Skip to content

Developer Flow Playbooks (34 Flows)

A. Access and Authentication

DPF-01 Developer login

Route: /login -> /app

  1. Open login route.
  2. Authenticate with developer account.
  3. Confirm redirect to dashboard.

Expected result: developer workspace opens successfully.

DPF-02 Forbidden access handling

Route: /forbidden

  1. Open forbidden route directly.
  2. Confirm access-denied message.

Expected result: non-developer users cannot access portal.

DPF-03 Landing route behavior

Route: /

  1. Open root route.
  2. Use Get Started to continue to login.

Expected result: landing and login handoff is smooth.

B. Dashboard and App Onboarding

DPF-04 Dashboard baseline

Route: /app

  1. Open dashboard.
  2. Validate quick links to applications, keys, products, sandbox, and docs.

Expected result: developer onboarding path is visible.

DPF-05 Applications list

Route: /app/apps

  1. Open applications page.
  2. Validate existing app entries and metadata.

Expected result: app inventory loads.

DPF-06 Create application

Route: /app/apps

  1. Click create app.
  2. Enter app name and callback URL.
  3. Submit and capture one-time secret dialog.

Expected result: app is created and credentials are shown once.

DPF-07 Verify app appears in list

Route: /app/apps

  1. Refresh app list after create.
  2. Confirm new app row is present.

Expected result: app appears with expected status.

DPF-08 Application update/metadata validation

Route: /app/apps

  1. Open app details/edit controls.
  2. Validate callback URL and metadata updates.

Expected result: app metadata persists.

C. API Keys and Credential Lifecycle

DPF-09 Keys page baseline

Route: /app/keys

  1. Open keys page.
  2. Validate client IDs and key states.

Expected result: key inventory is visible.

DPF-10 Rotate client secret

Route: /app/keys

  1. Trigger Rotate Secret for app.
  2. Capture one-time rotated secret.

Expected result: new secret is issued and old secret invalidated per policy.

DPF-11 Copy/store key material workflow

Route: /app/keys

  1. Copy key/secret safely.
  2. Store in secure secret manager.

Expected result: credentials are handled securely and not hardcoded.

DPF-12 Key revoke/deactivate behavior

Route: /app/keys

  1. Revoke/deactivate test key if feature is enabled.
  2. Confirm API calls with revoked key fail.

Expected result: revoked keys cannot be used.

D. API Discovery and Testing

DPF-13 API products catalog

Route: /app/products

  1. Open API products page.
  2. Review product categories and endpoint counts.

Expected result: product catalog is complete and understandable.

DPF-14 API docs page

Route: /app/docs

  1. Open docs page.
  2. Validate endpoint documentation and examples.

Expected result: docs are navigable and current.

DPF-15 How-to-test page

Route: /app/how-to-test

  1. Open testing guide.
  2. Validate cURL/Postman instructions and token examples.

Expected result: onboarding instructions are executable.

DPF-16 Sandbox credentials page

Route: /app/sandbox

  1. Open sandbox page.
  2. Validate existing sandbox credentials/accounts.

Expected result: sandbox access data is visible.

DPF-17 Create sandbox credential

Route: /app/sandbox

  1. Create new sandbox credential.
  2. Capture generated values.

Expected result: sandbox credential is provisioned.

DPF-18 Delete sandbox credential

Route: /app/sandbox

  1. Delete an old test credential.
  2. Confirm removal from list.

Expected result: credential lifecycle supports cleanup.

E. Webhooks Lifecycle

DPF-19 Webhooks page baseline

Route: /app/webhooks

  1. Open webhooks page.
  2. Validate endpoint list and statuses.

Expected result: webhook inventory loads.

DPF-20 Create webhook endpoint

Route: /app/webhooks

  1. Create endpoint with event type and callback URL.
  2. Capture one-time signing secret dialog.

Expected result: endpoint created with secret material.

DPF-21 Toggle webhook active/inactive

Route: /app/webhooks

  1. Deactivate endpoint.
  2. Reactivate endpoint.

Expected result: toggle state updates correctly.

DPF-22 Rotate webhook secret

Route: /app/webhooks

  1. Trigger secret rotation.
  2. Capture new secret value.

Expected result: new signing secret issued.

DPF-23 Webhook delivery logs

Route: /app/webhooks

  1. Open delivery logs tab.
  2. Validate status, response codes, and retry visibility.

Expected result: delivery observability is available.

DPF-24 Delete webhook endpoint

Route: /app/webhooks

  1. Delete endpoint.
  2. Confirm endpoint removal and no active deliveries.

Expected result: endpoint decommission workflow works.

F. Usage Analytics and Support Content

DPF-25 API usage dashboard

Route: /app/usage

  1. Open usage page.
  2. Validate request volume, errors, and trend cards.

Expected result: usage telemetry is visible.

DPF-26 Usage filtering and troubleshooting

Route: /app/usage

  1. Filter by app/time window.
  2. Inspect error-heavy periods.

Expected result: troubleshooting signals are actionable.

DPF-27 FAQ knowledge base

Route: /app/faq

  1. Open FAQ page.
  2. Search for auth/rate-limit/webhook topics.

Expected result: FAQ accelerates self-service troubleshooting.

G. Security Controls

DPF-28 Developer 2FA page

Route: /app/security/2fa

  1. Open 2FA page.
  2. Validate state and setup guidance.

Expected result: 2FA controls are visible.

DPF-29 Open account settings handoff

Route: /app/security/2fa -> account settings

  1. Click account settings link.
  2. Complete authenticator setup.
  3. Return and verify updated state.

Expected result: 2FA setup handoff works.

DPF-30 Trusted device/session handling

Route: /app/security/2fa

  1. Review active sessions/devices.
  2. Remove stale session.

Expected result: session control is functional.

H. Operational Chains and Go-Live

DPF-31 First integration chain

Route chain: /app/apps -> /app/keys -> /app/products -> /app/how-to-test

  1. Create app.
  2. Rotate/store secret.
  3. Choose product.
  4. Execute first authenticated test call.

Expected result: first API call is successful.

DPF-32 Event-driven integration chain

Route chain: /app/webhooks -> /app/usage

  1. Configure webhook endpoint.
  2. Trigger test event.
  3. Validate delivery and usage logs.

Expected result: webhook delivery is verifiable end-to-end.

DPF-33 Security hardening chain

Route chain: /app/keys -> /app/webhooks -> /app/security/2fa

  1. Rotate API secret.
  2. Rotate webhook secret.
  3. Verify 2FA enabled.

Expected result: developer account and app credentials are hardened.

DPF-34 Partner go-live checklist

  1. Production app registered with final callback URLs.
  2. Secrets stored in vault and rotated.
  3. Required APIs subscribed/approved.
  4. Sandbox test cases passed.
  5. Webhook delivery validated with signature checks.
  6. Usage monitoring and alerting in place.
  7. 2FA enabled for developer admins.

Expected result: partner integration is operationally ready.