Introduction
Tether is free, open-source IT asset management purpose-built for Managed Service Providers. Track every device across every client from a single installation, give each client their own branded portal, and manage who has what — with a complete checkout history, warranty tracking, and QR labels included.
What is Tether?
Tether is a web-based platform that runs on your server (or ours at atechsolutions.org) and is accessed through a web browser. There is no executable file to download and run — it is a server-side application.
The core design decision that separates Tether from tools like Snipe-IT is
multi-tenancy. One Tether installation serves your entire MSP.
Each client organisation lives in a completely isolated space with its own
assets, users, categories, and locations. A client user logging into
acme.atechsolutions.org can only ever see Acme Corp's data — never
another client's.
Tether must be run on a web server and accessed through a browser. It runs on Linux, macOS, or Windows (via Docker). You are expected to have basic comfort with a terminal — or use Docker, which removes most of that complexity.
Key concepts
MSP
The top-level account. An MSP admin logs in to the root domain
(atechsolutions.org) and sees all client organisations from
a unified dashboard. MSP staff users have is_msp_staff = true
and have no tenant restriction.
Tenant
A client organisation. Every record in Tether — assets, users, categories, locations, people, requests — belongs to exactly one tenant. Tenants are completely isolated at the database query level; there is no way for a client user to read another tenant's data, even through the API.
Each tenant has a slug — a short identifier that becomes
their subdomain. A tenant with slug acme is accessed at
acme.atechsolutions.org (or acme.yourdomain.com for
self-hosted installs with a custom BASE_DOMAIN).
Asset
A physical device or piece of equipment tracked in the system. Each asset has a unique asset tag within its tenant, a status, and optional metadata including serial number, purchase cost, warranty expiry date, and notes. The four asset statuses are:
| Status | Meaning |
|---|---|
available | In stock, ready to be checked out |
deployed | Checked out to a person |
maintenance | Out of service, being repaired or inspected |
retired | End-of-life, no longer in use |
Roles and permissions
Access control in Tether has two layers: roles (named presets) and per-user permission overrides on top of those roles. This lets you give an exec full read access while a manager can check out but not delete — all within the same role tier.
| Role | Scope | Default access |
|---|---|---|
msp_admin | All tenants | Full control — all 17 permissions |
msp_technician | All tenants | Asset management, no billing or account settings |
client_admin | Own tenant only | Full control within their organisation |
client_manager | Own tenant only | Manage assets, check-out/in, people — no user management |
client_viewer | Own tenant only | Read-only — view and export only |
Architecture
Tether is a single application with no microservices or external dependencies beyond a database:
| Layer | Technology | Notes |
|---|---|---|
| Backend API | Python 3.12 + FastAPI | REST API served at /api/* |
| Frontend | Vanilla JavaScript SPA | Single-page app served from / |
| Database | MariaDB 11 (default) | Also supports PostgreSQL and SQLite |
| Auth | bcrypt + JWT | 7-day tokens, stored in localStorage |
| Charts | Chart.js (vendored) | No CDN dependency — works offline |
| Deployment | Docker + Compose | Also supports systemd bare-metal |
The application determines the active tenant from the HTTP Host
header on every request. A request to acme.atechsolutions.org is
automatically scoped to the Acme tenant — no session switching required.
Deployment options
| Option | Best for | Setup time |
|---|---|---|
| Self-hosted via Docker | MSPs who want full data control | 15–30 minutes |
| Self-hosted bare-metal | Existing servers without Docker | 30–60 minutes |
Open source
Tether is released under the MIT licence. The full source code is available on GitHub. Self-hosted installs have no asset limits, no feature restrictions, and no billing. The hosted SaaS version exists for MSPs who would rather not manage infrastructure.
The codebase that runs at atechsolutions.org is identical to what you can
download and run yourself — DEPLOYMENT_MODE=saas is the only variable
that enables billing tier enforcement.
New to Tether? Begin with the Quickstart to get a working setup in minutes, then continue to deployment and operations topics.
File structure
Tether follows a standard Python project layout:
texttether/ ├── backend/ │ ├── main.py # FastAPI app — mounts all routers and serves frontend │ ├── security.py # JWT auth, bcrypt, tenant resolution from Host header │ ├── billing.py # Tier definitions and limit enforcement │ ├── db/ │ │ └── database.py # Engine, session, seed logic │ ├── models/ │ │ └── models.py # SQLAlchemy ORM models │ ├── schemas/ │ │ └── schemas.py # Pydantic request/response schemas │ └── routers/ │ ├── auth.py # Login, /me, change-password │ ├── assets.py # Asset CRUD, checkout/in, QR, CSV │ ├── categories.py │ ├── locations.py │ ├── users.py # Employees (people assets are assigned to) │ ├── user_mgmt.py # User accounts and permission overrides │ ├── tenants.py # Tenant CRUD and custom domains │ ├── dashboard.py # Stats endpoint (MSP aggregate + tenant-scoped) │ ├── invites.py # Invite token generation and acceptance │ ├── requests.py # Asset requests │ ├── billing_router.py # Usage status and tier management │ └── demo.py # Demo reset (only mounted in demo mode) ├── frontend/ │ ├── templates/ │ │ └── index.html # SPA shell — loads all JS and CSS │ └── static/ │ ├── css/style.css │ └── js/ │ ├── app.js # API layer, auth, router, helpers │ ├── views.js # Login, shell, MSP dashboard, client management │ ├── views2.js # Assets, categories, locations, employees, settings │ ├── icons.js # Inline SVG icon set │ └── chart.umd.js # Chart.js (vendored — no CDN required) ├── Dockerfile ├── docker-compose.yml ├── requirements.txt ├── install.sh ├── .env.example └── .env.demo
Every command in this documentation is run from the tether/ project directory unless explicitly stated otherwise. Running commands from a different directory will produce errors.
Getting help
If you run into an issue not covered by these docs, you have several options:
- Check Troubleshooting — common errors with exact error messages and their fixes
- GitHub Issues — github.com/atechlab-am/tether/issues — search before opening
- Email support — support@atechsolutions.org — we respond same day