Overview
The tenant resolution chain diagram maps the 8-step priority-ordered resolution process across swimlanes. Steps span request context, authentication, network, URL routing, and configuration. The resolver returns the first valid result — network and header steps cross-validate against the authenticated caller.
Key takeaways
- SystemJob step has highest priority — CAP consumers bypass HTTP auth
- Header and Path steps cross-validate with the authenticated caller to prevent spoofing
- HostSubdomain uses a configurable mapping from
HostTenantMap - SingleTenantDefault is the lowest-priority fallback for single-tenant deployments
Related
- Multi-tenancy deep dive — detailed resolution internals
- Request Lifecycle — where resolution fits in the pipeline