Overview

Every Obeya Cloud organization operates on its own subdomain: your-org.obeya.cloud. This provides complete isolation between tenants and a branded URL for your team.

Default Subdomain

Your subdomain is set during organization creation. It must:
  • Be between 3 and 63 characters
  • Contain only lowercase letters, numbers, and hyphens
  • Start with a letter
  • Not end with a hyphen
  • Be unique across all Obeya Cloud organizations

Changing Your Subdomain

Changing your subdomain will break existing bookmarks, shared links, and API integrations. Proceed with caution.
To request a subdomain change:
  1. Go to Settings > Organization > Subdomain
  2. Enter the new subdomain
  3. Confirm availability
  4. Submit the change request
The old subdomain will redirect to the new one for 30 days. After that, the old subdomain is released.

Custom Domain

Business and Enterprise plans can configure a custom domain (e.g., pm.yourcompany.com) to replace the default your-org.obeya.cloud.
1

Add Your Domain

Go to Settings > Organization > Custom Domain and enter your desired domain (e.g., pm.yourcompany.com).
2

Configure DNS

Add a CNAME record pointing your domain to custom.obeya.cloud at your DNS provider.
Type:  CNAME
Name:  pm
Value: custom.obeya.cloud
TTL:   3600
3

Verify Domain

Click Verify in the Obeya Cloud settings. DNS propagation can take up to 48 hours, but typically completes within minutes.
4

SSL Certificate

Obeya Cloud automatically provisions and renews an SSL certificate for your custom domain via Let’s Encrypt. No action needed.

Multi-Subdomain API Access

All API requests are scoped to the organization identified by the subdomain: 
# Access ACME organization's data
curl https://acme.obeya.cloud/api/v1/boards \
  -H "Authorization: Bearer YOUR_TOKEN"

# Access Different organization's data
curl https://other-org.obeya.cloud/api/v1/boards \
  -H "Authorization: Bearer DIFFERENT_TOKEN"
API tokens are scoped to a single organization. A token created in acme.obeya.cloud cannot be used to access other-org.obeya.cloud.

Subdomain Security

  • All subdomains are served over HTTPS with automatic certificate management
  • Cookies are scoped to the specific subdomain — no cross-tenant cookie leakage
  • CORS policies are enforced per-subdomain
  • Rate limiting is applied per-subdomain to prevent abuse

Allowed Subdomains

The following subdomains are reserved and cannot be used: www, app, api, admin, status, docs, help, support, blog, mail, smtp, ftp, ns1, ns2, cdn, assets, static, staging, dev, test