← back to portfolioBuild With Athar// case study
CASE STUDY · /feedback-central

Feedback Central

A multi-tenant feedback SaaS — embeddable widget on the user side, JWT-protected triage dashboard on the team side.

ROLE
Solo Lead Engineer · Dual-Auth Architecture
TIMELINE
2025
TEAM
1 (solo)
STATUS
Production

Any client app drops a single script tag → end users get a feedback widget; the team gets a triage dashboard. Two completely isolated attack surfaces share zero auth state.

The widget is a standalone ~10KB ES5 script — no build step, no framework. It exposes window.FeedbackWidget.{open, close, configure} so host apps control placement entirely.

Tools like Canny lump end-user submission and team triage behind the same auth — meaning user widgets either require login (high friction) or rely on weak anonymous tokens that leak the full API.
Node.jsExpressMySQL 8EJSTailwind CDNbcryptjsJWT
Live in production for multiple tenant apps. Hard isolation of attack surfaces means a leaked widget key can't touch dashboard endpoints — and a compromised dashboard cookie can't submit fake widget data.

Want this in your stack? Let's talk.