SKAkash GherWeb Developer & HTML5 Game Specialist
HomeCase StudiesProjectsBlogWritingStudioStoreLabsAbout
All Case Studies

Creative case study

Next.js Multi-Tenant SaaS Portal

10 December 2025
Sky
by sky2 min readSaaSMulti-TenantNext.js

A white-label SaaS portal with per-tenant subdomains, isolated data scopes, custom branding, and a shared Next.js codebase — serving 12 enterprise clients from a single deployment.

Next.js 15TypeScriptPrismaPostgreSQLNextAuth v5
Case
Blogs
Writings
Studio
Labs
Home
Projects
Store
About

Client

HR Software Startup

Role

Lead Full-Stack Engineer

Year

2025

Discipline

React Web Application

Next.js Multi-Tenant SaaS Portal
Doodle concept visual

Onboarded 12 enterprise clients with fully isolated data and custom branding from a single Next.js codebase and deployment.

The hero image is loaded from the MDX coverImage field. Replace the demo URL with your own gameplay capture, PixiJS canvas screenshot, or rendered artwork.

12 active

Enterprise tenants

Single repo

Codebase split

Per-tenant JSON

Brand configs

On this page

  • The Architecture Challenge
  • Tenant Resolution via Middleware
  • Data Isolation
  • Per-Tenant Branding
  • Auth & Roles
  • Result

Akash Gher

High-performance web experiences

Case StudiesProjectsStudioStoreLogin

© 2026 Akash Gher. All rights reserved.

The Architecture Challenge

The client needed a single platform that could serve multiple enterprise customers, each with their own subdomain (acme.platform.com), isolated employee data, custom logo/colors, and separate billing — without maintaining separate codebases per client.

Tenant Resolution via Middleware

Tenant identity is resolved in Next.js middleware before any page renders. The middleware reads the subdomain from the Host header, looks up the tenant record in a lightweight edge-compatible cache (Upstash Redis), and attaches the tenant context to request headers.

All downstream Server Components and API routes read tenant context from headers — there is no client-side tenant state.

Data Isolation

All database queries are scoped by tenantId using a Prisma middleware extension. The extension automatically injects where: { tenantId: ctx.tenantId } into every findMany, findFirst, and update call. Forgetting to add tenantId to a query is impossible by design.

Per-Tenant Branding

Each tenant has a BrandConfig JSON record stored in the database:

{
  "primaryColor": "#4f46e5",
  "logoUrl": "https://cdn.../acme-logo.svg",
  "fontFamily": "Inter"
}

The config is injected as CSS custom properties in the root layout's <style> tag on every server render. Zero client-side flicker. Zero JavaScript required for brand application.

Auth & Roles

NextAuth v5 with a custom credentials provider handles authentication. JWT tokens include tenantId and role claims. A middleware guard checks both claims on every protected route — cross-tenant data access is blocked at the network edge before any business logic runs.

Result

12 enterprise clients run on a single deployment. Adding a new tenant takes under 10 minutes — create a database record, set the subdomain DNS, done.

More Case Studies

You might also like

View all
iGaming Math Config Architecture
9 June 2026

iGaming Math Config Architecture

A technical deep-dive into how production iGaming studios store, version, and serve complex game math configurations across operators, jurisdictions, and variants.

Remote Gaming Server (RGS) Architecture
8 June 2026

Remote Gaming Server (RGS) Architecture

A complete blueprint of an enterprise iGaming backend system: from the Seven-Layer Model and 48ms game transaction loops to GLI compliance and scaling pipelines.

Lish Programming Language
6 June 2026

Lish Programming Language

An educational compiler project translating academic Computer Science theory into a working plain-English general-purpose compiler that compiles directly to zero-overhead x64 assembly.