Twill Brain

#395 Persistence, authentication, authorization architecture

2 min read

#395 — Persistence, authentication, authorization architecture

Repo: Twill-AI/facade State: closed | Status: done Assignee: Unassigned

Created: 2025-07-11 · Updated: 2025-07-16

Description

Need to develop authorization flow. Note that we would need to support not only merchants table but we may apply the same principles to other tables.

AC:

  • Twill AI supports “Partner Portal” API-s.
  • “Partner Portal” supports multiple partners. For now only Galt.
  • “Partner Portal” supports following roles:
    • “sales representative” (aka “rep”) with ability to create merchant applications for PayEngine, see merchants they have created, see merchants transferred to them after some user was removed (e.g. employee left company).
    • “owner” (aka admin/CEO) with the same abilities as “sales representative” but without filters by user, additionally can manage other users in partner.
    • (good to have, not needed for now) “office sales manager” with abilities as “owner” has but scoped to the specific office or set of users.
  • Users should have role available in API (for UI to render differently).
  • Partners can’t see merchants of each other.
  • Each partner data should be updated at once (due to amount of it).
  • “Partner Portal” supports LLM chat for all roles, LLM should obey relevant access scopes.

Investigation details.

See https://twillpayments.atlassian.net/wiki/spaces/TD/pages/399147009/Partner+Portal+architecture

Notes

Add implementation notes, blockers, and context here

Add wikilinks to related people, meetings, or other tickets

Graph View