Environment Model
One credential per (app, environment). Three environments aligned with build channels: dev, staging, production.
Environment Model
Each Emofy app owns up to three OAuth credentials — one per environment.
The environment vocabulary aligns 1:1 with the build channel taxonomy
(PRD-152): dev | staging | production.
| Environment | Build channel | Default rate-limit tier | Typical use |
|---|---|---|---|
dev | dev | standard | Local development, unit tests |
staging | staging | standard | Integration tests, CI |
production | production | standard | Live traffic |
Lazy creation
Credentials are not auto-created for all three envs. You start with a
dev credential when your app is first registered. Call
POST /api/developer/apps/:appId/credentials with { environment: "staging", inheritFromDev: true }
to mint a staging credential; inheritFromDev copies the granted_scopes
and allowed_ips from your dev credential. rate_limit_custom is
never inherited — the new credential starts with tier="standard"
and no custom override.
Uniqueness
(app_id, environment) is unique across active rows. A second create
attempt for the same pair returns 409 CREDENTIAL_ALREADY_EXISTS with
the existing credential's id + clientId.
Scope boundaries
Per-env isolation applies to mutation + publish paths only: build
promotion to a channel, secret rotation, credential creation/edit. Read
paths on /api/developer-api/v1/* remain org-scoped — a staging
credential can still read production tasks within the same org. This is
intentional and tracked as a non-goal for this release.