Variant Systems

Node.js & Elysia for SaaS

SaaS platforms serve hundreds of tenants with different configurations through shared infrastructure. Elysia keeps every tenant's data isolated and every API contract enforced.

Variant Systems builds industry-specific software with the tools that fit the problem.

Why this combination

  • Bun runtime handles concurrent API requests from multiple tenants with lower per-request overhead than traditional Node.js servers
  • TypeBox validation enforces tenant-specific configuration schemas, subscription plan limits, and API input constraints at the boundary
  • Eden Treaty generates typed SDKs for your platform's public API, reducing integration friction for customers building on your product
  • Plugin architecture supports multi-tenant middleware, feature flagging, and usage metering as composable, independently testable modules

Multi-Tenant Architecture With Typed Boundaries

Every SaaS request must resolve to a tenant, enforce that tenant’s plan limits, and scope data access appropriately. A leaked query that returns another tenant’s data is a company-ending security incident. Elysia’s plugin architecture encodes tenant isolation as a first-class middleware concern. The tenant resolution plugin identifies the tenant from the request context, attaches a scoped database connection, and enforces plan-level feature flags before your handler executes.

TypeBox schemas validate tenant-specific configurations. Each tenant’s settings, from custom field definitions to workflow automations, pass through typed validation. Eden Treaty generates typed clients that your customers use to integrate with your platform API. When you version your API or add new endpoints, the typed SDK reflects changes immediately. Your customers get compile-time safety when building on your platform, which reduces their integration bugs and your support burden.

Subscription Management and Plan Enforcement

SaaS revenue depends on clean subscription lifecycle management. Trial expiration, plan upgrades, seat additions, overage charges, and cancellation flows all need precise API handling. Elysia endpoints manage each lifecycle event with TypeBox-validated request and response models. A plan upgrade request must include valid plan identifiers, proration preferences, and billing cycle alignment parameters.

The subscription plugin enforces plan limits across your entire API surface. When a tenant on the starter plan tries to access an enterprise feature, the middleware returns a typed upgrade prompt before the handler executes. Usage metering plugins track API calls, storage consumption, and compute minutes per tenant with event-level granularity. These metering events feed into your billing integration through typed interfaces that your finance team trusts for revenue recognition.

Public API Design and SDK Generation

Your platform’s public API is a product surface. Developers evaluate your SaaS based on how pleasant and reliable your API is to integrate with. Elysia’s end-to-end type safety makes this a structural advantage. You define your API with TypeBox schemas and Eden Treaty generates typed clients that your customers install as an npm package. They get autocompletion, compile-time validation, and request/response types without reading documentation.

API versioning composes through Elysia’s plugin system. Version 1 and version 2 of your API run as separate plugin groups sharing underlying business logic. Breaking changes in v2 don’t affect v1 consumers. Bun’s fast response times mean your API performs well enough that customers don’t need to implement aggressive caching on their side. Your public API feels snappy, and your typed SDK feels like an internal library rather than a third-party integration.

Usage Metering and Operational Visibility

SaaS operators need real-time visibility into tenant usage patterns, API error rates, and infrastructure costs per tenant. Elysia’s lifecycle hooks let you instrument every request with tenant context, endpoint identity, response time, and status code without adding boilerplate to individual handlers. This telemetry data flows into your observability stack through a typed analytics plugin.

Usage metering plugins track billable events with TypeBox-validated schemas that ensure every event includes tenant ID, event type, quantity, and timestamp. Your billing system consumes these events with confidence because the schema enforcement guarantees completeness. When a tenant disputes their invoice, you have structured, validated usage records that trace back to individual API calls.

Compliance considerations

SOC 2 compliance enforced through audit logging plugins that capture every tenant data access with actor identity and request context
Tenant data isolation guaranteed at the middleware layer through scoped database connections validated before handler execution
GDPR data export and deletion requests handled through typed pipeline plugins that enumerate and purge tenant data across all stores
API rate limiting enforced per tenant and per plan tier through metering plugins with configurable threshold schemas

Common patterns we build

  • Multi-tenant API gateways with tenant resolution, plan enforcement, and scoped data access
  • Subscription lifecycle endpoints managing trials, upgrades, downgrades, and cancellation flows
  • Usage metering and billing integration with event-based tracking and threshold alerting
  • Public API surfaces with versioned endpoints, typed SDK generation, and developer documentation hooks

Other technologies

CI/CD Pipelines Cloud Deployment Cloud Cost Optimization Docker & Kubernetes Elixir & Phoenix Flutter & Dart

Services

Code Audit Full-Stack Development MVP Development Technical Debt Cleanup Vibe Code Cleanup

Building in SaaS?

We understand the unique challenges. Let's talk about your project.

Get in touch