Resolve the active workspace
Derive workspace context from the authenticated session and active membership.
Workspace access control
ThrottleProxy enforces active membership, role permissions, and workspace IDs on the server. Owners, Admins, Developers, Billing users, and Viewers receive different capabilities, while platform administration remains a separate boundary.
Practical boundaries
Derive workspace context from the authenticated session and active membership.
Suspended memberships and non-members fail closed before protected work.
Map each route action to a server-side permission rather than relying on hidden buttons.
Include workspace_id in the actual select, update, or deactivate query.
Prevent role changes or removals that would leave a workspace without an active Owner.
Capture reviewed event types and sanitized metadata without secrets.
No. Owner protection is transactional and prevents an ownerless workspace state.
No. Billing access is separate from technical key and destination management.
No. Platform administration and workspace roles are intentionally separate authorization boundaries.
Use one workspace key, one exact public host, and non-sensitive test traffic.