Handling Customer-Specific Configuration in Server-Side Code Hosting

I have a question regarding server-side code hosting and how configuration data is handled across multiple customers.

Let’s say I have an app installed by 10 different customers. Each customer is required to enter their own configuration token for the app to load user-specific information. These tokens need to be saved and used whenever the app runs for that particular customer.

Since all 10 customers are using the same server instance where the application is hosted, I would like to understand how configuration isolation is handled:

• If each customer enters their configuration token, is there a risk that the most recently saved token overwrites the previously saved tokens?

• In other words, could all installations end up reading from the latest configuration token entered by the most recent customer?

• How does Monday ensure that each customer’s app instance runs using its own configuration and not a shared/global one, given that the app is hosted on a single server?

Any guidance on best practices for storing and retrieving customer-specific configuration in this setup would be greatly appreciated.

Hello @Timothy7 yes if you store a token globally on your server it can be overwritten. monday does not isolate your server state for you.

Each request from monday includes an accountId in the signed JWT. You must use this as the key when storing and retrieving configuration so every customer reads only their own data. If you do this correctly, all installations stay isolated even though they hit the same server.

Best practice is to store tokens per accountId using monday code secure storage or your own encrypted database. Never use global variables or shared rows for customer config.

Dr. Tanvi Sachar
Monday Certified Partner, Tuesday Wizard