	In Browser
	StumbleUpon
	del.icio.us
	Google
	Google Buzz
	reddit
	LinkedIn

	Facebook
	Twitter
	Linkedin
	E-Mail

Generative AI > Google Gemini API > ADK Multi-Tenancy Patterns

ADK Multi-Tenancy Patterns

Author: Venkata Sudhakar

Multi-tenancy allows a single ADK agent deployment to serve multiple independent business units or customers while keeping their data, sessions, and tool permissions completely isolated. ShopMax India runs separate portals for Retail, Wholesale, and Corporate clients ï¿½ each tenant must never see another tenant's data or trigger another tenant's tools.

The key to multi-tenancy in ADK is propagating a tenant identifier through every layer: session state, tool invocations, database queries, and audit logs. The agent reads the tenant ID from the authenticated request context and uses it as a mandatory filter on every operation.

The below example shows a multi-tenant ADK agent that enforces tenant isolation using session state and tenant-scoped tool wrappers.

import os
import functions_framework
from google.adk.agents import LlmAgent
from google.adk.sessions import InMemorySessionService
from google.adk.tools import FunctionTool
from google.cloud import bigquery

bq = bigquery.Client()

def get_tenant_id(request) -> str:
    # Extracted from verified JWT claim or IAP header
    return request.headers.get("X-Tenant-ID", "unknown")

def make_order_tool(tenant_id: str):
    def get_orders(limit: int = 10) -> dict:
        # Hard-coded tenant filter ï¿½ agent cannot override this
        query = (
            "SELECT order_id, customer, amount FROM `shopmax.orders` "
            "WHERE tenant_id = @tenant AND status = @status "
            "LIMIT @limit"
        )
        job_config = bigquery.QueryJobConfig(
            query_parameters=[
                bigquery.ScalarQueryParameter("tenant", "STRING", tenant_id),
                bigquery.ScalarQueryParameter("status", "STRING", "pending"),
                bigquery.ScalarQueryParameter("limit", "INT64", limit),
            ]
        )
        rows = list(bq.query(query, job_config=job_config).result())
        return {"tenant": tenant_id, "orders": [dict(r) for r in rows]}
    get_orders.__doc__ = "Fetch pending orders for the current tenant."
    return FunctionTool(get_orders)

session_service = InMemorySessionService()

@functions_framework.http
def agent_handler(request):
    tenant_id = get_tenant_id(request)
    if tenant_id == "unknown":
        return ("Unauthorised", 401)
    # Per-request agent with tenant-scoped tool
    agent = LlmAgent(
        name=f"shopmax_agent_{tenant_id}",
        model="gemini-2.0-flash",
        instruction=(
            f"You are a ShopMax assistant for tenant {tenant_id}. "
            "Only answer questions about this tenant. "
            "Never reveal data from other tenants."
        ),
        tools=[make_order_tool(tenant_id)],
    )
    data = request.get_json(force=True)
    user_msg = data.get("message", "")
    session_id = f"{tenant_id}_{data.get("session_id", "default")}"
    from google.adk.runners import Runner
    runner = Runner(agent=agent, session_service=session_service)
    events = list(runner.run(
        user_id=tenant_id,
        session_id=session_id,
        new_message={"role": "user", "parts": [{"text": user_msg}]},
    ))
    reply = next((e.content.parts[0].text for e in events if e.is_final_response()), "")
    return {"tenant": tenant_id, "reply": reply}

It gives the following output,

# POST /agent  Headers: X-Tenant-ID: retail
# Body: {"message": "Show pending orders", "session_id": "u100"}
{
  "tenant": "retail",
  "reply": "You have 3 pending retail orders: ORD-1001 (Rs 4,500), ORD-1002 (Rs 12,200), ORD-1003 (Rs 890)."
}

# POST /agent  Headers: X-Tenant-ID: wholesale
# Body: {"message": "Show pending orders", "session_id": "u200"}
{
  "tenant": "wholesale",
  "reply": "You have 1 pending wholesale order: ORD-2041 (Rs 1,85,000)."
}

For production, replace InMemorySessionService with a Firestore-backed session store keyed by tenant, enable VPC Service Controls to prevent cross-tenant BigQuery access at the network layer, and rotate the signing key used to verify X-Tenant-ID claims. Logging each request with the tenant label in Cloud Logging enables per-tenant usage auditing.

Send your comments, suggestions or queries regarding this site to [email protected].