Recommended best practice for routing in a multi-tenant application using organization slugs?
In my app, every user must belong to an organization, and the entire user experience is scoped to a URL structure like:
(baseURL)/(orgSlug)/...
The frontend is built with Next.js, the backend uses Express.js, and authentication is handled with BetterAuth.
Given this setup, what is the most secure and performant way to:
Fetch the user’s organization slug once (e.g., on login or session initialization)?
Ensure the user remains scoped to that organization (i.e., their orgSlug) throughout the session?
Prevent access to any other organization’s slug/route unless they explicitly switch organizations?
0 Replies