ScalixScalix Docs
Sign up

Core Concepts

Organizations, projects, tokens, and the resource model

Organizations

An organization is the top-level container for all your resources. Every account starts with a default org.

  • Organizations have members with role-based access (owner, admin, developer, viewer, billing)
  • Billing is scoped to the organization
  • API keys belong to the organization; they may optionally be scoped to a single project

Projects

Projects live inside organizations. They isolate resources:

  • Each project gets its own databases, functions, storage buckets, and services
  • API keys can be scoped to a project, or stay org-wide and target a project per-request
  • Cross-project access requires explicit permission
plaintext
Organization
├── Project: production
│   ├── Database: main-db
│   ├── Function: api-handler
│   └── Storage: assets-bucket
└── Project: staging
    ├── Database: staging-db
    └── Function: api-handler-staging

API Keys and Scopes

API keys authenticate requests and carry scope restrictions. Create scoped keys from the dashboard (Organization → API Keys), selecting only the scopes the key needs — e.g. compute:deploy, functions:deploy, storage:write.

Scopes follow a service:action pattern. Key scope groups:

  • database:query, database:branch, database:admin — database access
  • compute:deploy, compute:scale, compute:logs — container management
  • functions:deploy, functions:invoke, functions:logs — serverless
  • storage:read, storage:write, storage:delete — object storage
  • ai:infer, ai:models — inference
  • kv:read, kv:write — key-value store
  • events:publish, events:subscribe — event bus
  • cron:read, cron:write — scheduled jobs
  • sandbox:create, sandbox:read, sandbox:execute — sandboxes

Tenant Isolation

API keys belong to the organization. A key scoped to a single project carries its project context automatically; an org-wide key targets a project per-request via the X-Scalix-Project header. Either way, the gateway enforces that a token can only access resources within its organization — and, for project-scoped keys, within that project.

Regions

Scalix Cloud currently runs in a single EU region. Resources are created there and data stays within the region. Multi-region deployment is planned.