Environments
Every project has isolated test and live environments. They're Stripe-style
separations: fully isolated so you can build and test against NamoID without
test sign-ups polluting your real user count or burning production OTP budget.
What's isolated
Each environment has its own:
- Users — a test sign-up never appears in production.
- Applications (OAuth/OIDC clients) and auth keys — with environment-encoded prefixes.
- Issuer — a separate discovery document and JWKS.
- OTP budget — a per-environment monthly spend cap on OTP sends.
- Auth configuration — sign-in methods, MFA mode, access mode, branding.
Credential prefixes
Credentials carry their environment in the prefix, so you can tell at a glance which environment — and which type — a credential is:
| Credential | Test | Live |
|---|---|---|
| OAuth client ID | idpc_test_… | idpc_live_… |
| OAuth client secret | idps_test_… | idps_live_… |
| Auth publishable key | namoid_auth_pk_test_… | namoid_auth_pk_live_… |
| Auth secret key | namoid_auth_sk_test_… | namoid_auth_sk_live_… |
Platform (tenant-scoped) secret keys are environment-independent and use
namoid_platform_sk_…. They are for trusted automation — including AI agents
that set up NamoID on behalf of a tenant — and the target environment is
passed in the API route or request body. See API keys.
A test credential only works against the test issuer; pointing a test OAuth
client at the live issuer is rejected at the token endpoint. This guard is
what keeps a test key from ever touching live users.
OTP spend caps
Each environment has a monthly OTP spend limit (in USD). Sends reserve budget atomically before dispatch and refund it if delivery fails, so a runaway loop or an OTP-flood attack can't run up an unbounded bill. When the cap is reached, further sends in that environment are blocked until the next cycle.
Promoting to live
You build against test, then promote. The dashboard surfaces a
promote-to-live flow that shows a diff of the auth configuration between
environments before you apply it to live, so going live is a reviewed,
deliberate step rather than accidental drift. Credentials and users do not
copy across — only configuration — so live starts clean.
Choosing the right environment while integrating
Use the env switcher in the dashboard to select test while wiring up
your app, and set your app's NAMOID_ISSUER + client credentials to the test
values. When you're ready, create live credentials, point your production
deployment at the live issuer, and promote your auth config.