Create a new Environment in an Application
/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environmentsAuthentication
- Bearer Token
AuthorizationJWT access token
Request body
namestringDisplay name for the new Environment
slugstringURL-safe slug. Lowercase alphanumeric with optional dashes (no leading/trailing dash). Auto-derived from `name` when omitted. Unique within the Application.
copy_fromstringSource env slug to clone configuration from. Copies permissions, roles, role-permission joins, hierarchy nodes, OAuth client configs (without secrets), and webhook configs (without secrets). Identities and role assignments are NOT copied.
Code samples
curl -X POST "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments" \
-H "Authorization: Bearer $CANOPY_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "string",
"slug": "string",
"copy_from": "string"
}'const response = await fetch("https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments", {
method: "POST",
headers: {
"Authorization": "Bearer $CANOPY_TOKEN",
"Content-Type": "application/json"
},
body: JSON.stringify({
"name": "string",
"slug": "string",
"copy_from": "string"
}),
});
const data = await response.json();import requests
response = requests.post(
"https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments",
headers={
"Authorization": "Bearer $CANOPY_TOKEN",
"Content-Type": "application/json"
},
json={
"name": "string",
"slug": "string",
"copy_from": "string",
},
)
data = response.json()package main
import (
"bytes"
"encoding/json"
"net/http"
)
func main() {
payload := map[string]interface{}{
"name": "string",
"slug": "string",
"copy_from": "string",
}
body, _ := json.Marshal(payload)
req, _ := http.NewRequest("POST", "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments", bytes.NewBuffer(body))
req.Header.Set("Authorization", "Bearer $CANOPY_TOKEN")
req.Header.Set("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
defer resp.Body.Close()
}Responses
201 Environment created. When `copy_from` is set, permissions/roles/role-permission joins/hierarchy nodes/OAuth client configs (without secrets)/webhook configs (without secrets) are cloned from the source env. Identities and role assignments are NOT copied.
{
"environment": {
"id": "string",
"application_id": "string",
"name": "string",
"slug": "string",
"settings": {},
"version": 0,
"created_at": "2026-04-20T12:00:00.000Z",
"updated_at": "2026-04-20T12:00:00.000Z"
},
"oauth_client_rotations": [
{
"source_client_id": "string",
"client_id": "string",
"client_secret": "string"
}
],
"webhook_subscription_rotations": [
{
"id": "string",
"url": "string",
"secret": "string"
}
]
}application/json
environmentEnvironmentResponseDtooauth_client_rotationsOAuthClientRotationResponseDto[]webhook_subscription_rotationsWebhookSubscriptionRotationResponseDto[]
401 Invalid or expired token
403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)
409 An Environment with this slug already exists in the Application