AtlasOps
Full Stack Developer & Solutions Architect
AtlasOps is a multi-tenant SaaS control center designed to mirror production realities instead of demo-only CRUD. Each organization has isolated workspaces, role-scoped permissions, billing lifecycle controls, and operational dashboards. The platform handles tenant onboarding, role management, subscription plan transitions, and traceable administrative actions through immutable audit records.
All org data is resolved through tenant-scoped access guards
Owner, admin, and member with explicit capability matrix
Plan changes and entitlements update from signed Stripe events
Critical actions are recorded with actor and timestamp context
The Problem
Most SaaS demos prove UI and basic API plumbing but avoid the hard architecture concerns that matter in production: tenant isolation, authorization boundaries, billing state management, and operational traceability.
The Solution
Built a modular ASP.NET Core platform with explicit domain boundaries for identity, tenancy, billing, and auditability. Added policy-based authorization, tenant-scoped query guards, Stripe webhook processing with idempotency protections, and a Next.js admin console for role and subscription operations.
Technical Decisions
Key architecture decisions and their outcomes
Policy-based authorization over route-only checks
Role and entitlement checks were needed in both API handlers and background workflows.
Implemented policy gates in service/domain boundaries, not only at route middleware level.
Authorization remains consistent across HTTP, jobs, and webhook processing paths.
Webhook-first billing lifecycle
Billing state cannot rely on UI callbacks alone because checkout and subscription events are asynchronous.
Used Stripe webhooks as source of truth with signature validation and idempotency keys.
Subscription transitions are reliable, replay-safe, and resilient to duplicate events.
Engineering Details
- Tenant context is resolved per request and propagated through service operations
- Authorization policies map role + plan + resource scope into a single decision boundary
- Stripe event handlers enforce signed payload checks before processing
- Audit log writes are append-only and tied to actor, tenant, and operation type
- Background workers process usage aggregation and entitlement refresh tasks
Key Highlights
- Tenant-scoped data model with strict query boundary enforcement
- Role matrix with owner/admin/member policy controls
- Stripe billing integration with webhook signature validation
- Idempotent event processing for subscription transitions
- Immutable audit logs for security-sensitive admin actions
- Operational dashboard for org health and subscription visibility
Tech Stack
Skills & Technologies
Related Articles
Multi-Tenant SaaS: One Codebase, Wildly Different Products
Every customer wanted something different. The CRM customer needed contacts. The LMS customer needed courses. We were shipping bloated software that served nobody well. Here is how plugins fixed it.
From Monolith to 34 Plugins: How We Built an Extensible Platform Without Losing Our Minds
A customer asked for Monday.com integration. We could have hard-coded it into the core. Instead, we built a plugin system — and 18 months later we have 34 plugins serving 27 apps.
.NET vs Convex: When to Use a Traditional Backend vs a Reactive Platform
Both .NET and Convex can power production backends. After building multi-tenant SaaS platforms, high-performance APIs, and real-time dashboards across both, here is how I decide which one fits — and when the answer is both.