All blueprints
SaaS Platformsmoderate complexity

Multi-Tenant SaaS Starter Architecture

Production-ready architecture for multi-tenant SaaS applications with authentication, billing, team management, and tenant isolation.

7

Components

5

Considerations

3

Alternatives

moderate

Complexity

Fit

When this blueprint fits

And when to walk away from it

When to use this

You are building a B2B product where multiple organizations sign up, invite team members, pay per seat or usage, and expect their data to stay isolated from other tenants. This blueprint assumes a single application instance with shared infrastructure and per-tenant data boundaries enforced at the database layer.

When NOT to use this

Skip this if you have a single-tenant enterprise deployment, or if regulatory requirements force per-customer infrastructure isolation. In those cases the cost and complexity of a shared-tenancy stack outweighs the operational savings.

Architecture

System components

Key building blocks of this architecture, layered from infrastructure up.

01

Authentication Layer

Handles user identity, sessions, and multi-factor flows for every tenant. I default to NextAuth with database sessions so I can revoke tokens server-side and tie sessions to a tenant ID at the moment of sign-in. SSO via SAML or OIDC tends to land within the first six months of any serious B2B build, so I wire the abstraction in early even if I only ship email/password at launch. See the NextAuth setup playbook for the exact wiring I use.
NextAuth.jsOAuth 2.0JWTSAML
02

Multi-tenancy Layer

Shared PostgreSQL with row-level security so every query is automatically scoped to the current tenant. I prefer a single shared schema with a tenant_id column on every table, RLS policies as the safety net, and an application-layer guard for performance. Schema-per-tenant is tempting until you have 200 tenants and every migration takes an hour. Walk through the multi-tenant playbook for the full pattern, including how I handle noisy-neighbor isolation.
PostgreSQLRLSPrismaDrizzle
03

Billing System

Subscriptions, metered usage, proration, tax, and dunning. Stripe Billing carries most of this for me, but the integration is never trivial. I keep a local subscriptions table that mirrors Stripe state so my UI does not depend on a live API call, and I drive everything off webhooks with idempotency keys. Compare provider options in Stripe vs Adyen.
Stripe BillingWebhooksMeteringTax
04

Team Management

Workspaces, invitations, roles, and audit logs. The model I keep coming back to is: a User can belong to many Workspaces, each membership has a role, and permissions are derived from role plus optional per-resource grants. Invitations are a tokenised row in the database with an expiry, not a magic JWT. Common across SaaS products of every size.
RBACInvitationsAudit LogsCasbin
05

API Layer

A versioned HTTP API with rate limits, API key management, and OpenAPI documentation. I usually start with Next.js route handlers and graduate to a dedicated service only when latency or deployment cadence demands it. Rate limiting at the edge using a Redis token bucket keeps abuse cheap to handle. See the API security playbook.
Next.js Route HandlersRedisOpenAPIZod
06

Background Jobs

Long-running work, scheduled tasks, and webhook fan-out belong outside the request path. I reach for Inngest or a simple BullMQ queue on Redis depending on observability needs. Treat jobs like APIs: typed payloads, retries with exponential backoff, idempotency, and dead-letter queues for the ones that keep failing.
InngestBullMQRedisCron
07

Observability

Logs, traces, and metrics tagged with the tenant ID so support requests resolve in minutes instead of hours. I wire OpenTelemetry into the API layer and ship to whichever backend the team already pays for. The non-negotiables are: request ID propagation, structured logs, and an error tracker like Sentry with source maps.
OpenTelemetrySentryDatadogAxiom

Planning

Critical considerations

The things I have learned the hard way and would not skip on the next build.

Decide your tenancy isolation level on day one. Shared schema with row-level security is the default I recommend for 95% of SaaS, but if you are selling into healthcare or fintech your buyers may demand schema or database-per-tenant. Migrating later is painful but not impossible.
Bake compliance scaffolding in early. SOC 2 audit logs, GDPR data export and deletion, and a clean permissions model take weeks if you build them up front and months if you retrofit. The audit log alone has saved me on three engagements.
Design billing for the edge cases first. Upgrades, downgrades, prorations, trial extensions, paused subscriptions, and seat-based vs usage-based pricing collide in ugly ways. Model your subscription state machine before you write the Stripe code.
Plan for a noisy neighbour. A single tenant running a 10 million row export can take down everyone else if you do not have per-tenant rate limits and query timeouts. Set hard caps in the database and graceful caps in the API layer.
Treat the admin panel as a first-class product. Customer support will use it more than your users use the main app, and a thoughtful internal tool removes 80% of escalations to engineering. See the related internal tools blueprint.

Options

Alternative approaches

Where I would consider a different shape entirely, with the trade-offs spelled out.

Alternative 01
Clerk or WorkOS for managed auth if you want to skip the auth provider integration entirely and focus on product. Trade-offs in Supabase vs Firebase.
Alternative 02
Supabase as a backend-in-a-box for fast MVPs. Excellent for your first 18 months, then you start outgrowing the abstractions. Pair with the MVP service.
Alternative 03
Neon or PlanetScale instead of vanilla PostgreSQL when you need branching databases per pull request or global distribution. The branching alone is worth the switch for teams shipping daily.

Implementation

Related playbooks

Step-by-step guides for the harder parts of this architecture.

Multi-Tenant SaaS Architecture

Multi-tenancy is one of the highest-leverage architectural decisions in a SaaS, and almost impossible to fix later. This playbook is the model I use to design tenant isolation that scales from ten customers to ten thousand: shared schema with row-level isolation, tenant-scoped routing, configuration, billing, and an admin layer that lets you operate the platform without breaking customer trust.

Read playbook

Setting Up Authentication with Next.js

Authentication is the part of an app that has to be boring. This is the exact sequence I follow to bolt secure auth onto a Next.js project without inviting weird edge cases six months later. It covers provider choice, database design, session handling, route protection, and the small UI details that decide whether a login flow feels trustworthy or sketchy.

Read playbook

Securing Your API Endpoints

API security is not a sprinkle of middleware, it is a layered set of defenses where any one missing layer opens the door. This is my full checklist for hardening API endpoints: authentication, rate limiting, validation, CORS, audit logging, and the response headers that mitigate the long tail of browser-side attacks. Used on every production API I have shipped.

Read playbook

In practice

Related case studies

Where I have applied this blueprint to real builds and what changed in practice.

SaaS Platform Performance Overhaul

Complete performance overhaul of a B2B SaaS platform that was losing customers due to slow load times and reliability issues.

View case study

Monolith to Modular Platform Migration

Migrated a Series C SaaS off a brittle Rails monolith onto a modular services architecture, behind feature flags, with zero customer-visible downtime.

View case study

Thinking

Related insights

Essays where I argue the trade-offs behind the choices in this blueprint.

Choosing a Tech Stack for Your Startup

There's no universal 'best' stack. Here's a framework for making technology choices based on your specific constraints, team, and stage.

Read essay

Mistakes I Made as a First-Time Startup CTO

A candid look at the technical and leadership mistakes I made leading engineering at my first startup, and what I'd do differently.

Read essay
Need a partner on this?

Need help implementing this blueprint?

I help teams adapt blueprints like this to their specific requirements and ship from planning through production.

Start a projectGet in touch

Next up

E-commerce | complex complexity

E-commerce Platform Architecture

Scalable e-commerce architecture with product catalog, cart, checkout, order management, and inventory that survives flash sales without melting.

SaaS Platforms

More in this category

Other blueprints with overlapping concerns.

moderate

Mobile Backend Architecture

Backend architecture optimized for mobile applications with offline support, efficient sync, and push notifications across platforms.

7 components
simple

Internal Tools Architecture

Architecture for building internal tools and admin dashboards with rapid development, strong access control, and audit trails that satisfy compliance.

7 components
Next

E-commerce Platform Architecture