Security and Privacy

DartStream handles authentication, tenant context, billing state, runtime controls, provider metadata, and future telemetry. Security must be enforced consistently across frontend and microservices.

Authentication

The app uses Firebase for user authentication. Backend services verify Firebase ID tokens before accepting protected requests.

Most protected requests use:

Authorization: Bearer <Firebase ID token>
X-Tenant-ID: <active tenant ID>

Tenant Isolation

Tenant ID and role context are part of the backend auth bootstrap response. Services must enforce tenant isolation server-side.

Secrets

Provider credentials, Stripe keys, webhook secrets, and API credentials must be stored in managed secrets. They should not appear in screenshots, docs examples, logs, commits, or exported workspace files.

Billing Security

Stripe Checkout and Stripe Billing Portal handle payment and subscription management. Webhooks must be verified with the configured Stripe signing secret before billing state is reconciled into DartStream.

Runtime Control Safety

Feature flags and live config should not replace backend permission checks. Use runtime controls for operational behavior, rollout, and tuning, not for enforcing sensitive authorization.

Privacy

Telemetry and audit data should avoid unnecessary personal data. When user context is needed, prefer stable identifiers and redaction over raw sensitive fields.