Skip to main content
Mahoosuc Solutions logo

Product

SA Client Portal

Real-time client engagement tracking + secure JWT-authenticated portal + workspace isolation

For Decision Makers

Business value, ROI, and outcomes. Understand the impact on your team and bottom line.

The Problem

SA engagement clients need real-time visibility into engagement progress, proposal status, and report access. Email updates are slow; custom portal builds are expensive and introduce security risks.

The Solution

Secure browser-based portal for clients to view proposals, monitor engagement progress, and access reports. Email-based JWT authentication with workspace scoping prevents cross-engagement data access. Built into every SA engagement tier.

Business Outcomes

  • Real-time engagement visibility for clients (Managed Build + Continuous Governance)
  • Secure JWT authentication with workspace isolation — no data leakage
  • Rate-limited auth endpoints (10 attempts/5 min) prevent brute-force attacks

For Engineers

Architecture, APIs, and security. Deep technical details for implementation teams.

Architecture

Email-based JWT token issuance → Workspace-scoped queries → Rate-limited auth middleware → Client portal routes. Uses HMAC token signing, workspace_id isolation, and IP-based rate limiting via express-rate-limit.

API Highlights

  • POST /api/workspaces/:id/issue-client-token (email → JWT token)
  • GET /api/proposals/:id/client-view (workspace-scoped read)
  • GET /api/engagements/:id/client-view (real-time progress)
  • GET /api/sa-reports/reports/:id/client-view (report access)

Security & Compliance

  • Workspace isolation via JWT workspace_id + WHERE clause (defense in depth)
  • Rate limiting on token validation (10 fails/5 min per IP)
  • Email-based auth (no password management burden)
  • Audit trail on all client portal access
  • Cross-workspace token attempts return 404 (not auth error)

For Operators

Getting started, integrations, and operational setup. How to deploy and operate.

Getting Started

  1. 1.Client accepts SA engagement proposal
  2. 2.Receives portal access email with workspace token
  3. 3.Authenticates with email → token issued
  4. 4.Views engagement progress, proposals, and reports in real-time
  5. 5.Signs documents or approvals directly in portal

Key Integrations

JWT tokens (HMAC-based)Email distribution (token delivery)PostgreSQL (workspace isolation)express-rate-limit (DoS protection)

Interested in this product?

Contact us