public active Last verified 2026-04-28

Topolo Developers

Public overview of the authenticated Topolo developer portal and its submission/request workflows.

Owners
platform-experience
Source Repos
PlatformApplications/TopoloDevelopers
Systems
Topolo Auth, Topolo Developers
Tags
developers, portal, auth

What It Is

Topolo Developers is the authenticated developer console for teams shipping into the Topolo ecosystem, and it also hosts the staff-only internal review and commerce operations areas for app submissions, Android and iOS mobile app artifacts, build requests, developer workspaces, app pricing, marketplace status, and payout readiness.

Architecture

The application is a standalone Pages-hosted frontend at developers.topolo.app with its own same-origin Pages Functions backend and its own D1-backed developer-platform data store. It owns mobile artifact catalog metadata for Android and iOS while relying on Topolo Auth for login, session refresh, central API-key surfaces, app-switcher entitlement state, and approved-app registration into the shared Topolo service catalog after review.

Public developer-program discovery still begins on TopoloOne, but the primary public handoff now lands on developers.topolo.app/signup. Signup creates the developer workspace account first, then onboarding continues inside the signed console instead of through a public marketing form.

Runtime Surfaces

The primary runtime host is https://developers.topolo.app, with https://developers.topolo.app/signup serving as the public signup entrypoint from the marketing site. Signed publisher routes include /onboarding, /overview, /apps, /credentials, /requests, and /settings. Internal staff review routes live at /review/app-submissions and /review/build-requests; internal Topolo commerce operations routes live under /admin/*.

API Reference

Topolo Developers owns the signed /api/developer-console/* backend contract for workspace summary, onboarding, app records, mobile artifacts, submissions, build requests, transfer claims, internal review workflows, and internal commerce controls. It also owns public /api/apps catalog responses for installable Android artifacts by default, with iOS metadata available through the platform query. It still consumes centralized Auth API-key, app-switcher entitlement, and service-registration routes documented in /reference/api/topolo-auth. Public /api/apps catalog responses only include approved apps whose Developers marketplace status is active; developer-only, draft, paused, and archived apps stay out of the public artifact catalog. The signed app-detail App Store marketing editor uses the same Developers-owned store taxonomy that TopoloOne and topolo.io/app-store consume, so publishers edit the same broad store section and detailed store category fields that appear on public catalog cards. Its public badge selector controls the visible App Store badge/tone, not runtime app access, and the public stage wording is derived from that badge instead of edited separately. Signed app forms label public store distribution as Topolo App Store. The underlying API value remains distributionModel = "marketplace" for compatibility, but the user-facing flow is not limited to third-party apps.

Auth and Permissions

Topolo Developers uses the shared Topolo browser auth client and Auth-managed route family. It should not introduce a separate account system. Plain sign-in is workspace-first: the signed console expects a Developers-owned developer profile for the current Auth organization rather than creating arbitrary workspaces on first access. Internal commerce operators can set approved app visibility to active, developer_only, draft, paused, or archived. Platform-wide commerce access is reserved for Auth users whose role is super_admin in the admin organization, while delegated staff access still comes from explicit Developers commerce:* permissions. developer_only keeps the app usable only by the developer owner organization, with Topolo Auth enforcing that status across launcher, SSO, validation, API-key, and service-context checks.

Data Ownership

Topolo Developers owns authenticated console UX, developer workspace records, app drafts, mobile artifact metadata, submissions, build requests, transfer state, internal review-state data, app marketplace/pricing controls, payout-account readiness, and payout ledger events in its own backend. Topolo Auth owns identity, sessions, centralized API-key catalogs, app-switcher installation entitlements, and approved-app registration into the shared service catalog. The Topolo Technology workspace also carries first-party Topolo mobile app records. Topolo Feed, Topolo Provision, and Topolo MDM Mobile have system-specific artifact records, and the 22 retained Flutter applications under TopoloMobileApps are represented as Topolo-owned mobile app records with finalized app.topolo.mobile.* Android and iOS identifiers. The retained Flutter apps now have Android APK artifact rows published from the Developers catalog to the shared topolo-apks R2 bucket; iOS rows remain metadata until TestFlight or App Store promotion. Their artifacts are Developers catalog records even when the runtime code remains under Feed, MDM, or the retained mobile source root.

Deployments

Topolo Developers deploys as the Cloudflare Pages project topolo-developers. The Pages bundle also serves the first-party browser icon assets from /favicon.svg and /favicon.ico so the deployed app tab uses the canonical Developers icon. The same Pages deployment now serves the mobile app catalog routes that device installers and sales-demo surfaces consume. Android APK artifacts for first-party mobile catalog rows are stored in the shared topolo-apks R2 bucket and served from the canonical https://apk.topolo.app host through immutable checksum-suffixed URLs plus latest aliases.

Failure Modes

  • developers.topolo.app serves the wrong Pages deployment or stale assets
  • callback and deep-link routes fail because the SPA fallback is missing
  • the portal drifts back into TopoloOne ownership instead of remaining a separate application
  • the local Developers API contract or the shared Auth identity/service-registration contract drifts from the portal UI assumptions
  • mobile artifact metadata is edited outside Developers and the public /api/apps catalog no longer matches approved application records
  • internal app commerce controls drift from Auth service-catalog marketplace metadata after approval
  • app visibility drifts so a developer-only app remains visible through public catalog, launcher, API-key, or service-context access

Debugging

Start with /systems/topolo-developers, then verify the served Pages deployment and Auth session state before changing portal UI code.

Change Log / Verification

  • Corrected the app-detail App Store marketing editor on 2026-04-27 so public catalog category and subcategory controls stay aligned with the Developers-owned store read model and the badge selector is no longer labeled as runtime status.
  • Simplified the app-detail App Store marketing editor on 2026-04-27 so existing TopoloOne store categories hydrate from developer_apps.marketplace_subcategory, the broad taxonomy bucket is labeled as a store section, and duplicate manual stage-label editing is removed.
  • Renamed the signed app-form distribution label on 2026-04-27 to Topolo App Store while preserving the existing API value.
  • Restricted the Developers platform-admin bypass to Auth super_admin users in the admin organization on 2026-04-23 while preserving explicit commerce:* staff permissions.
  • Switched the canonical first-party APK host from topoloapk.topolo.app to apk.topolo.app and promoted the TopoloProvision Android APK catalog row to core 1.2.172 on 2026-04-23.
  • Added developer-only app visibility controls backed by Auth service-status enforcement on 2026-04-23.
  • Published all 22 retained Topolo Mobile Flutter Android APKs from Developers to the shared topolo-apks R2 bucket and promoted their catalog rows to installable artifacts on 2026-04-23.
  • Finalized all 22 retained Topolo Mobile Flutter app package identifiers and removed 8 superseded mobile app records from the Developers catalog backfill on 2026-04-23.
  • Marked ClockMe, Inspirational, and Hiero as the first package-identifier-finalized retained Flutter batch on 2026-04-23.
  • Added Topolo Technology’s retained Flutter mobile apps to Developers on 2026-04-23 as Topolo Mobile app records with Android and iOS metadata.
  • Added Topolo Technology’s first-party mobile app records to Developers on 2026-04-23.
  • Moved mobile app artifact catalog ownership into Developers on 2026-04-22 so Android and iOS release metadata is managed from the app detail workflow and exposed from Developers-owned /api/apps routes.
  • Corrected the public Developers sign-in CTA on 2026-04-21 so first-party users open the app-origin shared login screen instead of hosted Auth.
  • Corrected the signed Credentials service selector on 2026-04-21 so Auth-backed API-key metadata requests use canonical service ids instead of organization-service access-row ids.
  • Backfilled the Topolo Technology publisher workspace and first-party Topolo Platform app records in production Developers D1 on 2026-04-21 so Topolo can use the developer console like an external publisher.
  • Seeded the shared Topolo demo suite developer workspace in production on 2026-04-20 so platform-wide auth audits can verify the signed console with demo@topolo.io.
  • Cut the signed Developers data path over to its own Pages Functions + D1 backend on 2026-04-15 and removed request-time schema bootstrap in favor of checked-in D1 migrations plus a repo-level CI gate
  • Added internal Topolo commerce operations routes on 2026-04-16 so super admins can manage developer workspace state, app pricing/marketplace state, payout readiness, and payout ledger events inside Topolo Developers
  • Re-homed internal app-submission and build-request review into Topolo Developers on 2026-04-13 so staff operators now review queues from the same application boundary as publisher intake
  • Rebuilt Topolo Developers as the account-first developer console on 2026-04-13 so signed users now continue through onboarding, private app setup, public listing submission, and Auth-backed credentials inside the standalone app
  • Added the public signup handoff at developers.topolo.app/signup on 2026-04-10 so the marketing site can route developers into one clear entrypoint
  • Split the authenticated developer portal into the standalone Topolo Developers application on 2026-04-10