Platform overview

OmniTrustDXP is an enterprise multi-tenant Digital Experience Platform built specifically for banking and financial institutions. One codebase serves unlimited branded sites — each isolated at the database level.

One platform, many tenants

Every tenant gets its own:

  • Subdomain or custom domainke.omnitrustdxp.com or www.yourbank.co.ke.
  • Theme — colors, fonts, and floating widgets.
  • Content — pages, blocks, media, menus, taxonomies.
  • Users & roles — scoped RBAC with route + block + field-group permissions.
  • Leads & forms — isolated CRM per tenant.

Row-level security (RLS)

Tenant isolation is enforced by PostgreSQL row-level security, not just application code. Every tenant-scoped table has an RLS policy that filters rows by the app.current_tenant_id session variable. Even a bug in the application cannot leak data between tenants — the database refuses to return it.

Subdomain routing

The ResolveTenant middleware resolves a tenant in this order:

  1. Exact domain match (yourbank.co.ke).
  2. Subdomain match (yourbank.omnitrustdxp.com).
  3. A demo_tenant cookie (used by super-admins to preview any tenant).
  4. Fallback to the system tenant for platform pages like this one.

Stack & hosting

  • FrankenPHP (Caddy + PHP 8.5) serves both static and dynamic content — no separate Nginx.
  • PostgreSQL 17 with pgvector for content and embeddings.
  • DragonflyDB (Redis-wire compatible) for cache, sessions, and queues.
  • Meilisearch for full-text search across pages and products.
  • MinIO / S3 for media and document storage.
  • Cloudflare for DNS, DDoS protection, and edge TLS.

Next: Content studio →