A/01Architecture blueprint

A tiered hybrid stack — chosen by contract, not by code fork.

Vela eliminates the false trade-off between multi-tenant economics and enterprise-grade isolation. Every request travels the same four layers; only the database routing changes per tier.

A/02Request lifecycle

From storefront request to ring-fenced database, in four deterministic layers.

  1. 01

    API Gateway

    Edge perimeter

    TLS termination, rate limiting, global routing. Hard multi-tenant quotas prevent noisy-neighbour saturation from cascading across tiers.

  2. 02

    Tenant-Aware Authentication

    Identity & tier resolution

    Validates JWT/session, resolves subdomain → tenant_id, identifies subscription tier, and injects tenant context into the request stream.

  3. 03

    Application Logic

    Unified codebase

    Shared controllers and business logic. A tenant router interceptor picks the right database connection profile for every inbound call — no forks, no branches.

  4. 04

    Tiered Database Isolation

    Per-tenant ring-fence

    Dynamically routes to Tier 1 dedicated engines, Tier 2 isolated schemas, or Tier 3 shared tables with Row-Level Security.

A/03Database isolation matrix

Three tiers. One unified product surface.

Tier 1 · Sovereign

Database-per-tenant

Dedicated compute node · full physical isolation · unique per-tenant KMS keys

Government portals, parastatal supply chains, public entities requiring absolute data ring-fencing.

Tier 2 · Commercial

Schema-per-tenant

Shared server cluster · logical internal database schemas

Scaling regional consumer brands requiring customised table metrics and strong logical boundaries.

Tier 3 · Growth

Shared schema + RLS

Shared multi-tenant tables isolated via Postgres Row-Level Security

High-volume small merchants needing low entry costs and elastic platform scaling.

A/04Operational risk posture
Noisy-neighbour hardware saturationHighHard multi-tenant compute quotas at the gateway. Dedicated DB pool counts for distinct payment & account tiers.
POPIA data residency breach via third-party pluginCriticalCompliance Interceptor Middleware programmatically intercepts and anonymises outgoing mutation tracking streams.
Fintech channel interruption during peak hoursHighPolymorphic Failover Payment Layer detects gateway degradation and re-routes authorisation streams in real time.

Want the deep-dive whitepaper?

Request the architecture pack