Architecture

Tenant isolation

Flux runs on Alloy's Bulkhead architecture. Every organisation gets completely isolated infrastructure — not shared tables with row-level filtering, but genuinely separate resources:

• Dedicated database — a separate database instance per tenant
• Dedicated compute — isolated container processes with enforced resource limits
• Dedicated storage — isolated namespace for content and snapshots
• Network boundaries — network policies prevent any cross-tenant communication

When a new tenant is provisioned, the orchestration pipeline creates all resources automatically in under 60 seconds.

This means a noisy neighbour can never affect your performance, and a security incident in one tenant cannot propagate to another.

Authentication

Flux uses Shopify OAuth for interactive sessions and API keys for programmatic access.

• Shopify OAuth — used for dashboard sessions. Flux establishes both long-lived app tokens (for background operations) and short-lived user tokens (for interactive use).
• API keys — scoped to specific permissions and paired to a tenant. Used for CI/CD, scripts, and integrations.

See API authentication for details on API key usage.

Observability

• Audit logging — every action (sync, deployment, configuration change, login) is logged with the actor, timestamp, and result
• Request correlation — each request gets a correlation ID that flows through all downstream operations
• Error tracking — real-time error monitoring and alerting

Audit logs can be exported as CSV for external analysis and compliance review.

Next steps

• Learn about permissions and access control
• Read about the API for programmatic access
• Understand the test harness and quality assurance