Axiomatic

Glossary

Key terms used across Axiomatic docs and the product UI.

Identity and access

Identity
The login principal (person) in the control plane. One identity can belong to multiple tenants and hold multiple credentials (e.g. passkeys).

Tenant
An isolated data plane: a dedicated Postgres database (or dev-shared DB) holding entities, ledger data, and app tables for that workspace. Resolved at request time from the control plane.

Control plane
Shared metadata database: identities, credentials, tenant records, entity–tenant mappings, billing balances, and encrypted connection strings. Used to route each request to the correct tenant DB and DEK.

Entity
An accounting boundary: a business, fund, trust, or personal workspace with its own chart of accounts, books, and encrypted payload. You switch entity context inside the app; APIs are typically entity-scoped. See Entities.

Credential
An authentication method (e.g. passkey) attached to an identity in the control plane.

Data protection

DEK (data encryption key)
Per-entity symmetric key used to encrypt sensitive columns at rest (AES-256-GCM). The DEK is available only inside authorized server handlers after tenant resolution.

Encryption at rest
Sensitive fields are stored as ciphertext; plaintext is never written to tenant tables for protected columns. See Encryption.

Blind index
Optional HMAC of a searchable value so you can match without storing decryptable duplicates in plaintext.

Accounting engine

Event
A typed business fact (invoice, payment, payroll line, etc.) that enters the system and can drive posting.

Rule / DSL
Declarative posting logic compiled to a deterministic engine (WASM). Rules map events to journal lines according to your rule packs.

Rule pack
A bundle of rules and configuration for a book or scenario (e.g. GAAP vs. management).

Book
A logical ledger within an entity (e.g. GAAP, tax, management) with its own rule packs and posted balances.

Journal entry
Balanced debit/credit lines posted to accounts; traceable back to events and rules.

Triple-entry
Posting model where events, journal lines, and attestations/proofs can align; the docs use this to describe the integrated engine beyond classical double-entry alone.

Product and billing

Module / app
A major surface in the unified app (Ledger, CRM, Cortex, etc.) — same deployment, entity-scoped APIs unless documented otherwise.

Cortex
In-app AI with tools grounded in your tenant. See Cortex AI.

Credits (cloud)
Prepaid USD balance consumed by metered usage (API, AI, transactions, etc.). When balance is zero, writes are blocked until you add credits (self-hosted deployments can bypass). See Billing and credits.

Integration and automation

Connector
An integration to an external system (bank, Stripe, Gmail, etc.) with a documented auth model (API key, OAuth, webhook).

API key (ak_…)
Entity-scoped secret for Authorization: Bearer ak_... on the REST API (/api/...), with optional module scopes set when the key is created. Created under Settings → API keys.

Team Collaboration

Collaborate with your team using threaded comments, @mentions, and emoji reactions on financial records.

Architecture

How the web app, databases, and packages fit together — for operators and developers.

On this page

Identity and accessData protectionAccounting engineProduct and billingIntegration and automationRelated