Projects and Keys
RowOps uses a hierarchical tenancy model with organizations, projects, and API keys. This page describes the relationships between these entities and how access is controlled.
Tenancy Hierarchy
Organization
│
├── Project A
│ ├── Schemas
│ ├── API Keys (publishable + secret)
│ ├── Domains
│ └── Import History
│
└── Project B
└── ...
Organizations
Organizations are the top-level tenancy boundary.
Organization Properties
| Property | Description |
|---|---|
| Name | Display name for the organization |
| Tier | Billing tier (Free/Pro/Scale/Enterprise) |
| Members | Users with roles in the organization |
Organization Limits
Tier-based limits apply at the organization level:
| Tier | Max Projects |
|---|---|
| Free | 1 |
| Pro | 3 |
| Scale | 10 |
| Enterprise | Unlimited |
Projects
Projects are the primary configuration scope. Schemas, keys, and import history are scoped to projects.
Project Properties
| Property | Description |
|---|---|
| Name | Display name |
| Organization | Parent organization |
| Schemas | Data schemas for this project |
| Domains | Allowed hostnames for publishable keys |
Project Isolation
- Projects within an organization are isolated from each other
- API keys are scoped to projects, not organizations
- Cross-project access requires separate keys
API Keys
Two types of API keys provide access to project resources.
Publishable Keys
Publishable keys are designed for browser environments.
| Property | Value |
|---|---|
| Prefix | pk_ |
| Exposure | Safe for client-side code |
| Domain lock | Enforced |
| Use case | Browser-based imports, embedded components |
For React integrations, pass the key explicitly as publishableKey on RowOpsImporter.
Secret Keys
Secret keys are designed for server-side environments.
| Property | Value |
|---|---|
| Prefix | sk_ |
| Exposure | Must remain server-side |
| Domain lock | Not applicable |
| Use case | Headless mode, CLI, server-side integrations |
Key Scoping
Keys are scoped to projects, not organizations:
- A key provides access to one project only
- Organization-level access requires separate mechanisms (dashboard auth)
- Keys cannot access sibling projects
Domain Behavior
Domain Registration
Publishable keys are domain-locked. Requests from unregistered domains are restricted:
| Scenario | Behavior |
|---|---|
Localhost (localhost, 127.0.0.1, ::1) | Always allowed (does not count toward caps) |
| Registered domain | Full tier access |
| Unregistered domain | Fail-closed to Free tier (paid features disabled) |
| No domains registered | Only localhost is allowed |
Domain Limits by Tier
| Tier | Max Domains |
|---|---|
| Free | Localhost + 1 |
| Pro | Localhost + 3 |
| Scale | Localhost + 10 |
| Enterprise | Unlimited |
Auto-Enrollment Behavior
Auto-enrollment is not supported. Domains must be explicitly registered in the dashboard. Requests from unregistered domains fail closed to Free tier or are rejected, depending on the endpoint.
Domain Verification Cache
Client-side domain verification is cached:
- Cache scope: in-memory for the current session only
- No localStorage or persistent cache
- Expired tokens trigger re-verification
Key Revocation
Revocation Semantics
Keys can be revoked through the dashboard:
| Property | Description |
|---|---|
revokedAt | Timestamp of revocation |
| Immediate effect | Revoked keys are rejected on next use |
| No grace period | Revocation is immediate |
Revocation Verification
Key validity is checked during license verification:
- Key format validated locally
- Key existence checked against database
revokedAttimestamp checked- Revoked keys return 403 error
Key Management
Creating Keys
Keys are created through the dashboard:
- Navigate to
/projects/[projectId]/keys - Select key type (publishable or secret)
- Key is generated and displayed once
- Secret keys are not retrievable after creation
Rotating Keys
To rotate a key:
- Create a new key
- Update client applications
- Revoke the old key
There is no automatic rotation mechanism.
What This Configuration Does Not Provide
- Organization-level keys: Keys are project-scoped only
- Key expiration: Keys do not expire automatically (revocation is manual)
- Gradual rollout: Key changes are immediate, not gradual
- Key recovery: Secret keys cannot be retrieved after creation