Platform overview
What your app can reach, and how the pieces fit.
The surfaces you extend
| surface | what your package declares | what the platform does on install |
|---|---|---|
| Custom objects | Object + field schemas (15 field types incl. platform-computed formulas, lookups to Leads/Contacts/Companies/Opportunities, validation rules, field-level role ACLs) | Creates the objects via the schema builder; an auto-generated CRUD API appears at /api/crm/custom/{apiName}/records |
| Workflows | Templates in the production engine's typed DSL — 16 triggers, 12 actions, true if/else branching | Creates them per tenant (drafts in sandbox installs, active in prod), wired to live event firing, DLQ retries and the audit ledger |
| Webhooks | HTTPS endpoints + platform event names | Registers outbound subscriptions with retries and a delivery ledger the tenant can inspect |
| AI agents | Builder-agent scripts (system prompt + skill names) | Creates the agent in the tenant's Agent Builder, subject to their model keys and token budgets |
| UI extensions | HTTPS links templated with record context | Surfaces them on lead/contact/opportunity detail, dashboard or settings |
Identity & isolation
- Verified-JWT everywhere. Every service verifies HS256 platform JWTs at the door (issuer
ivorycom-auth, audienceivorycom-api); identity headers are stripped and re-stamped from verified claims. There is no header-trust path. - Tenant isolation. Postgres row-level security and per-service schemas isolate tenants at the data layer; your app never sees another tenant's rows.
- Your app acts as the installing user. The install engine forwards the installer's bearer downstream, so their RBAC role and plan gates apply to everything your package provisions. An app cannot escalate past the human who installed it.
Where requests flow
your code ──▶ https://app.ivorycomcrm.com/api/marketplace/… (catalog, submissions, installs)
tenant SPA ─▶ https://app.ivorycomcrm.com/api/crm/… (CRM gateway: leads, custom records, workflows)
platform ──▶ your https endpoints (outbound webhooks, signed deliveries)Categories
sales marketing finance productivity support data