> ## Documentation Index
> Fetch the complete documentation index at: https://docs.homecarehq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication & tenancy

> How HomecareHQ authenticates requests and scopes them to one organization.

HomecareHQ is a multi-tenant platform. Two ideas govern every request: **who you are**
(authentication) and **which organization you're acting in** (tenancy).

## Authentication

Users authenticate with email and password, which establishes a session. Application requests
carry that session; HomecareHQ resolves it to a verified user before doing any work. Requests
that aren't authenticated are rejected before any data is touched.

<Note>
  Programmatic API credentials (for server-to-server integrations) are part of the upcoming
  public API. Today, access is through an authenticated user session.
</Note>

## Tenancy & isolation

A user belongs to one or more organizations through a **membership**. Every request acts within
exactly one organization, and all data access is constrained to that organization by row-level
security in the database.

<Warning>
  The organization a request acts in is derived from the **verified identity**, never from a
  value supplied in the request body. This is what keeps one tenant from reading another's data.
</Warning>

## Authorization

Within an organization, what a user can do is governed by **permissions** tied to their role
(owner, admin, manager, member, caregiver). Permissions are checked **server-side** on every
sensitive operation. Examples of the permission families HomecareHQ uses:

| Permission family                 | Governs                                              |
| --------------------------------- | ---------------------------------------------------- |
| `source_document:*`               | Uploading and reviewing source documents             |
| `connected_data:read`             | Reading connected-system data in chat and dashboards |
| `organization:*` / `membership:*` | Managing the organization and its team               |
| `registry_check:*`                | Running and reading registry checks                  |

<Info>
  Permissions are enforced by the server regardless of what a client requests — prompts and
  client-side checks are never the security boundary.
</Info>
