What Is a Profy App
Development Workflow
1
Create an App
Create a new App in Profy Studio. You will receive:
- App UUID (i.e.,
client_id) - App Secret (i.e.,
client_secret, displayed only once) - OAuth configuration entry
- Register one or more Redirect URIs (callback URLs)
- Set the App’s name, description, and icon
2
Implement the OAuth Flow
Implement the standard OAuth 2.0 Authorization Code flow in your application:For the full flow, see OAuth Integration.
3
Configure Billing Meters
If your App needs per-use billing (PER_USE), configure Meters:
- Add a Meter in your App settings
- Define the event name (e.g.,
image_generation) - Set the credit price per event
- Save the configuration
GET /v1/meters endpoint.4
Integrate the API
Use the OAuth Token to call the Profy API:Call an AI model (METERED billing):Report a custom event (PER_USE billing):
5
Submit for Review
Once your App is complete, submit it for review to publish on the Profy App Marketplace:
- Complete the App information in Studio (name, description, icon, screenshots)
- Click the “Publish” button to submit for review
- The review team will check the App’s functionality and security
- After approval, the App goes live on the marketplace
6
Publish to the Marketplace
After approval, your App will appear in the Profy App Marketplace. Users can discover, authorize, and use your App.Credit revenue earned through usage will be distributed according to the creator incentive program.
Billing Models
Apps support two billing models that can be combined:METERED (Per-Token Billing)
Suitable for AI model invocation scenarios. When users call the Chat Completions API, credits are deducted from the user’s account based on actual token consumption.PER_USE (Per-Event Billing)
Suitable for custom feature scenarios. Report events through the Events API, and credits are deducted at the fixed price configured in the Meter.App Review Process
App publishing uses a dual-track review mechanism (consistent with Expert review):
Review focus areas:
- Whether the App is fully functional
- Whether the OAuth flow meets security standards
- Whether the user experience is reasonable
- Whether billing is transparent
OAuth and App Status
The OAuth authorization flow is available as soon as the App is created, regardless ofapplication.status. The status only controls discoverability in the marketplace:
This means you can complete OAuth integration and testing before the App goes live.
Full Integration Example
Here is a complete App backend example built with Express + Profy SDK:Best Practices
Store tokens securely
Store tokens securely
OAuth Tokens should be encrypted and stored in your server-side database. Do not expose them on the frontend. Use httpOnly cookies or sessions to pass user identity.
Implement automatic token refresh
Implement automatic token refresh
Access Tokens have a 1-hour validity period. When an API call returns 401, automatically use the Refresh Token to obtain a new token, making it transparent to the user.
Use idempotency keys to prevent duplicate charges
Use idempotency keys to prevent duplicate charges
Idempotency keys for the Events API should be uniquely tied to the business operation (e.g.,
{userId}_{taskId}), ensuring network retries don’t cause duplicate charges.Display credit prices to users
Display credit prices to users
Use the Meters API to retrieve feature prices and show users the credits that will be deducted before they use a paid feature. This builds trust.
Handle insufficient credits gracefully
Handle insufficient credits gracefully
When the Events API returns a billing failure, show users a recharge prompt instead of failing silently.
Next Steps
OAuth Integration
Complete OAuth 2.0 integration flow
Events API
Custom billing event reporting

