Cross-domain references: API (from api-products), Subscription (from plans-subscriptions)
Customer(.Email Address) is an entity type.
Account(.Customer, .OAuth Provider) is an entity type.
API Key(.Key Value) is an entity type.
Two Factor Token(.Customer, .Token) is an entity type.
Two Factor Confirmation(.Customer) is an entity type.
Admin is a subtype of Customer. Not every Customer is an Admin.
Name is a value type.
Payment Method is a value type.
Email Address is a value type.
User Role is a value type. The possible values of User Role are 'USER', 'ADMIN'.
Key Value is a value type.
OAuth Provider is a value type. The possible values of OAuth Provider are 'github', 'google', 'okta', 'resend'.
Avatar is a value type.
Token is a value type.
Password Hash is a value type.
Two Factor Enabled is a value type.
Access Token is a value type.
Refresh Token is a value type.
Expires At is a value type.
Provider Account Id is a value type.
Email Domain is a value type.
Key Transport is a value type. The possible values of Key Transport are 'query parameter', 'request header', 'authorization header'.
Key Param Name is a value type. The possible values of Key Param Name are 'apikey', 'apiKey', 'key', 'token', 'X-API-Key', 'X-ApiKey', 'Bearer'.
Customer has Name. Customer has User Role. Customer has API Key. Customer has Avatar. Customer has Password Hash. Customer has Two Factor Enabled. Customer has Payment Method. Customer authenticates via Account. Customer has Email Domain. Subscription belongs to Customer.
API accepts API Key via Key Transport with Key Param Name.
Account has Provider Account Id. Account has Access Token. Account has Refresh Token. Account has Expires At.
Each Customer has at most one Name. Each Customer has at most one User Role. Each Customer has at most one API Key. Each API Key belongs to at most one Customer. Each Customer has at most one Avatar. Each Customer has at most one Password Hash. Each Customer has at most one Two Factor Enabled. Each Account has at most one Provider Account Id. Each Provider Account Id belongs to at most one Account. Each Account has at most one Access Token. Each Account has at most one Refresh Token. Each Account has at most one Expires At. Each Subscription belongs to at most one Customer. Each Customer has at most one Email Domain.
For each combination of Key Transport and Key Param Name, API accepts API Key via that Key Transport with that Key Param Name at most once.
API accepts API Key via Key Transport 'query parameter' with Key Param Name 'apikey'. API accepts API Key via Key Transport 'query parameter' with Key Param Name 'apiKey'. API accepts API Key via Key Transport 'query parameter' with Key Param Name 'key'. API accepts API Key via Key Transport 'query parameter' with Key Param Name 'token'. API accepts API Key via Key Transport 'request header' with Key Param Name 'X-API-Key'. API accepts API Key via Key Transport 'request header' with Key Param Name 'X-ApiKey'. API accepts API Key via Key Transport 'authorization header' with Key Param Name 'Bearer'.
Each Customer authenticates via some Account.
Customer has User Role 'ADMIN' := Customer has Email Domain 'driv.ly' or Customer has Email Domain 'repo.do'.