Skip to main content
Every resource in Synq — orders, products, inventory, integrations, and team members — belongs to a Tenant. A Tenant represents your organization’s fully isolated workspace on the platform. No data ever crosses tenant boundaries, which means your catalog, transactions, and settings remain completely private to you regardless of how many other organizations use Synq.

What is a Tenant?

When you sign up for Synq, the platform provisions a Tenant for your account. Think of it as a sealed container: everything you create lives inside it, and nothing leaks out. You interact with your Tenant through the API and the dashboard — the isolation is enforced automatically on every request.

Isolated by default

Data stored under your Tenant is never visible to another Tenant. No request from another organization can reach your records.

Scoped to your organization

Your Tenant contains one or more Organizations. Each Organization manages its own team members and roles within that isolated space.

Tenant ID format

Your Tenant ID is a UUID v4 string — 32 hexadecimal characters grouped by hyphens: 
a3f8c120-4e72-4b91-9d63-1c5e7a09bf44
You can find your Tenant ID in the Synq dashboard under Settings → General → Tenant Information.
Copy your Tenant ID from the dashboard and store it alongside your API key in your environment configuration. You may need it when configuring integrations, webhooks, or support requests.

How Synq identifies your Tenant on every request

Synq uses your authentication token to determine which Tenant and Organization a request belongs to. When you obtain a token (through the dashboard or the auth flow), it contains your Tenant ID and Org ID as embedded claims. You do not need to pass separate identity headers — the token carries all the context Synq needs to route and scope your request correctly. Every authenticated call to the Synq API requires a valid Bearer token: 
curl https://api.synq.io/api/v1/products \
  -H "Authorization: Bearer <your-token>"

const response = await fetch("https://api.synq.io/api/v1/products", {
  method: "GET",
  headers: {
    Authorization: `Bearer ${token}`,
  },
});

import requests

headers = {
    "Authorization": f"Bearer {token}",
}

response = requests.get("https://api.synq.io/api/v1/products", headers=headers)
If the token is missing, expired, or does not contain a valid Tenant ID, the API returns 401 Unauthorized or 403 Forbidden.
Never hard-code your API token in source code. Always read it from environment variables or a secrets manager to avoid accidentally exposing it in version control.

Tenant isolation guarantees

1

Every request is scoped at authentication

When you authenticate, Synq reads the Tenant and Organization identity from your token. Requests that attempt to access resources outside that scope are rejected immediately.
2

All data is partitioned by Tenant

Every record in Synq is associated with your Tenant. Queries automatically return only records that belong to your Tenant — there is no way to accidentally retrieve another tenant’s data.
3

Events carry tenant identity

When Synq emits an event (an order created, a product updated), that event is tagged with your Tenant ID. Your webhooks only ever receive events originating from your own Tenant.

Frequently asked questions

Yes. Some enterprises use separate Tenants for staging and production, or for distinct business units. Each Tenant is billed and managed independently. Contact your account manager to provision additional Tenants.
The API returns 403 Forbidden. Your authentication token is bound to a specific Tenant, so requests will always be scoped to that Tenant regardless of what you pass elsewhere.
Your Org ID is available in the dashboard under Settings → General → Tenant Information, directly below your Tenant ID. See Organizations for more detail.