Access, authentication, and workspace selection
Controls who can enter Apex, which workspace they operate in, and which shop becomes active for every dashboard and API action.
Simple terms
This is the front door and tenant switchboard. It decides who is signed in, what workspace they belong to, and which shop every action applies to.
Controls who can enter Apex, which workspace they operate in, and which shop becomes active for every dashboard and API action.
Routes
/login/signup/verify-email/auth/reset-password/orgs/new/shops/new
Implementation behavior
- Supabase Auth creates and refreshes the user session; protected dashboard routes require that session before rendering.
- Apex stores the active shop in the
drip_active_shophttpOnly cookie so server components and route handlers resolve the same tenant. - Company workspaces focus on one brand; agency workspaces add client management and cross-client navigation.
- Shop records hold the storefront domain, display name, owner, worker URL, and integration metadata used by the runtime.
How to use it
- Sign up or log in, verify email, then create or join a workspace.
- Create a shop before creating goals, experiments, audiences, API keys, or webhooks.
- Use the workspace and shop switchers before making changes for a client or brand.
- Accept store or organization invitations from the invitation acceptance routes.
When not to use it
- Do not use shop switching as a permissions workaround; assign the user to the correct workspace or store.
- Do not create duplicate shops just to test setup; use the existing staging or test workspace when possible.
- Do not troubleshoot product data until the active shop and workspace are confirmed.
Implementation source
- Pages live under
src/app/(auth)and onboarding routes such assrc/app/(dashboard)/orgs/newandsrc/app/(dashboard)/shops/new. - Tenant resolution depends on Supabase Auth plus the active-shop cookie used by dashboard route handlers.
- Shop and organization membership state is stored in Prisma models in
prisma/schema.prismaand managed through/api/shopsand/api/orgshandlers.
Data and API
- Supabase Auth user and session records.
- Prisma models:
Organization,OrganizationMember,Shop,ShopUser,Invitation,OrgInvitation. - APIs:
/api/shops,/api/orgs,/api/org-invitations,/api/invitations.
Failure modes
- No active shop: create/select a shop or clear a stale active-shop cookie.
- Wrong tenant data: switch the active workspace before editing experiments or integrations.
- Expired invitation: request a new invitation from a workspace or store admin.