Environments
The multi-tenant boundary — every connection, policy, and audit event belongs to an environment.
An environment is the isolation boundary in Nolixan. Connections, policies, approvals, audit events,
and API keys all belong to exactly one environment. A typical account has separate development,
staging, and production environments.
How an environment is selected
Requests resolve an environment one of three ways (in priority order):
API-Keyheader — the key belongs to one environment; it resolves directly. This is the path SDKs and server-to-server callers use.Authorization: Bearer <JWT>+Environment-Idheader — identifies the user and the explicit environment (must belong to the user's account).Authorization: Bearer <JWT>alone — falls back to the user's first environment.
See Authentication for the full priority rules.
Production environments
An environment carries an env_type (development / staging / qa / production / custom) and an
is_production flag, so the dashboard can warn before destructive operations on production.
Isolation
Cross-environment access is not possible: a lookup for a connection that belongs to another environment
returns 404, not the row. API-key grants can further restrict a key to specific providers and
actions within its environment.