The blocks that build your backend.
Invoices, Customers, Contracts are examples of project resources — you design them. This page lists the platform features: fixed blocks every account ships with, some always included and others that count toward usage as you go.
How everything is organized.
Before explaining the features one by one, here's how they live inside the product.
Organization
The company that pays the bill. Each organization has its own tax info, its monthly invoice and its team — with different access levels (technical, finance, etc). If you run two companies, you create two organizations: each gets its own invoice based on the consumption of its own projects.
Project
Each product or environment the organization runs. Project-wide settings live here: dedicated JWT keys, hosting location, email and SMS providers, external API integrations, authentication.
Project resources
What lives inside the project: the custom resources you create (Invoices, Customers, Orders...) plus the triggers that react to changes on them. Each resource has its own rules and permissions.
Resource fields
Inside each resource are the typed fields (amount, date, status list, file...). Each field has its own rules — min, max, allowed options, required or not — and its own per-tag permissions.
// assistant AI assistant
AI assistant
A conversational AI assistant inside the console. Describe in plain text the system you want and it creates the resources, fields, rules and triggers through Tarello's own API. It also answers questions about how to use the platform, fixes existing configurations and generates sample calls (curl, fetch) for your endpoints.
- Creates resources from a text description
- Suggests triggers based on the scenario
- Fixes configs and generates sample calls
// core Core
Authentication
Email and password login, with optional 2FA. JWT token generation and renewal per project, logout from all sessions, email recovery and signup with validation. All configurable in the console — or via the AI assistant.
- Per-project JWT, separate keys
- Built-in email recovery
- Optional 2FA, enabled per project
Tag-based permissions
You create tags (e.g. manager, finance, support) and give one or more tags to each user. On each resource, you pick which tags get access — and you can fine-tune it field by field. Example: on an Invoice, the manager tag can edit the "amount" field; the support tag can only view it.
- One or more tags per user
- Access set resource by resource
- Field-level refinement inside the resource
Project settings
Each project carries its own global settings — JWT keys, email and SMS providers, external API integrations, secret variables and constants. A change in one project doesn't affect the others, even within the same organization.
- Global per-project constants
- Email and SMS providers
- Secret variables kept apart
// builder Builder
Custom resources
Inside each project, create as many resources as you want — Invoices, Customers, Orders, whatever your product needs. Each resource has typed fields (amount, date, text, status list, file, relation to another resource) and each field has its own rules: min and max, currency, allowed options, required or optional.
- As many resources as you need
- Typed fields with their own rules
- Automatic validation on calls
Automatic REST API
Every time you create or change a resource, Tarello updates the corresponding REST API — list, search, create, update and delete endpoints, with filters, pagination, sorting and per-field validation. No need to write code or deploy.
- Full CRUD ready instantly
- Filters, sorting and pagination
- OpenAPI generated per project
External API integrations
Set up a call to any third-party API (payments, SMS, AI, anything) as if it were another resource. Your front-end calls a Tarello route and we forward the request to the external service with your key, then return the response.
- Keys stored securely
- Input/output field mapping
- Configurable retry and timeout
Multi-language
Centralize the words and phrases your product shows in a single place. In the project you register the list of terms across all resources, mark which ones should be translated and into which languages. The API delivers the right text for each user, without duplicating fields per language.
- Single term list per project
- "Translate / don't translate" flag per term
- Languages configurable per project
// automation Automation
Triggers
Define what happens when a resource changes. Real examples: "if the Invoice status changed to paid, email the customer"; "if the Invoice amount field was edited, log it and notify finance"; "if a new Order was created, fire the ERP webhook". Each trigger is a condition plus an action.
- Reacts to create, edit and delete
- Conditions on the resource fields
- Actions: email, SMS, webhook, queue
// infra Infrastructure
Automatic scaling
The same platform serves your first project and your traffic peak. No server to size, no instance to pick, no migration. Usage goes up, the system keeps up; it falls, you're no longer billed for what wasn't consumed.
- Zero scaling configuration
- Same platform from MVP to millions
- No migration, no refactor
Multiple regions
Each project runs in the country you pick when creating it. Low latency for your user base, data residency aligned with local regulation. Moving the project later is possible, with notice.
- You pick the location at creation
- Local compliance
- Migration possible with notice
Backups
Weekly backup always included, in every project. For shorter windows, daily and hourly frequencies are available as optional add-ons, billed monthly at the project location's rate. Restore from the console, with review before applying.
- Weekly included, always
- Daily and hourly as add-ons
- Restore from the console
7+ regions to host in.
Picked when you create the project. Can be moved later with notice.
Fine-grained permissions, down to the field.
You define the project tags (e.g. manager, finance, support) and give a single tag to each user. On each resource, you pick which tags are allowed. Inside the resource, you can fine-tune it field by field — who can view, who can edit.
One tag per user
Each user gets a single tag. You create as many tags as you want inside the project, named however makes sense for your team.
Allowed tags per resource
On each resource (Invoices, Customers, Orders...) you select which tags get access. Users without an allowed tag can't see the resource.
Field-by-field refinement
For each field, choose which tags can view it and which can edit it. Example: on an Invoice, the manager tag edits the "amount" field; the support tag can only view it.
Automatic JWT enforcement
Tarello checks every call. If the user's tag isn't allowed, the route returns 403 without reaching the data.
Your API protected at every layer.
Security is the floor, not an upsell. Everything below is standard in every project.
Per-project JWT
Each project has its own signing key. Tokens from one project don't work in another.
TLS everywhere
All routes serve over HTTPS only. No exceptions, no open internal ports.
Encrypted data
At-rest encryption for storage. Backups inherit the same protection.
Revocable sessions
The user (and your system) can list and kill sessions any time via console or API.
Optional 2FA
Two-factor via TOTP or code. Enable it in the project's Auth settings.
Per-key rate limit
API-key-level limits to prevent abuse. Configurable in the console.
Audit log
Who changed what, and when. Auditable logs stored by default.
Project isolation
Data from one project never mixes with another, even within your own account.
Start today. No card, no install.
Create your organization, open a project and build your first resource in minutes. The free tier stays with you while you validate the idea.