Bbizbasics/ developers

Build on bizbasics

Ship a B2B product to real businesses without building the parts every B2B product needs and nobody enjoys: identity, billing, entitlements, provisioning, and distribution. You bring the product; the platform brings the customers and the plumbing.

What you get for free

  • Identity & SSO — your users are already signed in at app.bizbasics.ai. You verify one short-lived, RS256 access-token cookie (bb_at) locally via JWKS. No login screens, no password handling, no OAuth callbacks, no shared secret.
  • Billing, plans & seats — the platform owns subscriptions, seat limits, and entitlements. The user's plan, apps, and quotas arrive in the token. You never touch a payment processor.
  • Distribution — approved products appear in the app launcher for every entitled organisation on the platform. One launch, a B2B customer base.
  • Managed infrastructure — the platform provisions and runs your service at <slug>.bizbasics.ai: Postgres, object storage, ingress, TLS, autoscaling, network policy.
  • A unified workspace — publish a summary record per object and it surfaces alongside every other product the customer uses, in one cross-product view.

What you build

Your product, as a normal service — plus a small, well-defined contract: the four SSO endpoints, tenant isolation on every query, and a workspace record per user-visible object. That's the whole integration.

Start here

  • Onboarding — submission to live, end to end.
  • Product scaffold — a working Go starter that implements the integration.
  • SSO contract — the four endpoints + the sign-in handshake.
  • Runtime contract — ports, health, image names, sessions, /api routing — the things that bite people.
  • API reference — workspace records, quotas, catalog, search.
  • Webhooks — lifecycle events, signatures, retries.

How it fits together

The platform signs the user in once and issues a short-lived bb_at access-token cookie on .bizbasics.ai, backed by a revocable server-side session. You verify bb_at locally via JWKS — its claims give you org_id, role, plan, apps, and quotas — with no per-request call back to the platform. Because the access token is short-lived and refreshed against that revocable session, a logout or a plan change reaches your product automatically.

Your customersone sign-in · one billbizbasics control planeapi.bizbasics.aiIdentitySSO · sessionsBillingStripeEntitlementsplan · seats · appsCataloglauncherrelaychatmonkknowledge · RAGyour productbuilt by youEvery product speaks four contracts: SSO handoff · REST API + keys · Webhooks · Workspace records

Conventions

  • Tenant isolation — every query filters by org_id. No exceptions.
  • Auth — JWTs in httpOnly cookies only. Never localStorage.
  • Backend paths under /api — only the four SSO-contract paths are bare.
  • Cross-product data — read via /v1/workspace-records; never reach into another service's database.
© bizbasics — developer platform All systems operational