Skip to content
The Booking Kit

Multi-Tenancy

Multi-tenancy lets you build platforms where multiple organizations share a single The Booking Kit deployment with full data isolation.

Organization RBAC

Section titled “Organization RBAC”

Roles

Section titled “Roles”
RoleDescription
ownerFull access, can delete the organization
adminManage providers, event types, settings
memberView and manage own schedule

Permissions

Section titled “Permissions”
import { getRolePermissions, roleHasPermission, assertOrgPermission, TenantAuthorizationError } from "@thebookingkit/core";


const permissions = getRolePermissions("admin");
// Returns: OrgPermission[] — e.g., ["manage_providers", "manage_event_types", "view_analytics"]


roleHasPermission("member", "manage_providers"); // false


// Assert in an API handler — throws TenantAuthorizationError if denied
assertOrgPermission(currentUser, "manage_event_types");

Cascading settings

Section titled “Cascading settings”

Settings resolve in priority order: event type > provider > organization > global defaults.

import { resolveEffectiveSettings, GLOBAL_DEFAULTS } from "@thebookingkit/core";


const effective = resolveEffectiveSettings(
  eventTypeSettings,    // Highest priority
  providerSettings,
  orgSettings,
  GLOBAL_DEFAULTS,      // Fallback
);


// Returns: ResolvedSettings
// Each field comes from the most specific level that defines it

Settings structure

Section titled “Settings structure”
interface OrgSettings {
  defaultTimezone?: string;
  defaultCurrency?: string;
  defaultBufferBefore?: number;
  defaultBufferAfter?: number;
  requiresConfirmation?: boolean;
  maxAdvanceDays?: number;
  minimumNoticeMinutes?: number;
}

Tenant scoping

Section titled “Tenant scoping”

Ensure queries are scoped to the current organization:

import { assertTenantScope } from "@thebookingkit/core";


// Throws if the resource doesn't belong to the user's organization
assertTenantScope(booking.organizationId, currentUser.organizationId);

Booking URLs

Section titled “Booking URLs”

Generate and parse organization-scoped booking URLs:

import { buildOrgBookingUrl, parseOrgBookingPath } from "@thebookingkit/core";


buildOrgBookingUrl("acme-corp", "dr-smith", "consultation");
// "/org/acme-corp/dr-smith/consultation"


parseOrgBookingPath("/org/acme-corp/dr-smith/consultation");
// { orgSlug: "acme-corp", providerSlug: "dr-smith", eventTypeSlug: "consultation" }