Codapult supports per-organization branding so customers can make the dashboard feel native to their brand without forking the app.
What can be customized
Organization branding currently supports:
- Primary color
- Sidebar color
- Accent color
- Optional custom CSS class values
- "Powered by" visibility, when enabled in the product config
Branding is stored as JSON on the organization.branding column and applied at runtime.
Key files
| File | Purpose |
|---|---|
src/lib/white-label/types.ts | Branding types and safe value checks |
src/lib/white-label/index.ts | Read, update, and convert branding to CSS variables |
src/app/api/branding/route.ts | Branding read/update API |
src/components/dashboard/BrandingProvider.tsx | Runtime injection point |
src/lib/db/schema.ts | organization.branding column |
Security model
Branding values are sanitized before they become CSS. Color values must match safe CSS color formats, and custom classes are filtered before use. This prevents customer-controlled branding from becoming a CSS injection vector.
API
| Route | Method | Purpose |
|---|---|---|
/api/branding?orgId=... | GET | Read organization branding |
/api/branding | POST | Update organization branding |
Only authorized organization members should be allowed to change branding in a production product. Keep that permission check close to your organization settings UI.