Fintech Core is multi-tenant: each venture is an isolated tenant identified by its API key. A venture only ever sees and acts on its own data.

Ventures

A venture has a name, a status (ACTIVE / DISABLED), and one API key (stored only as a SHA-256 hash). Disabling a venture immediately rejects its key.

Scoping

The API key on a request resolves to exactly one venture. Resources created through the API — payments, webhook endpoints — are tagged with that venture’s id, and every read is filtered by it. Requesting another venture’s resource returns 404, not the data.

Management

  • Admin provisions ventures (POST /api/v1/ventures) and can manage any venture by id (PATCH /api/v1/ventures/{id}).
  • Ventures self-manage through /api/v1/me (view, rename, rotate their key) — see Managing ventures.
Satim merchant credentials are currently shared at the platform level, not per venture — Fintech Core abstracts them away so ventures never handle them directly.