Tools Dashboard — Multi-Tenant SaaS Admin Platform
14 services behind a Kong gateway with WAF, tiered rate limits, and an app-library that SSOs into registered apps
This wasn't a single app — it was a platform for a family of apps. One identity provider, one admin surface, one gateway, four databases, and a registry that let authenticated users launch into any registered app without logging in again.
I architected it as 14 containerized services with a strict feature-isolation contract: every feature carried its own 'feature.yaml' contract, a pure 'domain.py' with no I/O, and an 'infrastructure.py' for external integration. The backend orchestrated; it owned no business logic.
The Problem
The team was building several internal products, each of which needed its own auth, its own user model, and its own admin surface — which meant users logging in five times and engineers rebuilding the same plumbing five times.
The required surface was broad: a public-facing app, an admin panel, an auth service, a WebSocket service for real-time updates, background workers, and a registry that tracked which features belonged to which service. Traditional monolithic architecture couldn't meet the scaling requirement; naive microservices couldn't meet the "don't rebuild auth five times" requirement.
The Approach
A Kong 3.4 API gateway at the front door with JWT validation, a Web Application Firewall (SQL-injection, XSS, path-traversal rules), and tiered rate limits (60 / 600 / 10,000 req/min by plan). Behind it, FastAPI services: one for the public API, one for auth, one for WebSockets, one for the feature registry, and Celery workers for background jobs.
Auth combined Google OAuth, email/password with bcrypt cost 12 and a HaveIBeenPwned breach check, and TOTP 2FA enforced for admins — with single-use refresh rotation and CSRF tokens on every state-changing call.
Four data stores, each with a job: PostgreSQL for accounts and structured data, Cassandra for time-series events and an audit trail partitioned by user/tenant, Redis for cache and pub/sub fan-out, and SeaweedFS for S3-compatible object storage. The WebSocket service was engineered for 10,000 connections per server with a 10-msg/sec/user cap.
The standout piece was the App Library: users browse registered apps as cards, click one, and get auto-authenticated into the remote app via an OAuth redirect — making Tools Dashboard a mini identity provider for the whole product family.
The Outcome
A production-ready multi-service platform with unified auth, real-time updates across 14 services, and a single sign-on launcher for every app in the family. Every service shipped a per-service 'CONTEXT.md' and a feature-contract file, which is the reason a 14-service platform stayed navigable instead of collapsing into a sprawl.
Engineered against hard targets: GET under 100ms cached / 500ms uncached, POST under 1s, file upload under 5s, WebSocket up to 10,000 connections per node. WCAG 2.1 AA on the front end.
Key Takeaway
Microservices don't fail because of the services — they fail because of the seams. Feature contracts ('feature.yaml'), per-service 'CONTEXT.md', and one gateway that owns rate limits and WAF are what kept 14 services readable.
Ready to Build Your Platform?
One 30-minute call to see if we're a fit. No pitch. No pressure. Just a conversation about what you need to build.
$20K–$25K for an MVP. $30K–$80K for a full platform. Fixed price, milestone-gated. 50% upfront.