Skip to content

Glossary

Terms that show up across the backend, the dashboards, and the POS.

  • ADMIN plane - the operator-facing side (/admin/*), authenticated as a PlatformUser in the central database. Never sends a Tenant-ID header.
  • TENANT plane - the business-facing side, authenticated as an AppUser in a tenant’s own database. Sends a Tenant-ID header on every request.
  • PlatformUser - an operator account in the central database.
  • AppUser - a business-staff account inside a single tenant’s database.
  • Tenant - one business. Has its own isolated database and its own users.
  • Central database - the platform’s own database; tracks tenants, platform users, and provisioning state.
  • Shared tier - many tenants in one database, one schema and one restricted role each.
  • Dedicated tier - a tenant with a database of its own.
  • Graduation - promoting a shared tenant to the dedicated tier, optionally onto a different server.
  • Server pool - the set of database servers tenants can be placed on.
  • Capability / module - a per-tenant feature entitlement, read from GET /capabilities. A disabled module answers 403 module_disabled.
  • Permission - a verb-based right, read from GET /me/permissions and re-checked server-side on every request.
  • Money-as-string - money is a quoted decimal string on the wire, never a number or float.
  • Plane audience - the JWT audience that binds a token to one plane; a token from the other plane is rejected.
  • Offline-first - the POS operates against a local database and syncs when it can reach the backend.
  • Client id / idempotency key - a client-generated id used as the server-side primary key, so a re-sent operation is a no-op instead of a duplicate.
  • Needs-attention - the queue of parked operations (conflict, rejected, terminal) surfaced for manual resolution.
  • Drain - the process of sending queued local operations to the backend in order.