Account model
Updated May 31, 20261 min read
The account model is how Carriyo organizes your business and controls who sees what. Every operational entity in the platform (orders, shipments, notifications, reports) sits inside this structure.
The four dimensions are:
- Tenant. The top-level container. One tenant per Carriyo customer. Carries the subscription, the resource quotas, and the isolation boundary.
- Merchant. Sub-brands within the tenant. Drives branding, notifications, reporting slices, and access scope.
- Locations. The physical sites the tenant operates from. A single location can act as a warehouse, an inventory site, a click-and-collect counter, a shipping origin, or a delivery destination, sometimes all at once.
- Account access. The authentication and authorization layer. Users and API clients gain access to a tenant, scoped to specific merchants, locations, and roles.
Account model across the docs
How they relate
Tenant
├── Subscription (plan, quotas, feature flags)
├── Merchants (sub-brands)
│ ├── CX assets, notifications, products
│ └── Orders, shipments, returns
├── Locations (physical sites)
│ ├── Fulfillment, inventory, collection
│ └── Shipping pickup / delivery dropoff
└── Users + API clients
└── role × merchant × location scope
A user authenticates against the tenant. Their role plus their assigned merchants and locations decide what they see. Entities themselves are positioned the same way: most belong to a single merchant, some are shared across merchants, and a few are tenant-wide. The Merchant page covers that classification in detail.
Reading order
If you're new to Carriyo, read in this order. Each page builds on the previous one:
- Tenant. The unit of subscription and isolation.
- Merchant. The sub-brand boundary, and which entities respect it.
- Locations. The physical sites your operations run from.
- Account access. How users and API clients are scoped to the above.