Skip to main content
Swifty
Back to Blog
integrations security workspaces configuration

Tenant-Scoped External Connections

Swifty Team Mar 18, 2026 3 min read

External service integrations need credentials. API keys, authentication tokens, service endpoints — these values are specific to an organization and should be managed by that organization, not platform-wide. When multiple teams or clients run separate workspaces on the same platform, their credentials must be isolated from each other.

Tenant-scoped external connections ensure exactly that.

Each Workspace Is an Island

External connection credentials are scoped to the workspace. A credential configured in one workspace is completely inaccessible to any other workspace — not shared, not visible, not inheritable. Each workspace maintains its own connection configurations.

This isolation is a hard guarantee, not a convention. The platform's data model makes cross-workspace credential access impossible by design.

Configuring Connections

Connection configuration lives in the workspace settings panel under "Integrations." Each supported integration type has a dedicated configuration form — enter the API key, service URL, or authentication token, and test the connection. A successful test confirms the credentials are valid and the service is reachable.

Once configured, the connection is available as a data source type throughout the builder for that workspace. Components can be connected to it without further credential handling.

What Gets Stored and How

Credentials are stored encrypted. The plain-text credential value is never stored in the database. The encrypted form is used by the platform when making authenticated requests to the external service; it cannot be retrieved in plain text by any user, including administrators.

Connection configurations show only the last few characters of the credential — enough to identify which key is in use, not enough to reconstruct it.

Updating and Rotating Credentials

When an API key is rotated — standard practice for security maintenance — updating the workspace's connection configuration replaces the credential immediately. No builder changes, no component reconfiguration. All components using that connection type start using the new credentials on their next request.

This makes credential rotation operationally simple. Rotate the key at the service provider, update the credential in workspace settings, done.

Multiple Instances of the Same Integration

A workspace can configure multiple instances of the same integration type — two different monitoring services, two different analytics providers. Each instance has its own credentials and appears as a separately named data source in the builder.

This supports organizations that run parallel services, regional service segregation, or development/production environment separation within a single workspace.

Related posts

Composed Data Sources

Chain and relate data sources for rich dashboards — compose complex data views from simpler sources without writing code.

Computed Expressions

Transform data with template expressions and built-in functions — format, combine, and derive values from your data without code.

Cross-Source Data Joins

Combine data from multiple sources in one view — join records from your database with data from external services using a shared key.