Identity mapping: principal to billing account
Vluna maintains a 1:1 mapping between your principal_id and Vluna's billing_account_id within a realm.
Rules (contract)
- The mapping is immutable after first creation.
- The first time Vluna sees a new
principal_id, it creates and binds abilling_account_id. - Treat
billing_account_idas sensitive. Do not trust it from untrusted clients.
Recommended pattern: prefetch mapping via token issue
Even if the mapping can be created lazily, prefetch it in your backend:
- User signs in or your backend receives a customer-scoped request.
- Your backend calls
POST /mgt/v1/token/issuewithprincipal_id. - Vluna returns:
billing_account_id- a short-lived bearer token
- Your backend stores
principal_id -> billing_account_idin your database.
Why this helps:
- You validate connectivity early.
- You avoid "first-request creates mapping" surprises in critical paths.
- You get a stable foreign key into Vluna data for support and analytics.
What to store in your database
At minimum:
principal_id(string)billing_account_id(uuid string)realm_id(string)- timestamps:
created_at,updated_at
Next
- Tenancy model: Tenancy: realm and billing account
- Verify integration: Verify installation and integration