Multi-tenant SaaS applications are a tricky beast. From the outside, they look like a single product, but underneath the surface, they’re hosting data and configurations for dozens, hundreds, sometimes thousands of separate organisations. Every request that hits the backend has to know which tenant it belongs to and what data it should be allowed to touch. When that boundary is enforced cleanly...