Common Integration Patterns

← Back to Platform Architecture

Common Integration Patterns

This guide documents the core architectural patterns used throughout the Stratum Platform. These patterns enforce security, compliance, and data integrity across all integrations. Each pattern includes implementation examples, critical gotchas, and verification checklists.

1. Multi-Tenant Isolation Pattern

The Pattern: Every query filters by tenant_id. Data from one tenant is never accessible to another, regardless of how a user structures their request.

Implementation

SQL (Backend):
-- Correct: filtered by tenant
SELECT  FROM appeals WHERE tenant_id = $1 AND id = $2

-- Wrong: no tenant filter (SECURITY BREACH)
SELECT  FROM appeals WHERE id = $1
TypeScript (Node.js):
// Correct: extract tenant from header, use in WHERE
app.get('/api/appeals/:id', (req, res) => {
  const tenantId = req.headers['x-user-id']  // Never trust client
  const appealId = req.params.id
  const appeal = db('appeals')
    .where({ tenant_id: tenantId, id: appealId })
    .first()
  return res.json(appeal)
})

// Wrong: use client-supplied tenant
app.get('/api/appeals/:id', (req, res) => {
  const tenantId = req.body.tenant_id  // User could send wrong tenant!
  const appeal = db('appeals')
    .where({ tenant_id: tenantId, id: req.params.id })
    .first()
})
React Query (Frontend):
const useUserAppeals = (tenantId: string) => {
  return useQuery(['appeals', tenantId], async () => {
    const response = await fetch('/api/appeals', {
      headers: { 'X-User-Id': tenantId }
    })
    if (!response.ok) throw new Error('Failed to fetch appeals')
    return response.json()
  })
}
// User gets their own appeals only

Critical Gotchas


Last updated: 2026-04-14 Status: Active Reviewers: Patrick Lord, Security Team