Skip to Content
Jun 23, 2020 at 04:44 PM

Multitenancy with cloud foundry destination service


Hi all,

I was able to deploy a multitenancy application on cloud foundry.
In a nodejs app I can show the current user and tenant ID.
Next step is to share my destination service in my provider account to be able to read my destinations in my consumer accounts.

I'll give you an overview of my subaccounts:

1. Provider tenant: On this account I deployed the multi tenant app, I registered it in the saas service. There is a destination service linked to the approuter and to the destination service.
2. Consumer tenant 1: I subscribed to the app in the provider tenant and I'm able to open the application.

3. Consumer tenant 2: I subscribed to the app in the provider tenant and I'm able to open the application.

I use the subscription middleware of the approuter for the implementation of the callback entries.
When I check my subscriptions, I can see they are successfull and the destination service is shared.

now I created 3 destinations called SEARCHENGINE

for the provider tenant:

for the consumer tenant 1:

and for the consumer tenant 2:

In my nodejs app on the provider tenant, I want to be able to read the destination configurations on the consumer tenants.

Therefore I created a new route in the application.

router.get('/dest/:destinationName', async function(req, res, next) {
    const destinationName = req.params.destinationName;
    const destination = readDestination(destinationName);
  } catch (error) {
    console.error("End Error!");

the readDestination function is reading the environment variables, takes the destination service credentials and calls the destination service api.

unfourtunatly, the result of https://<url-consumer-tenant-1>/srv/dest/SEARCHENGINE and https://<url-consumer-tenant-2>/srv/dest/SEARCHENGINE is the same. They return the destination configuration of the Provider tenant:

  "owner": {
    "SubaccountId": "<subaccountId-provider tenant>",
    "InstanceId": null
  "destinationConfiguration": {
    "Name": "SEARCHENGINE",
    "Type": "HTTP",
    "URL": "",
    "Authentication": "NoAuthentication",
    "ProxyType": "Internet"

When I remove the destination in the provider account, I get a 404 error from the destination service.

Unsubscribing and resubscribe does not help.

this is the declaration of the destination service in the mta:

 - name: saas_dest_service
   type: destination
      service-plan: lite
      shared: true

my environment variables for the nodejs app:

  "destination": [
    "binding_name": null,
    "credentials": {
     "clientid": "sb-clone********!b20897|destination-xsappname!b404",
     "clientsecret": "********=",
     "identityzone": "testdpi",
     "instanceid": "a83ade9d-8c3b-4a1f-a0d8-f8e0bcf35858",
     "tenantid": "<subaccountId-provider tenant>",
     "tenantmode": "dedicated",
     "uaadomain": "",
     "uri": "",
     "url": "",
     "verificationkey": "-****-",
     "xsappname": "clone*******!b20897|destination-xsappname!b404"
    "instance_name": "saas_dest_service",
    "label": "destination",
    "name": "saas_dest_service",
    "plan": "lite",
    "provider": null,
    "syslog_drain_url": null,
    "tags": [
    "volume_mounts": []

As you can see, the destination service's tenantmode is dedicated. Is this correct?

How can I make this tenant-aware?

I think I have to add the current tenantId somewhere in the request of my destination service call, but I don't know where.




subscriptions.png (50.9 kB)
o8cnm.png (33.8 kB)
lkcvr.png (31.4 kB)
su0pw.png (33.3 kB)