Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.vaultgraph.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

VaultGraph is a multi-tenant platform, and tenant isolation is a core part of how it is built.

Tenant isolation

  • Every resource — shops, deployments, API keys — belongs to an organization.
  • You only have access to data for organizations you are a member of.
  • Isolation is enforced both at the API boundary and in the data layer (Postgres Row-Level Security).

API keys

  • Organization API keys (vk_) and deployment API keys (dk_) are stored as hashes, never in plaintext.
  • A key value is shown only once, at creation time.
  • Keep API keys server-side only — never expose them in browser or client code.

Data handling

  • Treat API keys, customer data, and order data as sensitive.
  • VaultGraph avoids logging secrets or raw sensitive payloads.

Commerce data residency

Custom commerce backends keep all cart, checkout, order, and customer records on your own infrastructure. The gateway calls your HTTPS endpoint per request and does not persist commerce records itself. The built-in demo backend is the exception: it stores ephemeral cart/order state in a hosted key-value store with a 1-hour TTL for evaluation purposes only.