App Developer Quickstart designed

This is the short path for app developers. It summarizes the current quickstart without replacing the canonical API contract or app-platform specs.

Preconditions

You need:

• a tenant and project,
• an API base URL for the target environment,
• a human admin for initial setup,
• a service account for automation,
• a published app catalog entry and version,
• permission to manage project app entitlements.

Flow

1. Sign in as a human admin for setup.
2. Create a project service account for app lifecycle automation.
3. Mint a short-lived service-account token.
4. Inspect the app catalog and published versions.
5. Inspect the registry baseline for artifact publication expectations.
6. Enable the app entitlement for the project.
7. Create an app instance using the service-account token.
8. Publish/register artifacts through the app-artifact APIs where appropriate.
9. Track lifecycle, billing, audit, and runtime evidence through public APIs.

Rules To Keep

• Do not reuse human tokens for automation.
• Do not persist long-lived bearer tokens in app config.
• Use idempotency keys for mutating API calls.
• Treat returned effective fields as truth; request hints are not final topology.
• Publish artifacts by digest and follow the trust/promotion lifecycle.
• Keep manual platform-admin registration as a current-state bridge, not the desired long-term developer experience.

Current Gap

Manifest-driven third-party app registration is the target model, but it is not fully productized yet. App teams should still prepare manifest packages now so first-party, partner, and external app onboarding converge on one shape.

Canonical sources

• doc/architecture/App_Platform_Quickstart_v1.mdraw
• doc/architecture/App_Developer_Starter_Pack_v1.mdraw
• doc/architecture/App_Manifest_Registration_Guide_v1.mdraw
• doc/architecture/App_Artifact_Trust_and_Promotion_v1.mdraw
• doc/api/openapi.draft.yamlraw