Extensibility in a Multi-Tenant Platform

Run untrusted customer code in a multi-tenant trading platform

For customized documentation and ready to run samples, please log in.

Let's consider a trading platform that allows customers do define algorithmic trading strategies by writing custom code. This is an example of a class of multi-tenant systems that allow extensibility through custom code, and require a secure way of running that code in an isolated way. Auth0 itself is another good example of such system: we run custom authorization rules and DB scripts on behalf of our subscribers.

Webtasks are a great way to run such untrusted code because they provide strong isolation guarantees.

To provide a simple example, let's assume each of the customers of the trading platform defined a JavaScript function that returns an trade order disposition when called with the latest stock price information:

var algorithms_per_customer = {
  'john': 'return function (ctx, callback) {' +
    '  callback(null, ctx.data.price > 10.0 ? "SELL" : "HOLD");' +
  'fred': 'return function (ctx, callback) {' +
  '  callback(null, ctx.data.price < 5.0 ? "BUY" : "HOLD");' +

Your application has no control over the code your customers write. Some problems that you must account for when running untrusted code on behalf of your customers is data isolation between customers and fair consumption of computing resources. These are the exact problems that Webtasks address. By executing your customer code using Webtasks you benefit from the isolation guarantees they provide.

This is how you could execute your customer code using Webtasks:

var request = require('request');
var price = Math.random() * 20;

for (var customer in algorithms_per_customer) {
  var algorithm = algorithms_per_customer[customer];
    method: 'POST',
    url: 'https://webtask.it.auth0.com/' + customer + '?price=' + price,
    headers: {
    Authorization: 'Bearer {webtask_token}'
    data: algorithm
  }, function (error, res, body) {
    // process error or customer's trade disposition in body

Take note of the following in the sample above:

  • Each customer's strategy is executed through an HTTPS request to Webtasks.
  • Each request to Webtasks specifies the customer name as the webtask container to use. This means that code of every customer will execute within its own isolation boundary and cannot interact with or affect code or data of other customers.
  • The price information is passed as URL query parameter and propagated to the JavaScript function as part of context.
  • The code of the JavaScript function to run itself is passed in the payload of the HTTPS POST request.
  • The call to Webtasks is authenticated using your own webtask token.

Using Webtasks to execute untrusted code in a secure and isolated way was the primary motivation for this technology, and this is how we are using it internally at Auth0. Webtasks solve the difficult problem of running untrusted code in a multi-tenant system and let you spend more time on the logic of your application.