Supporting Private Spaces as an Add-on Partner

Last updated December 03, 2024

Heroku Private Spaces allow you to run dynos within an isolated environment. Add-on partners can easily enable support for Private Spaces for their add-ons to be with a few changes to provisioning flow. More info on add-on support in Private Spaces.

When a customer requests an add-on for an app in a space, a special region attribute gets sent to your integration endpoint.

Supporting Heroku Private Spaces

You can follow these steps to integrate your add-on with Heroku Private Spaces:

  1. Ensure your add-on infrastructure is ready to provision add-ons in the regions you want to support,
  2. Use the heroku addons-admin CLI plugin to update your add-on manifest to include the relevant Private Space regions as defined in the manifest region field,
  3. Inspect the region field included in a provision request,
  4. Create your add-on instance in the region best suited to minimize latency, and
  5. Complete and respond to the provisioning request normally with your add-on configuration parameters.

After you’ve updated your manifest region field with the correct Private Space regions, your add-on’s elements page, the Add-on Runtime Availability list and other Heroku properties will update to display the new settings.

Fir-Generation Private Spaces

If your add-on also supports Fir-generation Private Spaces, enable support in the add-on partner portal under the Settings tab. See Add-ons Generation Compatibility Guide for Partners for details.

Plan Availability

We assume by default that all plans are available in all regions. To make only some plans available in Private Spaces, you can:

  1. Add a new Available in Private Spaces? boolean feature in the add-on partner portal under the Features & Plans tab.
  2. Configure the feature correctly for each plan to articulate Private Space availability.
  3. Return a 422 status code when user requests a plan not available in a space’s region. Be sure to create a useful message attribute explaining why the provisioning rejected.

Security

Traffic between your add-on and the space goes out over public internet routes. End-to-end transport layer encryption is key. We don’t currently support directly peered connections for third-party add-on partners.

Feedback

Log in to submit feedback.