Platform overview
OmniTrustDXP is an enterprise multi-tenant Digital Experience Platform built specifically for banking and financial institutions. One codebase serves unlimited branded sites — each isolated at the database level.
One platform, many tenants
Every tenant gets its own:
- Subdomain or custom domain —
ke.omnitrustdxp.comorwww.yourbank.co.ke. - Theme — colors, fonts, and floating widgets.
- Content — pages, blocks, media, menus, taxonomies.
- Users & roles — scoped RBAC with route + block + field-group permissions.
- Leads & forms — isolated CRM per tenant.
Row-level security (RLS)
Tenant isolation is enforced by PostgreSQL row-level security, not just application code. Every tenant-scoped table has an RLS policy that filters rows by the app.current_tenant_id session variable. Even a bug in the application cannot leak data between tenants — the database refuses to return it.
Subdomain routing
The ResolveTenant middleware resolves a tenant in this order:
- Exact domain match (
yourbank.co.ke). - Subdomain match (
yourbank.omnitrustdxp.com). - A
demo_tenantcookie (used by super-admins to preview any tenant). - Fallback to the system tenant for platform pages like this one.
Stack & hosting
- FrankenPHP (Caddy + PHP 8.5) serves both static and dynamic content — no separate Nginx.
- PostgreSQL 17 with pgvector for content and embeddings.
- DragonflyDB (Redis-wire compatible) for cache, sessions, and queues.
- Meilisearch for full-text search across pages and products.
- MinIO / S3 for media and document storage.
- Cloudflare for DNS, DDoS protection, and edge TLS.
Next: Content studio →