Lifecycle · Draft
Onboarding Provisioning Spec
Purpose
Operational spec for what gets created during onboarding, how plan/SKU drives limits, and which sub-items run per platform — including pixels, catalogs, events by business type, and client-consent social linking.
API method names: onboarding-api-cross-check.md. Process flow: onboarding.md.
1. Plan / SKU entitlements (drive all limits)
Each client contract maps to a plan_id (SKU). The onboarding orchestrator reads plan_entitlements before creating any platform object. Limits are stored on tenant_registry and enforced by guardrails + Cost Guard — not honor-system.
Illustrative plan matrix (tune before launch)
| Entitlement | Starter | Standard | Ecommerce | Ecommerce+Social |
|---|---|---|---|---|
| Channels | Google, Meta | Google, Meta, GA4, CRM | + Merchant, catalog Meta/Google | + TikTok |
| Ad accounts | 1 Google + 1 Meta | Same | + MCA sub-account | + 1 TikTok advertiser |
| Monthly media cap (client-approved) | ₺30k | ₺150k | ₺300k | ₺500k |
| Credit sub-limit (agency pool) | ₺35k | ₺175k | ₺350k | ₺550k |
| Meta ad account spend cap | = sub-limit | = sub-limit | = sub-limit | = sub-limit |
| Optimization cycles / mo | 8 | 24 | 24 | 36 |
| Catalogs | — | — | Google MC + Meta catalog | + TikTok catalog |
| DV360 | — | — | — | Optional add-on |
| Special Ad Category | From onboarding business type → eligibility flag | From onboarding business type → eligibility flag | From onboarding business type → eligibility flag | From onboarding business type → eligibility flag |
# Illustrative — tenant_registry.provisioning
tenant_id: uuid
plan_id: standard_v1
vertical: health
entitlements:
monthly_media_cap_try: 150000
credit_sub_limit_try: 175000
channels: [google_ads, meta, ga4, crm]
catalogs: []
meta_spend_cap_try: 175000
optimization_cycles_per_month: 24Upgrade path: plan change → orchestrator updates caps (Meta spend_cap, internal guardrails, entitlement row) — does not recreate ad accounts unless channel added.
2. Agency credit line & account limits
Agency master (Kobi ops — once per platform)
Clients never enter payment details. Kobi finance configures agency billing before any tenant onboarding. New ad accounts inherit the master profile. Clients receive Kobi monthly invoices only (ERP).
| Platform | Master instrument | Ops action |
|---|---|---|
| Google Ads | MCC monthly invoicing + Kobi entity identity verify | Pre-configured; shells inherit; MCC Verification Hub bulk — PRE-1, PRE-7 |
| Meta | Extended credit + Kobi entity business verify on BM | Finance + Meta UI — one-time — PRE-2, PRE-8 |
| TikTok | BC prepaid + Kobi entity business verify | BC admin — one-time — PRE-3, PRE-9 |
| DV360 | GMP invoicing | Sales contract — PRE-6 |
Per-tenant (automated from plan_id + billing source)
| Control | Where enforced | API / system |
|---|---|---|
| Credit sub-limit | tenant_registry |
Internal; reconcile vs platform spend nightly. If prepay: set from parent billing internal API balance (ADR 0004); else finance-owned source TBD |
| Meta ad account spend cap | Ad account | POST /act_{id} spend_cap (minor units) |
| Google monthly guardrail | Optimization + QC | Internal qc.spend vs plan — no account-level Google cap API |
| TikTok advertiser budget | BC / advertiser | Advertiser update APIs where available + internal guardrail |
| Block spend over cap | Orchestrator | Pause campaigns + HITL A3 if breach attempted |
Budget lifecycle (programmatic — not billing warnings)
| When | Action | Billing warning? |
|---|---|---|
| Account create | spend_cap (Meta) + tenant_registry caps |
No — inherits agency payer |
| Plan approved | Apply channel/campaign budgets via platform APIs | No — amounts from plan_version |
| Optimization / revise | Mutate budgets within guardrails + qc.spend |
No |
| Client invoice | Kobi ERP monthly | No — separate from platform APIs |
ONB-11: tenant provisioned without credit_sub_limit or monthly_media_cap → block client.onboarding.completed (per-tenant config bug — not agency billing).
Never ONB for: MCC monthly invoicing, Meta credit, TikTok BC funding, Kobi-entity business verification — those are PRE-* one-time (cross-check).
Agency business verification (Kobi entity)
| Platform | Default | Submit path | Per-client ONB? |
|---|---|---|---|
| Google Ads | Kobi entity on MCC | MCC Verification Hub (bulk) + API status poll | No — PRE-7 |
| Meta | Kobi entity on BM | Business Settings (one-time) | No — PRE-8 |
| TikTok | Kobi entity on BC | TikTok for Business UI (one-time) | No — PRE-9 |
Shell accounts inherit verified agency masters. Domain verification (client website DNS) is a separate, optional per-tenant step — not business entity docs.
3. End-to-end provisioning flow
4. Vertical templates — pixels, events, catalogs
Onboarding Agent applies provisioning_template.{vertical} — not one-size-fits-all.
Event sets by business type
| Vertical | GA4 key events | Google Ads conversions | Meta Pixel + CAPI | TikTok Events API | Catalog |
|---|---|---|---|---|---|
| Health | book_appointment, generate_lead, contact |
Import from GA4 + call/lead actions | Lead, Schedule, Contact |
SubmitForm, Contact |
— |
| School | sign_up, generate_lead |
Lead + signup | Lead, CompleteRegistration (Special Ad Category: NONE by default — schools are not a special category; apply HOUSING only for student housing, EMPLOYMENT only for jobs/training-to-employment) |
SubmitForm |
— |
| Tourism | generate_lead, purchase, contact |
Lead + purchase | Lead, Purchase, InitiateCheckout |
CompletePayment |
Optional destination catalog |
| Ecommerce | purchase, begin_checkout, add_to_cart |
Purchase ROAS + MC feed | Purchase, AddToCart + catalog |
CompletePayment, AddToCart + catalog |
Required Google MC + Meta |
Sub-items created per template (checklist)
| Sub-item | Health | School | Tourism | Ecommerce |
|---|---|---|---|---|
| Google conversion actions | ✅ | ✅ | ✅ | ✅ + MC link |
| Meta Pixel | ✅ | ✅ | ✅ | ✅ |
| Meta CAPI relay endpoint | ✅ | ✅ | ✅ | ✅ |
| Meta catalog | — | — | ⚠️ | ✅ |
| Meta offline event set | ✅ CRM | ✅ | ✅ | ✅ |
| TikTok pixel | if SKU | if SKU | if SKU | if SKU |
| Merchant data source | — | — | — | ✅ |
| Special Ad Category flags | only if ad concerns finance/employment | only if ad concerns housing/employment/finance¹ | only if applicable | only if applicable |
¹ Special Ad Categories are only HOUSING, EMPLOYMENT, FINANCIAL_PRODUCTS_SERVICES (replaced CREDIT Jan 2025), ISSUES_ELECTIONS_POLITICS. No vertical defaults to a category — the flag is set per-ad only when the creative/offer actually concerns one of those topics. Health and schools default to NONE. See meta-ads — Compliance notes.
Templates versioned in playbook.provisioning.{vertical}; changes require ops publish + audit.
5. Meta + Instagram linking (client consent, minimal friction)
Goal: Client links owned Facebook Page + Instagram Professional account to Kobi BM without manual Business Manager email ping-pong where possible.
Client portal flow (“Connect Meta & Instagram”)
- Client already accepted ToS + data-sharing + Meta asset access (records
consent_id, scopes, timestamp). - Client clicks Connect → Facebook Login for Business (or Meta Business Login) with Kobi app.
- Requested permissions (minimize):
pages_show_list,pages_read_engagement,pages_manage_metadata,business_management,instagram_basic,instagram_manage_insights(exact set TBD at app review). - Client selects Page + linked Instagram account in OAuth UI (Meta-hosted — user consent).
- Backend receives short-lived token → exchanges → calls Marketing API:
| Step | API | Auto |
|---|---|---|
| List client Pages | GET /me/accounts or Business Asset API |
✅ |
| Verify Page admin | GET /{page-id}?fields=perms |
✅ |
| Share Page with Kobi BM | POST /{page-id}/agencies or partner share |
⚠️ |
| Link IG to ad account | POST /act_{ad-account-id}/instagram_accounts |
✅ |
| Assign Page to ad account for ads | POST /act_{ad-account-id}/promote_pages |
✅ |
Store asset IDs on onboarding_record |
Internal registry | ✅ |
Fallback (⚠️): POST /{kobi-bm-id}/client_pages partner invitation — client accepts in Meta UI if OAuth asset share fails.
Not required: client admin on Kobi BM; client never receives ad account ownership.
Instagram-only or Page-less clients
| Case | Path |
|---|---|
| Client has Page + IG | Preferred flow above |
| Page only, no IG | Meta ads without IG placement until IG linked |
| IG only | ⚠️ Must connect via Meta Business Suite; may need human |
| Kobi-managed Page (rare) | Skip client link; ops creates Page under agency |
5b. Meta 2-Tier child BM provisioning
Decision: ADR 0003 — child BM per client is the primary production model (from client #1 once PRE-10 is active). Single parent BM (≤5 ad accounts) is fallback only while 2-Tier API access is pending.
Sources: 2-Tier overview · Setup child BM · Onboard at scale · owned_businesses
Why client OAuth is required for child BM
Creating a child BM uses the client’s user access token from Facebook Login — not the parent BM system user token.
| Step | Token | API |
|---|---|---|
| Client Connect (§5) | User access token | Facebook Login for Business |
| Create child BM | Same user token | POST /{parent_bm_id}/owned_businesses with shared_page_id |
| Create system user in child BM | BM admin context | System users API |
| Ad account, pixel, ads, CAPI | Child BM system user | Marketing API on child_bm_id / act_* |
Provisioning sequence (automated after OAuth)
| Order | Sub-item | API | Auto |
|---|---|---|---|
| 1 | Client OAuth + Page (+ IG) pick | Facebook Login for Business | ⚠️ Client UI |
| 2 | Create child BM | POST /{parent_bm_id}/owned_businesses |
✅¹ |
| 3 | Share parent LOC + spend limit to child | Credit sharing APIs | ✅² |
| 4 | Create Admin system user in child BM | POST /{child_bm_id}/system_users |
✅ |
| 5 | Generate system user token | POST /{system-user-id}/access_tokens |
✅ |
| 6 | Create ad account in child BM | POST /{child_bm_id}/adaccount |
✅ |
| 7 | Set spend_cap from plan | POST /act_{id} |
✅ |
| 8 | Pixel, CAPI, catalog, offline set | Marketing API (child token) | ✅ |
| 9 | Link Page + IG to ad account | promote_pages, instagram_accounts |
✅ |
¹ Requires PRE-10 (2-Tier API access via Meta rep). ² Requires PRE-2 extended credit on parent BM.
Development vs production
| Mode | Behavior |
|---|---|
| App Development mode | Test full 2-Tier flow; Meta typically allows ~2 child BMs until business_management app review — enough to validate OAuth → child BM → system user → ad account. No separate single-BM test path required. |
| Production | Child BM per client; confirm per-user / per-page limits with Meta rep at PRE-10 |
Fallback (PRE-10 pending)
| Step | Change |
|---|---|
Skip owned_businesses |
Create ad account on parent BM with parent system user (max 5 API accounts) |
| OAuth | Still required for Page/IG (§5) |
| Registry | Set provisioning_mode: single_bm_fallback; migrate to child BM when PRE-10 lands |
Store on tenant_registry: parent_bm_id, child_bm_id, child_system_user_id, meta_provisioning_mode, shared_page_id.
6. Platform provisioning packages
6.1 Google Ads package
| Order | Sub-item | From plan/vertical |
|---|---|---|
| 1 | create_customer_client under MCC |
Always |
| 2 | Currency / timezone from client intake | Always |
| 3 | Auto-tagging on | Always |
| 4 | Conversion actions from vertical template | Vertical |
| 5 | Enhanced conversions config | Health, ecommerce |
| 6 | Link GA4 property | Standard+ |
| 7 | Link Merchant Center | Ecommerce |
| 8 | Google Ads → Kobi BQ export | Always |
| 9 | Apply internal monthly_media_cap guardrail |
From plan |
6.2 Meta package
| Order | Sub-item | From plan/vertical |
|---|---|---|
| 1 | Create ad account in Kobi BM | Always |
| 2 | Set spend_cap from credit_sub_limit |
Plan |
| 3 | System user + token + asset assignment | Always |
| 4 | Create Pixel + attach to account | Always |
| 5 | Register CAPI relay + test event | Always |
| 6 | Create standard + custom events from vertical template | Vertical |
| 7 | Create catalog + initial feed push | Ecommerce |
| 8 | Offline event set | CRM SKU |
| 9 | Client Connect Page + IG | Consent flow §5 |
| 10 | Domain verification guide / DNS helper | If required for events |
6.3 TikTok package (if SKU)
| Order | Sub-item | From plan/vertical |
|---|---|---|
| 1 | Create advertiser in BC | SKU |
| 2 | Assign advertiser to Kobi Live app (pre-launch prerequisite) | SKU |
| 3 | OAuth advertiser authorization | SKU |
| 4 | Create pixel + Events API template events | Vertical |
| 5 | Catalog link | Ecommerce SKU |
| 6 | BC funding check | Ops |
6.4 GA4 package — ⏸ deferred (onboarding v1)
Not provisioned during onboarding v1. When enabled: property access, streams, key events, Ads link — see ga4-source-of-truth.md.
6.4b Implementation guide (Phase 1 — always)
| Order | Sub-item |
|---|---|
| 1 | Meta Pixel ID + CAPI relay URL + test events |
| 2 | TikTok Pixel + Events API (if SKU) |
| 3 | Google conversion action IDs + enhanced conversion notes |
| 4 | Manual install section (copy-paste snippets per vertical) |
| 5 | GTM template section (container import JSON — client publishes later) |
| 6 | Domain verification steps (Meta BM DNS / meta-tag — not GA4 or Search Console) |
| 7 | UTM templates per vendor (macros) + click-ID capture for CRM |
6.5 Merchant Center package (ecommerce)
| Order | Sub-item |
|---|---|
| 1 | MCA sub-account |
| 2 | Link Ads customer |
| 3 | Primary data source + test feed pull |
| 4 | Policy status check |
6.6 CRM package
| Order | Sub-item |
|---|---|
| 1 | Register webhook URL + signing secret |
| 2 | Map CRM event types → platform routes per vertical |
| 3 | Send test qualified_lead with gclid |
6.7 Cross-cutting sub-items
| Sub-item | When |
|---|---|
| UTM schema doc generated | Always |
onboarding_record.platform_ids populated |
Per platform |
| Tracking health probe (GA4 Data API + pixel test events) | Pre complete |
| Special Ad Category / compliance flags in registry | From business type at onboarding (ADR 0004) |
| Removed — no organic feed posting; paid dark-post / boost only (ADR 0004) |
7. Client consent surfaces (one portal, multiple gates)
| Consent | Captures | Unlocks |
|---|---|---|
| Kobi ToS | Legal | Any work |
| Data sharing / subprocessors | GDPR/KVKK scope | Tracking + CAPI |
| Media authorization | Spend within approved caps | Launch (later phase) |
| Connect Meta & Instagram | Page/IG asset access | Meta creative + social placements |
| Connect GA4 (if client-owned) | Editor invite acceptance | SoT reporting |
| DNS / domain (optional delegate) | Domain verification | Meta/Google optimization events |
All consents → consent_record with version, actor, timestamp; linked to onboarding_record.
8. Outputs (expanded onboarding_record)
{
"tenant_id": "uuid",
"plan_id": "standard_v1",
"vertical": "health",
"entitlements": { "monthly_media_cap_try": 150000, "credit_sub_limit_try": 175000 },
"platform_ids": {
"google_ads_customer_id": "1234567890",
"meta_ad_account_id": "act_...",
"meta_pixel_id": "...",
"meta_page_id": "...",
"meta_ig_id": "...",
"ga4_property_id": "...",
"merchant_center_id": null
},
"templates_applied": {
"provisioning": "health_v3",
"events": "health_v3"
},
"consents": ["tos_v2", "data_share_v1", "meta_assets_v1"],
"tracking_checklist": { "ga4": "green", "meta_pixel": "green", "capi": "green" }
}9. Agent vs client vs ops
| Action | Onboarding Agent | Client (portal) | Kobi ops |
|---|---|---|---|
| Create ad accounts | ✅ | — | — |
| Set spend cap from plan | ✅ | — | — |
| Create pixel / catalog / events | ✅ | — | — |
| Connect Meta + IG | API after | Consent + OAuth pick | Fallback partner invite |
| Agency credit line | — | — | ✅ Finance |
| Implementation guide | ✅ API generates | Client installs on site | — |
| GTM publish | ⏸ deferred | Client uses guide template later | — |
| Go-live | Recommend | — | Approve if configured |
10. Related documents
- Onboarding client portal — client-facing screens and completion summary
- Onboarding — SLA, process diagram
- Onboarding API cross-check — endpoint-level matrix
- Platform access & API readiness
- Meta Ads
- Data & tracking — UTM + event taxonomy
- Human-in-the-loop — A4 access approvals