Tesserra
CONCEPTS

Organization

An Organization is the platform's administrative boundary: it defines billing, identity, and resource ownership. Equivalent to an account or tenant on other platforms.

Structure

Each Organization has:

  • a unique slug and display name;
  • an active plano (Starter, Pro, Business, or Enterprise contract);
  • a reserved monthly AI token quota;
  • optionally a vertical that filters available AI agents;
  • a list of members (users) and API keys;
  • Projects, Domains, mailboxes, and files;
  • an associated Stripe subscription and invoice history.

Isolation

An Organization's resources are isolated from other customers:

  • files live in sandboxed directories under /var/lib/tessera/files/<tenant_id>/, with path validation and per-Organization quota;
  • access JWTs carry tenant_id and the API rejects calls that attempt to access another Organization's data;
  • API keys are scoped to one Organization — there is no mechanism to authorize a key across multiple.

Platform operators have separate administrative access for support and billing. Every administrative action is recorded in the audit log.

Roles

The current role model is fixed:

  • admin — platform operator. Not assigned to customers.
  • gestor — Organization owner. Can invite members, change plan, cancel subscription, and manage API keys.
  • cliente — member. Can create Projects, manage resources, domains, email, and files. No access to billing or other members.

Custom roles with granular permissions are planned. Today, additional separation is achieved by creating separate Organizations.

API keys

Each key has:

  • mandatory scope, e.g. agentes, proxy-ollama;
  • optional expiration date;
  • visible prefix and hashed secret. The secret is returned only at creation time;
  • last use and last IP recorded, shown in the console.
curl -X POST https://tesserra.io/api/tenants/atual/api-keys \
  -H "Authorization: Bearer $TESSERRA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "nome": "ci-build", "escopo": "agentes" }'

To invalidate a compromised key, use the revogar action. Revocation is immediate; usage history is preserved for audit.

Billing

Each Organization has one active subscription at a time, processed via Stripe in BRL, USD, or EUR. Token overage is reported as an additional invoice line item. Details in Plan, tokens, and quota.

Previous
Quickstart
Next
Plan, tokens, and quota
Documentation · Tesserra