Agentic teams
Beta
This feature is in beta. We know agents are the future of work. However, we are still defining the best practices for agentic implementation inside software agencies. This is an opt-in beta. If you would like to enroll or apply to join the beta program, we would love your feedback and your help shaping how agentic work evolves for software agencies.

Meet the AI agents built into Platfio. Each one is tuned for a real software agency role and connected to the platform features that let it do useful work, not just generate text.

View all agents
For Business Owners

If you're a business owner looking for custom software, we can connect you with an expert Platfio agency that will build a holistic, tailored solution for your business — from mobile apps, to websites, to internal tools.

Browse all business types
Customers Pricing Contact Sales
Enterprise

Selling Platfio Implementations Into the Enterprise

Hayden Cassar Hayden Cassar Oct 6, 2025 3 min read

Table of contents

On this page

Selling Platfio implementations into enterprise customers is possible. Agencies have already delivered Platfio-powered apps across different industries, markets, and operating environments.

The business case is similar to the SMB clients you have likely already sold to: better customer experiences, more efficient workflows, faster launches, and software that can be easily managed by non-technical stakeholders.

Enterprise stakeholders will simply ask more detailed technical questions about infrastructure, integration, security, ownership, and support before they approve the opportunity. This guide gives you the language and decision points you need to answer those questions, reassure technical stakeholders, and keep the deal moving forward.

Deployment Models

Platfio-hosted tenant

For most customers, the app runs as a tenant in Platfio’s GCP infrastructure.

Keep this section brief:

  • fastest path to launch
  • shared operational responsibility
  • standard Platfio maintenance and upgrades

Platfio-hosted single tenant

For enterprise customers that need more isolation without owning the infrastructure, the app can run as a single tenant in Platfio’s GCP infrastructure.

Keep this section brief:

  • dedicated tenant isolation
  • Platfio-managed infrastructure
  • simpler operations than client-owned infrastructure

Client-owned single tenant

For enterprise customers, Platfio can be deployed into the client’s own GCP environment.

Keep this section brief:

  • stronger client-side infrastructure control
  • clearer enterprise procurement fit
  • more implementation and support planning

Note: this requires both the agency and the individual app to be on an enterprise plan.

Frontend

Core

Platfio includes a configurable frontend layer with core modules for auth, segments, products, bookables, subscribables, forms, pages, and more.

These modules can be implemented and customized with no code. Most client requirements should start here: configure the module, adjust the page structure, connect the right data, and keep the app inside the standard Platfio upgrade path.

Extension / Customization

When the standard modules are not enough, custom frontend features can be added with HTML, CSS, and JavaScript.

We recommend LitJS for custom application features because it works well for focused, reusable UI components inside the Platfio app. Custom pages and components can use window.access to reach Platfio-provided helpers, including authenticated Firebase SDK access, Capacitor plugins, and other platform services exposed to the app.

Use frontend customization for client-specific user experiences, custom interaction flows, or specialist UI that should live inside the deployed application.

Backend

Core backend services

Every Platfio module includes pre-configured backend functions that are deployed with the application.

For example, when an order is made, a Cloud Function runs the checkout, product, notification, and fulfilment behavior configured through the no-code interface. The exact behavior depends on the checkout settings, product details, automations, and module configuration already set up inside Platfio.

Default Cloud Functions include:

  • OrderWritten
  • BookingWritten
  • SubscriptionWritten
  • SubscriptionPaymentWritten
  • FormSubmissionWritten
  • UserWritten
  • UserSegmentWritten
  • UserCounterWritten

No-code and low-code backend services piggyback on these core application events.

No-code custom backend services

Platfio automations and webhooks can hook into application events and respond without custom code.

Use this layer when a client needs to send a webhook to an external service, trigger an internal workflow, notify a team, update a record, or run a sequence of configured steps in response to something happening inside the app.

Low-code custom backend services

Automations can also include custom Node.js where a workflow needs more logic than the standard no-code steps provide.

Use this layer for lightweight backend extensions that still belong inside Platfio’s automation system: data transforms, conditional logic, small integrations, or workflow steps that need code but do not need a separate deployment surface.

Platfio-deployed Cloud Functions

For deeper backend customization, custom Cloud Functions can be deployed through the Platfio interface.

Use this layer when the client needs custom backend behavior that should still be deployed and managed through Platfio: custom APIs, heavier integrations, specialized processing, or backend workflows that should live beside the deployed application.

Build your own backend

For enterprise clients that want full control, you can deploy your own backend infrastructure into the client’s cloud environment and connect it to the Platfio frontend.

Custom frontend code can make authenticated HTTP requests to your backend services. Requests can include the authenticated user’s bearer token, and your backend can use Firebase Admin SDK credentials, including a service account, to verify the user and authorize the request before running custom infrastructure.

CI/CD

Platfio-managed CLI

Platfio’s CI/CD is designed around a command line tool that builds and deploys applications consistently across environments.

In 99% of implementations, that CLI runs on Platfio’s infrastructure. It deploys the application either into a Platfio-hosted tenant or into a client-owned single-tenant GCP environment, depending on the deployment model chosen for the enterprise client.

Client-owned GitHub Actions

Some enterprise clients require the full build and release process to run inside their own infrastructure.

For those implementations, Platfio can install the CLI into a GitHub Actions environment owned by the client. This keeps the deployment workflow aligned with the client’s infrastructure ownership, procurement, and security requirements.

GitHub Actions is the preferred environment for this path because some deployments need to run on a Mac runner. That requirement means the CLI cannot always be moved into another build environment, such as Cloud Build, unless that environment will only update the backend and web application.

Integration Patterns

Platfio recommends choosing one of the following integration patterns. They move from the fastest setup to the highest-control enterprise model.

No-code Webhooks / Endpoints

Use webhooks and endpoints when Platfio needs no-code controls for sending events out and receiving events back in through a Zapier-style integration platform. This pattern uses HTTP requests, platform triggers, and secret URL authentication.

flowchart LR
  subgraph ClientGCP["Client GCP app environment"]
    subgraph Records["App Data Layer"]
      Auth["Firebase Auth"]
      Firestore["Firestore"]
      Storage["Cloud Storage"]
    end

    subgraph Services["Core Firebase services"]
      Functions["Cloud Functions"]
      Scheduler["Cloud Scheduler"]
    end

    NoCodeIO["Webhook / Endpoint"]

    Auth <--> Functions
    Firestore <--> Functions
    Storage <--> Functions
    Scheduler --> Functions
    Functions <--> NoCodeIO
  end

  subgraph ClientSide["Client-side integration path"]
    direction TB

    subgraph IPaaS["Integration platform as a service"]
      Provider["iPaaS provider<br/>(Zapier-style)"]
    end

    subgraph Client["Client enterprise environment"]
      Integration["Custom integration service"]
      Service["Existing internal services<br/><small>e.g. users, notifications,<br/>orders, bookings</small>"]
      Record["Client systems of record<br/><small>e.g. Salesforce, SAP,<br/>Databricks, MongoDB, MySQL</small>"]

      Integration <--> Service <--> Record
    end
  end

  NoCodeIO <-->|"HTTP request<br/>platform trigger<br/>secret URL auth"| Provider
  Provider --> Integration
  Provider --> Service
  Provider --> Record

Low-code Automations

Use low-code automations when an automation should trigger a custom Node.js step, or when a network request should trigger an automation that can then run a custom Node.js step.

flowchart LR
  subgraph ClientGCP["Client GCP app environment"]
    subgraph Records["App Data Layer"]
      Auth["Firebase Auth"]
      Firestore["Firestore"]
      Storage["Cloud Storage"]
    end

    subgraph Services["Core Firebase services"]
      Functions["Cloud Functions"]
      Scheduler["Cloud Scheduler"]
    end

    Automation["Automation trigger<br/>HTTP automation trigger"]
    Node["Custom Node.js step<br/>send / process request"]

    Auth <--> Functions
    Firestore <--> Functions
    Storage <--> Functions
    Scheduler --> Functions
    Functions <--> Automation <--> Node
  end

  subgraph Client["Client enterprise environment"]
    Integration["Custom integration service"]
    Service["Existing internal services<br/><small>e.g. users, notifications,<br/>orders, bookings</small>"]
    Record["Client systems of record<br/><small>e.g. Salesforce, SAP,<br/>Databricks, MongoDB, MySQL</small>"]

    Integration <--> Service <--> Record
  end

  Node <-->|"HTTP request<br/>REST API<br/>shared secret auth"| Integration

Custom integration services

Use custom integration services when the integration needs a dedicated place for mapping, retries, credentials, routing, and operational logging outside the no-code automation path.

Direct custom integration service

flowchart LR
  subgraph ClientGCP["Client GCP app environment"]
    subgraph Records["App Data Layer"]
      Auth["Firebase Auth"]
      Firestore["Firestore"]
      Storage["Cloud Storage"]
    end

    Integration["Custom integration service"]
    Trigger["Custom trigger"]

    Trigger --> Integration
    Auth <--> Integration
    Firestore <--> Integration
    Storage <--> Integration
  end

  subgraph Client["Client enterprise environment"]
    ClientIntegration["Custom integration service"]
    Service["Existing internal services<br/><small>e.g. users, notifications,<br/>orders, bookings</small>"]
    Record["Client systems of record<br/><small>e.g. Salesforce, SAP,<br/>Databricks, MongoDB, MySQL</small>"]

    ClientIntegration <--> Service <--> Record
  end

  Integration <-->|"HTTP request<br/>REST API<br/>shared secret auth"| ClientIntegration

Enterprise API gateway option

Use an enterprise API gateway when the client wants the strongest control over inbound traffic, authentication, policy enforcement, and system access.

flowchart LR
  subgraph ClientGCP["Client GCP app environment"]
    direction LR

    subgraph Sources[" "]
      direction TB
      Trigger["Pub/Sub events or<br/>Cloud Function triggers"]

      subgraph Records["App Data Layer"]
        direction TB
        Auth["Firebase Auth"]
        Firestore["Firestore"]
        Storage["Cloud Storage"]

        Auth --> Firestore --> Storage
      end

      Trigger --> Auth
    end

    Integration["Custom integration service"]

    subgraph Boundary["API boundary"]
      direction TB
      HttpClient["Outbound API service<br/><small>Cloud Run</small>"]
      HttpGateway["API HTTP gateway<br/><small>Cloud Load Balancer or Apigee</small>"]
      BoundaryNote["Use Secret Manager,<br/>Cloud Armor / CDN,<br/>logging, metrics, and traces<br/>(as appropriate)"]

      HttpClient --> HttpGateway --> BoundaryNote
    end

    Trigger --> Integration
    Auth <--> Integration
    Firestore <--> Integration
    Storage <--> Integration
    Integration --> HttpClient
    Integration <--> HttpGateway
  end

  subgraph Client["Client enterprise environment<br/>(abbreviated)"]
    direction TB
    Gateway["API gateway"]
    EnterpriseClient["Outbound API service"]

    Gateway ~~~ EnterpriseClient
  end

  HttpClient <-->|"HTTP request<br/>gRPC API<br/>mTLS auth"| Gateway
  HttpGateway <--> EnterpriseClient

  style Sources fill:transparent,stroke:transparent
  style Boundary fill:transparent,stroke:transparent
  style BoundaryNote fill:transparent,stroke:transparent,color:#4b5563
  linkStyle 0 stroke:transparent,fill:none
  linkStyle 1 stroke:transparent,fill:none
  linkStyle 2 stroke:transparent,fill:none
  linkStyle 3 stroke:transparent,fill:none
  linkStyle 4 stroke:transparent,fill:none

Enterprise data ownership

Use a client-owned system of record pattern when the deployed applications should use Platfio for authentication and application delivery, but all business data should remain inside the client’s enterprise environment.

In this model, Android, iOS, and web applications sign users in through Firebase Auth. Firebase Auth can use SAML or OpenID Connect to connect to the client’s existing identity provider for single sign-on. Firebase Cloud Messaging can also stay in the app environment for push notifications, since most enterprises do not want to operate that service themselves. After sign-in, the applications call the client’s application API gateway directly with the authenticated user’s bearer token.

flowchart LR
  subgraph Apps["Client applications"]
    Android["Android app"]
    IOS["iOS app"]
    Web["Web app"]
  end

  subgraph ClientGCP["Client GCP app environment"]
    Auth["Firebase Auth"]
    FCM["Firebase Cloud Messaging<br/><small>optional</small>"]
  end

  subgraph Identity["Client identity environment"]
    IdP["Client identity provider"]
  end

  subgraph Client["Client enterprise environment"]
    Cdn["Cloud CDN and Cloud Armor<br/><small>optional</small>"]
    Gateway["API gateway and client<br/><small>optional</small>"]
    Integration["Custom integration service"]
    Queue["Enterprise event bus<br/><small>Kafka, RabbitMQ,<br/>Azure Service Bus,<br/>Amazon SQS, Google Pub/Sub</small>"]
    Service["Existing internal services<br/><small>e.g. users, notifications,<br/>orders, bookings</small>"]
    Record["Client systems of record<br/><small>e.g. Salesforce, SAP,<br/>Databricks, MongoDB, MySQL</small>"]

    Cdn --> Gateway --> Integration --> Queue --> Service --> Record
  end

  Android --> Auth
  IOS --> Auth
  Web --> Auth
  FCM --> Android
  FCM --> IOS
  FCM --> Web
  Auth <-->|"SAML / OpenID Connect<br/>single sign-on"| IdP
  Android --> Cdn
  IOS -->|"HTTP request<br/>REST or Graph API<br/>Firebase Auth bearer token"| Cdn
  Web --> Cdn

  classDef optional fill:#f4f1ff,stroke:#9b7cff,stroke-dasharray: 4 4,color:#4b5563,opacity:0.72
  class Cdn,Gateway,Queue,FCM optional

How to Choose

Use this simple rubric:

PatternUse whenIntegration and auth model
Platfio-hosted tenantThe client wants the fastest path, managed operations, and standard delivery.Platfio owns the primary infrastructure path.
Platfio-hosted single tenantThe client needs stronger tenant isolation, but still wants Platfio to manage the infrastructure.Platfio runs a dedicated single tenant inside Platfio’s GCP infrastructure.
Client-owned single tenantThe client needs infrastructure ownership, stricter procurement requirements, or deeper enterprise controls.Platfio is deployed into the client’s GCP environment.
No-code webhooks / endpointsThe integration can flow through an iPaaS provider for simple trigger-based workflows.Mapping happens in the iPaaS layer; authentication can use a secret URL or simple bearer token handling.
Low-code automationsThe integration needs custom Node.js logic without requiring an iPaaS provider for mapping.Mapping can happen inside Platfio automation logic; API keys and shared secrets can be retrieved from Secret Manager.
Custom integration servicesThe integration needs dedicated mapping, retries, credential handling, routing, or operational logging, and API key or shared secret authentication is sufficient.A custom service owns the integration boundary and can use API key or shared secret authentication.
Enterprise API gateway optionThe client needs the custom integration pattern, but requires mTLS for authentication.The client API gateway becomes the controlled enterprise entry point and enforces mTLS.
Client-owned system of recordThe client wants Platfio application delivery while minimizing data stored in Platfio-controlled services.Firebase Auth and optional Firebase Cloud Messaging may still store required identity or messaging data, but business data should prefer the client’s systems of record.

FAQs From Enterprise Architects

When presenting Platfio to a CTO, enterprise architect, CISO, VP Engineering, or Head of Platform, these are common questions agencies should be ready to field during the sales process.

Error handling

When fielding questions from enterprise architects about error handling, always note the following:

  • Design idempotency into integration services and event handlers wherever practicable.
  • Use retries with exponential backoff and timeouts.
  • Use dead-letter queues for failed or unprocessable events.
  • Use compensating actions when consistency needs to be repaired across systems.
  • Use observability with correlation IDs so failures can be traced across the integration boundary.

Authentication

When fielding authentication questions from enterprise architects, always map the required authentication strength back to the integration pattern:

  • Use no-code webhooks and endpoints when a secret URL is sufficient, or when the client accepts simple bearer token handling. Note: some iPaaS providers can decode bearer tokens; Platfio can send and decode them, but no-code shared secrets are stored in Firebase behind security rules, not Secret Manager.
  • Use low-code automations when API keys (shared secret authentication) are sufficient and the workflow needs more control. Note: low-code automations can retrieve secrets from Secret Manager during triggers and workflow actions.
  • Use direct custom service integrations when API keys (shared secret authentication) are sufficient and the client does not require gateway-level policy enforcement.
  • Use mTLS in the enterprise API gateway option when the client requires stronger authentication at the enterprise boundary.
  • As in the enterprise data ownership model, Firebase Auth can use a custom provider to connect the client’s existing identity provider, provided it supports SAML or OpenID Connect. The enterprise environment can then verify the signed-in user’s JWT using the Firebase Admin SDK and a service account issued for token verification.

Authorization

When fielding authorization questions from enterprise architects, always clarify where access decisions will live:

  • By default, Platfio includes a role-based access control system where users are staff members, managers, or directors. In enterprise situations, these roles will often be insufficient, so the segments module can be used to create customer segments that correspond to custom roles or attributes, assign them to users, and support RBAC or ABAC authorization flows enforced by Platfio’s standard Firestore and Cloud Storage security rules.
  • Platfio does not include an out-of-the-box ACL system. ACLs can be implemented from scratch based on the client’s systems of record, or with custom entities in Firestore enforced by security rules.
  • For service-to-service communication, prefer service accounts with cloud provider IAM patterns that implement the principle of least privilege. For example, a custom integration service might use a service account to call the orders service, with that service account explicitly granted the Cloud Run Invoker role for that service.

APIs

When fielding API questions from enterprise architects, always connect the API style to the integration pattern:

  • REST APIs are generally well understood by all parties and are a strong default option.
  • GraphQL may be preferable in the enterprise data ownership model, where the app reads from the enterprise’s systems of record through an integration service and multiple calls may otherwise be required to render a page.
  • For multi-cloud service-to-service communication, gRPC may be the organization’s preference when it wants lower latency and stronger type safety across enterprise API gateway boundaries.

Testing

When fielding testing questions from enterprise architects, always explain that test coverage can be built to the client’s specifications:

  • Platfio supports testing across application and integration code.
  • Unit tests will be written for custom source code in your integration to the client’s required level of code coverage.
  • Integration tests can use Firebase emulators where Firebase services are part of the flow.
  • End-to-end tests can use Playwright, which is available in Platfio’s testing platform by default, or be built elsewhere to test full user and integration flows in the Platfio application.
  • Quality of tests matters more than quantity of tests; the goal is useful confidence in the flows that matter.

Observability

When fielding observability questions from enterprise architects, always clarify what each team can see and who owns investigation:

  • Agree on logs, metrics, and traces.
  • Use correlation IDs across the Platfio and enterprise boundary.
  • Define alerting ownership and escalation paths.
  • Clarify which team investigates which classes of failures.
  • For frontend observability, use tag manager integrations where appropriate; Google Analytics can support marketing analytics, while tools such as PostHog can provide a more complete product usage picture.

Multi-region support

When fielding multi-region questions from enterprise architects, always separate the default configuration from enterprise-specific requirements:

  • By default, Firebase is configured in a single region.
  • If the business need requires lower latency, higher availability, or stronger geographic resilience, Firestore can be implemented multi-region.
  • Confirm which Firebase services support the required regional model before committing to the architecture.

Disaster recovery

When fielding disaster recovery questions from enterprise architects, always tie the answer to the deployment model and operating responsibilities:

  • Agree recovery time objectives and recovery point objectives.
  • Clarify backup requirements and restore ownership.
  • Identify dependencies on downstream enterprise systems.
  • For client-owned single tenant deployments, align disaster recovery controls with the client’s GCP, identity, network, logging, and incident response processes.

Scale

When fielding scale questions from enterprise architects, always frame the conversation as a joint architecture review:

  • Platfio infrastructure is designed to be stateless, horizontally scalable, and automatically scaled.
  • Scale discussions should include downstream enterprise service limits.
  • Discuss rate limits, queueing, and backpressure on services Platfio relies on inside the client’s environment.
  • Frame this as shared planning, not criticism of the client’s systems.

Data consistency

When fielding data consistency questions from enterprise architects, always clarify the consistency model:

  • Identify the source of truth for each business object and, where needed, each important field. The client system might own customer identity while Platfio owns workflow status, app activity, or operational state.
  • Decide whether the integration uses one-directional sync from Platfio to the client’s system of record. This is simpler and often the right MVP choice; after records are sent, they should be locked or treated as non-editable in Platfio.
  • If the integration needs bi-directional sync, agree the conflict rules up front: which system wins, how field-level differences are merged, how duplicate or out-of-order events are handled, and what sync delay is acceptable.
  • Define how records are matched across systems, including external IDs, mapping tables, duplicate handling, merge behavior, and whether deletes become hard deletes, soft deletes, or archives.
  • Explain retry behavior, idempotency, and where eventual consistency is expected, using plain language about what users may see while data is still syncing.
  • Plan reconciliation and repair paths for drift between systems, including audit logs, exception queues, manual review ownership, and compensating actions where cross-system state needs to be fixed.

Schema flexibility

When fielding schema flexibility questions from enterprise architects, always explain how schema change will be handled:

  • Use Platfio configuration for standard fields and standard modules.
  • Use custom integration services for mapping and transformation.
  • Use versioned contracts when client systems evolve independently.
  • Agree how breaking changes, optional fields, and deprecated fields will be managed.
Hayden Cassar

Written by

Hayden Cassar

Related Articles