SD
Back to Projects

Case Study

SaaS-Based ERP Platform

Multi-Tenant SaaS Architecture

Architected a 6-service multi-tenant ERP platform with tenant provisioning, billing controls, RBAC, and gateway-based shard routing serving multiple business tenants.

ASP.NET CoreEF CorePostgreSQLNext.js 15ViteRedux ToolkitSignalRDockerAWS ECRGitHub Actions

Role

Backend and platform engineer with architecture ownership across all 6 services.

Business Problem

The company needed to serve multiple business clients (trading, retail, services) from a single platform without data leakage between tenants, while allowing each tenant to enable/disable modules based on their subscription. The system needed to scale horizontally — adding new tenants without redeploying existing ones — and support branch-level access control within each tenant.

Key Decisions

  • Chose subdomain-based tenant routing through a dedicated proxy API rather than shared-database multi-tenancy, ensuring complete data isolation per tenant with separate PostgreSQL databases.
  • Designed a 3-tier architecture: Admin Portal (tenant management) → Proxy API (routing + provisioning relay) → Client API instances (business logic), keeping only the proxy internet-facing.
  • Implemented a shared contracts NuGet package for cross-service event definitions, ensuring type-safe communication without tight coupling.
  • Built a shard allocation system with capacity tracking — the proxy automatically assigns new tenants to the least-loaded Client API instance.
  • Used EF Core with per-tenant connection strings resolved at runtime via middleware, avoiding the complexity of database-per-request patterns.

Architecture

  • Built a proxy gateway that routes requests to tenant-specific PostgreSQL shards based on subdomain resolution.
  • Designed domain event flows with shared contracts for cross-service module communication.
  • Implemented admin operations for provisioning, module toggles, and subscription controls.
  • Created a provisioning chain: Admin Portal → Proxy API (shard allocation) → Client API (user/role/permission seeding).
  • Built branch-level RBAC with permission caching middleware for sub-100ms authorization checks.

Architecture Diagram

SaaS-Based ERP Platform architecture diagram

Outcomes

  • Enabled scalable tenant onboarding — new tenants provisioned in under 30 seconds with full isolation.
  • Supported 18+ business domains with consistent module design and release patterns.
  • Achieved zero cross-tenant data leakage through architectural isolation rather than application-level filtering.

Measurable Impact

  • 6 independently deployable services across 3 server tiers
  • 18+ domain modules (Sales, Purchases, Stock, Accounting, Payroll, Logistics, CRM, POS, etc.)
  • 340+ EF Core migrations managed across the platform lifecycle
  • 31 API controller groups in the Client API alone
  • Sub-30-second tenant provisioning with automated role/permission seeding