Nolixan

Environments

The multi-tenant boundary — every connection, policy, and audit event belongs to an environment.

An environment is the isolation boundary in Nolixan. Connections, policies, approvals, audit events, and API keys all belong to exactly one environment. A typical account has separate development, staging, and production environments.

How an environment is selected

Requests resolve an environment one of three ways (in priority order):

  1. API-Key header — the key belongs to one environment; it resolves directly. This is the path SDKs and server-to-server callers use.
    API-Key: sk_prod_...
  2. Authorization: Bearer <JWT> + Environment-Id header — identifies the user and the explicit environment (must belong to the user's account).
    Authorization: Bearer <jwt>
    Environment-Id: 42
  3. Authorization: Bearer <JWT> alone — falls back to the user's first environment.

See Authentication for the full priority rules.

Production environments

An environment carries an env_type (development / staging / qa / production / custom) and an is_production flag, so the dashboard can warn before destructive operations on production.

Isolation

Cross-environment access is not possible: a lookup for a connection that belongs to another environment returns 404, not the row. API-key grants can further restrict a key to specific providers and actions within its environment.

On this page