Layer · 01
Tenant resolver
Decodes the magic-link JWT into a tenant context. Cached for the session window.
// signed jwt → tenant context
decode(token)
→ tenant: 'acme'
→ role: 'manager'
→ exp: +14d
- Time
- 3.0ms
- Cache
- hit
- Issuer
- SendGrid
Gateway gives every customer, partner, dealer, or location their own branded portal — wired into your CRM, ERP, and accounting. Magic-link login, code-defined access rules, tenant-level data isolation. Fully managed by RevenuePoint.
Magic-link auth · code-defined rules · tenant-level isolation.
Pick a tenant — see the portal swap.
Three traps. One missing layer.
Every portal you build there is a Salesforce-only object, a Salesforce-only license, and a Salesforce-only roadmap. The day your business needs SAP, NetSuite, or a custom system in the same view, you're looking at a rebuild.
A bespoke Next.js portal plus auth plus connector plus permission rules plus theming is a four-to-six-month engineering project. The team that built it isn't the team that maintains it. Twelve months later, the upgrades stop.
Off-the-shelf portal SaaS markets multi-tenancy at the UI layer while sharing one database underneath. One bug, one misconfigured permission rule, and tenant A sees tenant B's records. The headlines write themselves.
4–6 months
typical custom portal build before launch
$60K+/yr
minimum Experience Cloud license cost at scale
0
portals where shared-DB SaaS keeps tenant A from seeing tenant B
Gateway is the portal layer that fixes all three at once.
Three layers of a multi-tenant portal.
One pluggable connector model. Salesforce first, SAP next, anything after.
Tenants, views, and access rules — all defined in TypeScript.
Each tenant on its own subdomain, with its own brand, in days.
Below: each layer of Gateway, up close.
TENANTS
Pick a tenant. Watch the subdomain change, the connection swap, the access rule rewrite, the brand color follow. Each tenant, isolated by design. Each tenant, branded their way. One Gateway deployment, every tenant on its own everything.
Tenant configuration
Subdomain
acme.portal.revenuepoint.com
Connection
Salesforce
Access rule
Active Contacts on Account: Acme Corp
Brand color
#1A56DB
Access rule (TypeScript)
access: (email) => isActiveContact(email, 'Acme Corp')
VIEWS
The pages your tenants actually see. Pick a view type to preview it rendered with the active tenant's data.
TABLE
Sortable, filterable, paginated views over any connected object — cases, orders, claims, invoices, anything.
Sample config
casesTable({
label: 'Open Cases',
filter: { Status__c: 'Open' },
columns: ['CaseNumber', 'Subject', 'Priority', 'LastModifiedDate'],
actions: ['view', 'comment'],
})Case
| Case # | Subject | Status | Amount | Updated |
|---|---|---|---|---|
| CS-10481 | Pallet shipment damaged on arrival | New | — | 12 min ago |
| CS-10479 | Wrong SKU shipped on PO 88241 | In Progress | $4,820 | 2 hours ago |
| CS-10472 | Replacement freight quote needed | Awaiting Customer | $1,140 | Yesterday |
| CS-10465 | Tier-2 escalation: missed delivery window | Escalated | — | 2 days ago |
| CS-10458 | Refund processed; awaiting credit memo | Resolved | $2,300 | 3 days ago |
CONNECTIONS
Salesforce first. SAP next. Anything after. Pick a connector to see the supported objects, capabilities, and the path data takes through Gateway.
Source
Live traceRequest lifecycle
Total 17.5ms·req_SALESF
Request
GET /portal/metrics
jwt · 1.2 KB
Resolver
tenant=acme
3.0ms · cache hit
Rules
2/2 allow
1.1ms · matched
Salesforce
Account.read
9.5ms
Response
200 OK
3.9ms · 1 view
Inside Gateway core
Three layers · server-sideLayer · 01
Decodes the magic-link JWT into a tenant context. Cached for the session window.
// signed jwt → tenant context
decode(token)
→ tenant: 'acme'
→ role: 'manager'
→ exp: +14d
Layer · 02
Code-defined per tenant. Evaluated server-side on every read and write.
// rule.ts
tenant === 'acme'
&& obj === 'Account'
&& fields.read(['name', 'amount'])
Layer · 03
Append-only, content-addressed. Every read, every write, every change.
Streaming · last 5 events · tenant scope only
Manifest
Auth
OAuth 2.0 / Connected App or Service User
Operations
Objects
Wired into the systems you already run on
Need a connector we don't list? Tell us →
AUTH & ACCESS
No passwords to leak, no admin UI to misconfigure. Tenants only get a link if a code-defined rule says they should — and the link only works once.
Hover to pause · click any step to jump.
Sign in to acme.portal.revenuepoint.com
We'll email you a one-time link. No password required.
CONFIGURATION
No admin console. No click-ops. The tenant config is TypeScript — typed, reviewable in pull requests, deployable like any application.
tenants/acme.ts
One file per tenant. Domain, connection, auth, views, theme — all here, all typed, all in Git. Click a block to see what it does.
export default defineTenant({ domain: 'acme.portal.revenuepoint.com', connection: salesforce({ instanceUrl: process.env.ACME_SF_URL, auth: { type: 'service-user', secretRef: 'acme/sf-svc' }, }), auth: { provider: magicLink({ sendgridKey: process.env.SENDGRID_KEY }), access: (email) => isActiveContact(email, 'Acme Corp'), }, views: [ casesTable({ label: 'Open Cases', filter: { Status__c: 'Open' } }), recordDetail({ sobject: 'Case', layout: 'portal-default' }), recordForm({ label: 'New Case', sobject: 'Case' }), ], theme: { logo: '/tenants/acme/logo.svg', primaryColor: '#1A56DB', }, })
Security & Compliance
Gateway is built for companies that have to answer hard security questions about who sees what. Tenant scoping is enforced at the edge, magic-link tokens have short lifetimes, sessions live server-side, and every action — issuance, login, read, write — lands in the audit log.
99.9%
Tenant uptime SLA · per region
<15min
Magic-link TTL · configurable per tenant
12mo
Default audit-log retention · longer on request
0
Cross-tenant data leaks since first deployment
Audit specifics, certification status, and SLAs are confirmed at contract. For tenant-specific security questions, contact [email protected].
Most portal options are tied to one CRM, share data underneath, or take six months to build. Gateway is fully managed by RevenuePoint, multi-tenant by design, connects to every CRM and ERP you run on, and ships under flat per-tenant pricing.
| Capability | Gateway | Salesforce Sites | Experience Cloud | Custom-built | Generic SaaS |
|---|---|---|---|---|---|
| Multi-tenant by design | ✓ | — | Limited | Varies | ✓ |
| Connects to non-Salesforce systems | ✓ | — | — | ✓ | Limited |
| Magic-link auth (no passwords) | ✓ | — | Limited | Varies | Varies |
| Code-defined access rules | ✓ | — | — | ✓ | — |
| Tenant-level data isolation | ✓ | Limited | Limited | Varies | Varies |
| Per-tenant theming | ✓ | Limited | ✓ | ✓ | Limited |
| Versioned config in Git | ✓ | — | — | ✓ | — |
| Fully managed service | ✓ | ✓ | ✓ | — | ✓ |
| Predictable per-tenant pricing | ✓ | Limited | — | — | Varies |
| Live in 4 weeks | ✓ | Varies | — | — | Varies |
i
We learn your tenant model, your source systems, your access rules, and the views your tenants need. No scope surprises — we quote based on what's actually there.
ii
A RevenuePoint engineer writes the tenant configs, wires the connectors, defines the access rules, and themes each tenant. Reviewed with you in pull requests.
iii
Subdomains live, TLS provisioned, magic-link login enabled. Walk-through with your team. From here, RevenuePoint runs the framework end-to-end.
iv
New tenants, new views, new connectors — your single point of contact handles change requests. Monthly reviews; quarterly roadmap conversations.
Thirty minutes with a RevenuePoint architect. We walk through a working tenant — connected to your CRM and ERP — scope your tenant model, and quote a path to live.