Registering a service triggers provisioning of the isolated infrastructure for that tenant:
- PostgreSQL — a dedicated database (in
DATABASEmode) or a dedicated schema (inSCHEMAmode) for relational data. - MongoDB — an isolated database for document data such as metadata.
- RabbitMQ — isolated messaging resources (virtual host / queues) for the tenant’s asynchronous events.
Migrations
Once the infrastructure exists, the platform runs the product’s schema migrations against the tenant’s new database or schema. This brings the tenant’s storage to the exact schema version the product expects, so a freshly provisioned tenant is structurally identical to every other tenant on that product.
Start of operation
With infrastructure provisioned, credentials vaulted, and migrations applied, the service is marked ready. The product can now resolve the tenant from its JWT, open an isolated connection, and begin serving requests. From this point the tenant operates exactly as described in Multi-tenancy.
What gets provisioned
| Resource | Purpose | Isolation |
|---|---|---|
| PostgreSQL | Relational data — organizations, ledgers, accounts, transactions, balances, rules, limits. | Dedicated database (DATABASE mode) or dedicated schema (SCHEMA mode). |
| MongoDB | Document data such as metadata. | Dedicated database per tenant. |
| RabbitMQ | Asynchronous events and inter-service messaging. | Isolated virtual host / queues per tenant. |
| Credentials | Access to the resources above. | Unique per tenant, stored in the credentials vault. |
Why provisioning is centralized
Previously, provisioning logic lived only inside individual product scopes (such as the Matcher). Centralizing it through the platform layer means:
- Consistency — every product provisions a tenant the same way, with the same isolation guarantees and the same migration discipline.
- One onboarding path — adding a tenant to a new product is a service registration, not a bespoke database setup.
- Auditability — tenant and service lifecycle is tracked in one place rather than scattered across products.
Related pages
Use cases
The tenant and service entities that drive provisioning.
Multi-tenancy
How isolation modes and tenant scoping work.
Security
Credential vaulting, rotation, and per-tenant resource limits.
Use cases
Choosing an isolation mode for your deployment.