diff --git a/tests/Api/ApigeeX/Controller/ApiProductControllerAwareTestTrait.php b/tests/Api/ApigeeX/Controller/ApiProductControllerAwareTestTrait.php
new file mode 100644
index 00000000..7d5760b3
--- /dev/null
+++ b/tests/Api/ApigeeX/Controller/ApiProductControllerAwareTestTrait.php
@@ -0,0 +1,44 @@
+<?php
+
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Apigee\Edge\Tests\Api\ApigeeX\Controller;
+
+use Apigee\Edge\Api\ApigeeX\Controller\ApiProductController;
+use Apigee\Edge\ClientInterface;
+use Apigee\Edge\Tests\Test\Controller\DefaultAPIClientAwareTrait;
+use Apigee\Edge\Tests\Test\Controller\defaultTestOrganizationAwareTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityControllerTester;
+use Apigee\Edge\Tests\Test\Controller\EntityControllerTesterInterface;
+
+trait ApiProductControllerAwareTestTrait
+{
+    use DefaultTestOrganizationAwareTrait;
+    use DefaultAPIClientAwareTrait;
+
+    /**
+     * @param \Apigee\Edge\ClientInterface|null $client
+     *
+     * @return \Apigee\Edge\Tests\Test\Controller\EntityControllerTesterInterface|\Apigee\Edge\Api\ApigeeX\Controller\ApiProductControllerInterface
+     */
+    protected static function apiProductController(ClientInterface $client = null): EntityControllerTesterInterface
+    {
+        $client = $client ?? static::defaultAPIClient();
+
+        return new EntityControllerTester(new ApiProductController(static::defaultTestOrganization($client), $client));
+    }
+}
diff --git a/tests/Api/ApigeeX/Controller/AppControllerTestBase.php b/tests/Api/ApigeeX/Controller/AppControllerTestBase.php
new file mode 100644
index 00000000..a2c74ff7
--- /dev/null
+++ b/tests/Api/ApigeeX/Controller/AppControllerTestBase.php
@@ -0,0 +1,151 @@
+<?php
+
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Apigee\Edge\Tests\Api\ApigeeX\Controller;
+
+use Apigee\Edge\Entity\EntityInterface;
+use Apigee\Edge\Tests\Api\Management\Controller\ApiProductControllerAwareTestTrait;
+use Apigee\Edge\Tests\Api\Management\Controller\NonPaginatedEntityListingControllerTestTrait;
+use Apigee\Edge\Tests\Api\Management\Entity\ApiProductTestEntityProviderTrait;
+use Apigee\Edge\Tests\Api\Management\EntitySerializer\AppSerializerValidator;
+use Apigee\Edge\Tests\Test\Controller\DefaultAPIClientAwareTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityCreateOperationControllerTester;
+use Apigee\Edge\Tests\Test\Controller\EntityCreateOperationControllerTestTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityCreateOperationTestControllerTesterInterface;
+use Apigee\Edge\Tests\Test\Controller\EntityDeleteOperationControllerTestTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityLoadOperationControllerTestTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityUpdateOperationControllerTestTrait;
+use Apigee\Edge\Tests\Test\EntitySerializer\EntitySerializerValidatorInterface;
+use Apigee\Edge\Tests\Test\TestClientFactory;
+use PHPUnit\Framework\Assert;
+
+/**
+ * Base class for developer- and company app controller tests.
+ */
+abstract class AppControllerTestBase extends EntityControllerTestBase
+{
+    use ApiProductControllerAwareTestTrait;
+    use ApiProductTestEntityProviderTrait;
+    use DefaultAPIClientAwareTrait;
+    // The order of these trait matters. Check @depends in test methods.
+    use EntityCreateOperationControllerTestTrait;
+    use EntityLoadOperationControllerTestTrait;
+    use EntityUpdateOperationControllerTestTrait;
+    use EntityDeleteOperationControllerTestTrait;
+    use AttributesAwareEntityControllerTestTrait;
+    use NonPaginatedEntityListingControllerTestTrait;
+    use PaginatedEntityListingControllerTestTraitBase;
+
+    /** @var \Apigee\Edge\Api\ApigeeX\Entity\ApiProductInterface */
+    protected static $testApiProduct;
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function setUpBeforeClass(): void
+    {
+        parent::setUpBeforeClass();
+        static::$testApiProduct = static::getNewApiProduct();
+        static::apiProductController(static::defaultAPIClient())->create(static::$testApiProduct);
+    }
+
+    /**
+     * It is easier to test it here instead in the DeveloperControllerTest
+     * or CompanyControllerTest.
+     */
+    public function testHasApp(): void
+    {
+        if (TestClientFactory::isOfflineClient(static::defaultAPIClient())) {
+            Assert::markTestSkipped(__FUNCTION__ . ' can be executed only with an online API test client.');
+        }
+        /** @var \Apigee\Edge\Api\Management\Controller\DeveloperAppControllerInterface $controller */
+        $controller = static::entityController();
+        /** @var \Apigee\Edge\Api\Management\Entity\DeveloperAppInterface $entity */
+        $entity = static::getNewEntity();
+        $controller->create($entity);
+        /** @var \Apigee\Edge\Api\Management\Entity\DeveloperInterface|\Apigee\Edge\Api\ApigeeX\Entity\AppGroupInterface $appOwner */
+        $appOwner = static::reloadAppOwner();
+        $this->assertTrue($appOwner->hasApp($entity->getName()));
+        $controller->delete($entity->id());
+        $appOwner = static::reloadAppOwner();
+        $this->assertFalse($appOwner->hasApp($entity->getName()));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected static function entityCreateOperationTestController(): EntityCreateOperationTestControllerTesterInterface
+    {
+        return new EntityCreateOperationControllerTester(static::entityController());
+    }
+
+    /**
+     * Reloads the developer from Apigee Edge.
+     *
+     * @return \Apigee\Edge\Api\Management\Entity\DeveloperInterface|\Apigee\Edge\Api\ApigeeX\Entity\AppGroupInterface
+     */
+    abstract protected function reloadAppOwner();
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function alterArraysBeforeCompareSentAndReceivedPayloadsInCreate(array &$sentEntityAsArray, array $responseEntityAsArray): void
+    {
+        // This is not returned in the POST/PUT API call responses only in GET.
+        unset($sentEntityAsArray['appFamily']);
+        unset($sentEntityAsArray['apiProducts']);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function alterObjectsBeforeCompareResponseAndCreatedEntity(\stdClass &$responseObject, EntityInterface $created): void
+    {
+        $responseObject->apiProducts = $created->getApiProducts();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function alterArraysBeforeCompareSentAndReceivedPayloadsInUpdate(array &$sentEntityAsArray, array $responseEntityAsArray): void
+    {
+        $this->alterArraysBeforeCompareSentAndReceivedPayloadsInCreate($sentEntityAsArray, $responseEntityAsArray);
+        $sentEntityAsArray['credentials'][0]['issuedAt'] = $responseEntityAsArray['credentials'][0]['issuedAt'];
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function alterObjectsBeforeCompareResponseAndUpdateEntity(\stdClass &$responseObject, EntityInterface $created): void
+    {
+        $this->alterObjectsBeforeCompareResponseAndCreatedEntity($responseObject, $created);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function entitySerializerValidator(): EntitySerializerValidatorInterface
+    {
+        static $validator;
+        if (null === $validator) {
+            $validator = new AppSerializerValidator($this->entitySerializer());
+        }
+
+        return $validator;
+    }
+}
diff --git a/tests/Api/ApigeeX/Controller/AppCredentialControllerTestBase.php b/tests/Api/ApigeeX/Controller/AppCredentialControllerTestBase.php
new file mode 100644
index 00000000..bf3b50a3
--- /dev/null
+++ b/tests/Api/ApigeeX/Controller/AppCredentialControllerTestBase.php
@@ -0,0 +1,348 @@
+<?php
+
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Apigee\Edge\Tests\Api\ApigeeX\Controller;
+
+use Apigee\Edge\Api\Management\Controller\AppCredentialControllerInterface;
+use Apigee\Edge\Api\Management\Entity\AppCredentialInterface;
+use Apigee\Edge\Api\Management\Entity\AppInterface;
+use Apigee\Edge\Api\Management\Entity\AppOwnerInterface;
+use Apigee\Edge\Structure\CredentialProductInterface;
+use Apigee\Edge\Tests\Api\Management\Entity\ApiProductTestEntityProviderTrait;
+use Apigee\Edge\Tests\Test\Controller\DefaultAPIClientAwareTrait;
+use Apigee\Edge\Tests\Test\Controller\DefaultTestOrganizationAwareTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityControllerTesterInterface;
+use Apigee\Edge\Tests\Test\TestClientFactory;
+use Apigee\Edge\Tests\Test\Utility\MarkOnlineTestSkippedAwareTrait;
+
+/**
+ * Base class for developer- and appgroup app credential tests.
+ */
+abstract class AppCredentialControllerTestBase extends EntityControllerTestBase
+{
+    use ApiProductControllerAwareTestTrait;
+    use ApiProductTestEntityProviderTrait;
+    use DefaultAPIClientAwareTrait;
+    use DefaultTestOrganizationAwareTrait;
+    use MarkOnlineTestSkippedAwareTrait;
+    // The order of these trait matters. Check @depends in test methods.
+    use AttributesAwareEntityControllerTestTrait;
+
+    /** @var \Apigee\Edge\Api\ApigeeX\Entity\ApiProductInterface */
+    protected static $testApiProduct;
+
+    /** @var \Apigee\Edge\Api\Management\Entity\AppOwnerInterface */
+    protected static $testAppOwner;
+
+    /** @var \Apigee\Edge\Api\Management\Entity\AppInterface */
+    protected static $testApp;
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function setUpBeforeClass(): void
+    {
+        parent::setUpBeforeClass();
+        static::$testApiProduct = static::getNewApiProduct();
+        static::$testAppOwner = static::setupTestAppOwner();
+        static::$testApp = static::setupTestApp(static::setupTestAppOwner());
+    }
+
+    public function testCreatedAppHasAnEmptyCredential(): void
+    {
+        /** @var \Apigee\Edge\Api\Management\Entity\DeveloperAppInterface $entity */
+        /** @var \Apigee\Edge\Api\Management\Controller\AppByOwnerControllerInterface $controller */
+        $entity = static::appByOwnerController()->load(static::$testApp->id());
+        $credentials = $entity->getCredentials();
+        $this->assertCount(1, $credentials);
+        /** @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
+        $credential = reset($credentials);
+        $this->assertCount(0, $credential->getApiProducts());
+        $this->assertNotEmpty($credential->getConsumerKey());
+        $this->assertNotEmpty($credential->getConsumerSecret());
+        $this->assertEquals(null, $credential->getExpiresAt());
+    }
+
+    /**
+     * @depends testCreatedAppHasAnEmptyCredential
+     *
+     * @return \Apigee\Edge\Api\Management\Entity\AppCredentialInterface
+     */
+    public function testCreate(): AppCredentialInterface
+    {
+        // Ensure that generated key always valid. (Random app names used by online tests can contain dot which is not
+        // valid according to Apigee Edge.)
+        $key = preg_replace('/[^A-Za-z0-9\-_]/', '', static::$testApp->getName() . '_key');
+        $secret = static::$testApp->getName() . '_secret';
+        $credential = static::entityController()->create($key, $secret);
+        $this->assertCount(0, $credential->getApiProducts());
+        $this->assertEquals($key, $credential->getConsumerKey());
+        $this->assertEquals($secret, $credential->getConsumerSecret());
+        $this->assertEquals(null, $credential->getExpiresAt());
+
+        return $credential;
+    }
+
+    /**
+     * @depends testCreate
+     *
+     * @param \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $created
+     *
+     * @return string
+     */
+    public function testLoad(AppCredentialInterface $created)
+    {
+        /** @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $loaded */
+        $loaded = static::entityController()->load($created->id());
+        $this->assertCount(count($loaded->getApiProducts()), $created->getApiProducts());
+        $this->assertEquals($created->getConsumerKey(), $loaded->getConsumerKey());
+        $this->assertEquals($created->getConsumerSecret(), $loaded->getConsumerSecret());
+        $this->assertEquals($created->getIssuedAt()->getTimestamp(), $loaded->getIssuedAt()->getTimestamp());
+        $this->assertEquals($created->getExpiresAt(), $loaded->getExpiresAt());
+
+        return $loaded->id();
+    }
+
+    /**
+     * @depends testLoad
+     *
+     * @param string $entityId
+     */
+    public function testAddProducts(string $entityId): void
+    {
+        static::apiProductController(static::defaultAPIClient())->create(static::$testApiProduct);
+        /** @var \Apigee\Edge\Api\Management\Controller\AppCredentialControllerInterface $controller */
+        $controller = $this->entityController();
+        $credential = $controller->addProducts($entityId, [static::$testApiProduct->id()]);
+        $productNames = $this->getCredentialProducts($credential);
+        $this->assertContains(static::$testApiProduct->id(), $productNames);
+    }
+
+    /**
+     * @depends testLoad
+     *
+     * @param string $entityId
+     */
+    public function testOverrideScopes(string $entityId): void
+    {
+        /** @var \Apigee\Edge\Api\Management\Controller\AppCredentialControllerInterface $controller */
+        $controller = $this->entityController();
+        /** @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
+        $credential = $controller->load($entityId);
+        $this->assertEmpty($credential->getScopes());
+        $credential = $controller->overrideScopes($entityId, ['scope 1']);
+        $this->assertContains('scope 1', $credential->getScopes());
+        if (TestClientFactory::isOfflineClient(static::defaultAPIClient())) {
+            $this->markTestIncomplete(__FUNCTION__ . ' can be completed only with an online API test client.');
+        }
+        $credential = $controller->overrideScopes($entityId, ['scope 2']);
+        $this->assertNotContains('scope 1', $credential->getScopes());
+        $this->assertContains('scope 2', $credential->getScopes());
+    }
+
+    /**
+     * @depends testLoad
+     *
+     * @group online
+     *
+     * @param string $entityId
+     */
+    public function testStatusChange(string $entityId): void
+    {
+        static::markOnlineTestSkipped(__FUNCTION__);
+        /** @var \Apigee\Edge\Api\Management\Controller\AppCredentialControllerInterface $controller */
+        $controller = static::entityController();
+        /* @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
+        $controller->setStatus($entityId, AppCredentialControllerInterface::STATUS_REVOKE);
+        $credential = $controller->load($entityId);
+        $this->assertEquals($credential->getStatus(), AppCredentialInterface::STATUS_REVOKED);
+        $controller->setStatus($entityId, AppCredentialControllerInterface::STATUS_APPROVE);
+        $credential = $controller->load($entityId);
+        $this->assertEquals($credential->getStatus(), AppCredentialInterface::STATUS_APPROVED);
+    }
+
+    /**
+     * @depends testLoad
+     *
+     * @group online
+     *
+     * @param string $entityId
+     */
+    public function testApiProductStatusChange(string $entityId): void
+    {
+        static::markOnlineTestSkipped(__FUNCTION__);
+        /** @var \Apigee\Edge\Api\Management\Controller\AppCredentialControllerInterface $controller */
+        $controller = static::entityController();
+        /* @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
+        $controller->setApiProductStatus(
+            $entityId,
+            static::$testApiProduct->id(),
+            AppCredentialControllerInterface::STATUS_REVOKE
+        );
+        $credential = $controller->load($entityId);
+        /** @var \Apigee\Edge\Structure\CredentialProduct $product */
+        foreach ($credential->getApiProducts() as $product) {
+            if ($product->getApiproduct() === static::$testApiProduct->id()) {
+                $this->assertEquals($product->getStatus(), CredentialProductInterface::STATUS_REVOKED);
+                break;
+            }
+        }
+        $controller->setApiProductStatus(
+            $entityId,
+            static::$testApiProduct->id(),
+            AppCredentialControllerInterface::STATUS_APPROVE
+        );
+        $credential = $controller->load($entityId);
+        foreach ($credential->getApiProducts() as $product) {
+            if ($product->getApiproduct() === static::$testApiProduct->id()) {
+                $this->assertEquals($product->getStatus(), CredentialProductInterface::STATUS_APPROVED);
+                break;
+            }
+        }
+    }
+
+    /**
+     * @group online
+     *
+     * @return string
+     */
+    public function testGenerate(): string
+    {
+        static::markOnlineTestSkipped(__FUNCTION__);
+        /** @var \Apigee\Edge\Api\Management\Controller\AppCredentialControllerInterface $controller */
+        $controller = $this->entityController();
+        /** @var \Apigee\Edge\Api\Management\Entity\AppInterface $app */
+        $app = static::appByOwnerController()->load(static::$testApp->id());
+        /** @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
+        $credential = $controller->generate(
+            [static::$testApiProduct->id()],
+            $app->getAttributes(),
+            $app->getCallbackUrl(),
+            ['scope 1'],
+            604800000
+        );
+
+        $productNames = $this->getCredentialProducts($credential);
+        $this->assertContains(static::$testApiProduct->id(), $productNames);
+        $this->assertContains('scope 1', $credential->getScopes());
+        // Thanks for the offline tests, we can not expect a concrete value
+        // here.
+        $this->assertNotEquals('-1', $credential->getExpiresAt());
+        /** @var \Apigee\Edge\Api\Management\Entity\AppInterface $updatedApp */
+        $updatedApp = static::appByOwnerController()->load(static::$testApp->id());
+        // Credential generation should not deleted any previously existing app
+        // credentials.
+        $this->assertEquals($app->getAttributes(), $updatedApp->getAttributes());
+
+        return $credential->id();
+    }
+
+    /**
+     * @depends testGenerate
+     *
+     * @group online
+     */
+    public function testDeleteApiProduct(string $entityId): void
+    {
+        static::markOnlineTestSkipped(__FUNCTION__);
+        /** @var \Apigee\Edge\Api\Management\Controller\AppCredentialControllerInterface $controller */
+        $controller = static::entityController();
+        /** @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
+        $credential = $controller->load($entityId);
+        $productNames = $this->getCredentialProducts($credential);
+        $this->assertContains(static::$testApiProduct->id(), $productNames);
+        /* @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
+        $controller->deleteApiProduct(
+            $entityId,
+            static::$testApiProduct->id()
+        );
+        $credential = $controller->load($entityId);
+        $productNames = $this->getCredentialProducts($credential);
+        $this->assertNotContains(static::$testApiProduct->id(), $productNames);
+    }
+
+    /**
+     * @depends testGenerate
+     */
+    public function testAddAttributesToEntity(): string
+    {
+        /** @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
+        $credentials = static::$testApp->getCredentials();
+        $credential = reset($credentials);
+        /** @var \Apigee\Edge\Structure\AttributesProperty $attributes */
+        $attributes = $credential->getAttributes();
+        $originalAttributes = $attributes->values();
+        $attributes->add('name1', 'value1');
+        $attributes->add('name2', 'value2');
+        /** @var \Apigee\Edge\Structure\AttributesProperty $attributesProperty */
+        $attributesProperty = static::entityController()->updateAttributes($credential->id(), $attributes);
+        /** @var array $newAttributes */
+        $newAttributes = $attributesProperty->values();
+        $this->assertArraySubset($originalAttributes, $newAttributes);
+        $this->assertArrayHasKey('name1', $newAttributes);
+        $this->assertArrayHasKey('name2', $newAttributes);
+        $this->assertEquals('value1', $newAttributes['name1']);
+        $this->assertEquals('value2', $newAttributes['name2']);
+
+        return $credential->id();
+    }
+
+    /**
+     * @depends testCreatedAppHasAnEmptyCredential
+     *
+     * @group online
+     */
+    public function testDelete(): void
+    {
+        static::markOnlineTestSkipped(__FUNCTION__);
+        $newCredential = static::entityController()->generate(
+            [static::$testApiProduct->id()],
+            static::$testApp->getAttributes(),
+            static::$testApp->getCallbackUrl(),
+            ['scope 1'],
+            604800000
+        );
+        static::$testApp = static::appByOwnerController()->load(static::$testApp->id());
+        static::entityController()->delete($newCredential->id());
+        static::$testApp = static::appByOwnerController()->load(static::$testApp->id());
+        $found = false;
+        foreach (static::$testApp->getCredentials() as $cred) {
+            if ($newCredential->id() === $cred->id()) {
+                $found = true;
+            }
+        }
+        $this->assertFalse($found, 'Credential credential has not been deleted.');
+    }
+
+    abstract protected static function setupTestApp(AppOwnerInterface $appOwner): AppInterface;
+
+    abstract protected static function setupTestAppOwner(): AppOwnerInterface;
+
+    /**
+     * @return \Apigee\Edge\Tests\Test\Controller\EntityControllerTesterInterface|\Apigee\Edge\Api\Management\Controller\AppByOwnerControllerInterface
+     */
+    abstract protected static function appByOwnerController(): EntityControllerTesterInterface;
+
+    private function getCredentialProducts(AppCredentialInterface $credential)
+    {
+        return array_map(function ($product) {
+            /* @var \Apigee\Edge\Structure\CredentialProduct $product */
+            return $product->getApiproduct();
+        }, $credential->getApiProducts());
+    }
+}
diff --git a/tests/Api/ApigeeX/Controller/AppGroupAppControllerAwareTestTrait.php b/tests/Api/ApigeeX/Controller/AppGroupAppControllerAwareTestTrait.php
new file mode 100644
index 00000000..bd7383ec
--- /dev/null
+++ b/tests/Api/ApigeeX/Controller/AppGroupAppControllerAwareTestTrait.php
@@ -0,0 +1,47 @@
+<?php
+
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Apigee\Edge\Tests\Api\ApigeeX\Controller;
+
+use Apigee\Edge\Api\ApigeeX\Controller\AppGroupAppController;
+use Apigee\Edge\Api\ApigeeX\Entity\AppGroupInterface;
+use Apigee\Edge\ClientInterface;
+use Apigee\Edge\Tests\Test\Controller\DefaultAPIClientAwareTrait;
+use Apigee\Edge\Tests\Test\Controller\DefaultTestOrganizationAwareTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityControllerTester;
+use Apigee\Edge\Tests\Test\Controller\EntityControllerTesterInterface;
+
+trait AppGroupAppControllerAwareTestTrait
+{
+    use DefaultTestOrganizationAwareTrait;
+    use DefaultAPIClientAwareTrait;
+
+    /**
+     * @param \Apigee\Edge\ClientInterface|null $client
+     *
+     * @return \Apigee\Edge\Tests\Test\Controller\EntityControllerTesterInterface|\Apigee\Edge\Api\ApigeeX\Controller\AppGroupAppControllerInterface
+     */
+    protected static function appGroupAppController(ClientInterface $client = null): EntityControllerTesterInterface
+    {
+        $client = $client ?? static::defaultAPIClient();
+
+        return new EntityControllerTester(new AppGroupAppController(static::defaultTestOrganization($client), static::appGroupAppControllerAppGroupAppOwner()->id(), $client));
+    }
+
+    abstract protected static function appGroupAppControllerAppGroupAppOwner(): AppGroupInterface;
+}
diff --git a/tests/Api/ApigeeX/Controller/AppGroupAppControllerTest.php b/tests/Api/ApigeeX/Controller/AppGroupAppControllerTest.php
new file mode 100644
index 00000000..fb05e307
--- /dev/null
+++ b/tests/Api/ApigeeX/Controller/AppGroupAppControllerTest.php
@@ -0,0 +1,105 @@
+<?php
+
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Apigee\Edge\Tests\Api\ApigeeX\Controller;
+
+use Apigee\Edge\Api\ApigeeX\Entity\AppGroupInterface;
+use Apigee\Edge\ClientInterface;
+use Apigee\Edge\Entity\EntityInterface;
+use Apigee\Edge\Tests\Api\ApigeeX\Entity\AppGroupAppTestEntityProviderTrait;
+use Apigee\Edge\Tests\Api\ApigeeX\Entity\AppGroupTestEntityProviderTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityControllerTesterInterface;
+use Apigee\Edge\Tests\Test\Controller\EntityCreateOperationControllerTester;
+use Apigee\Edge\Tests\Test\Controller\EntityCreateOperationTestControllerTesterInterface;
+use Apigee\Edge\Tests\Test\TestClientFactory;
+
+/**
+ * Class AppGroupAppControllerTest.
+ *
+ * @group controller
+ * @group management
+ */
+class AppGroupAppControllerTest extends AppControllerTestBase
+{
+    use AppGroupAppControllerAwareTestTrait;
+    use AppGroupAppTestEntityProviderTrait;
+    use AppGroupControllerAwareTestTrait;
+    use AppGroupTestEntityProviderTrait;
+
+    /** @var \Apigee\Edge\Api\Management\Entity\AppGroupInterface */
+    protected static $testAppGroup;
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function setUpBeforeClass(): void
+    {
+        parent::setUpBeforeClass();
+        static::$testAppGroup = static::getNewAppGroup();
+        static::appGroupController(static::defaultAPIClient())->create(static::$testAppGroup);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected static function entityController(ClientInterface $client = null): EntityControllerTesterInterface
+    {
+        return static::appGroupAppController($client);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected static function getNewEntity(): EntityInterface
+    {
+        return static::getNewAppGroupApp([static::$testApiProduct->id()], !TestClientFactory::isOfflineClient(static::defaultAPIClient()));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function entityForUpdateTest(EntityInterface $existing): EntityInterface
+    {
+        /* @var \Apigee\Edge\Api\Management\Entity\AppGroupAppInterface $existing */
+        return static::getUpdatedAppGroupApp($existing, !TestClientFactory::isOfflineClient(static::defaultAPIClient()));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected static function entityCreateOperationTestController(): EntityCreateOperationTestControllerTesterInterface
+    {
+        return new EntityCreateOperationControllerTester(static::entityController());
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected static function appGroupAppControllerAppGroupAppOwner(): AppGroupInterface
+    {
+        return static::$testAppGroup;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function reloadAppOwner()
+    {
+        return static::appGroupController()->load(static::$testAppGroup->id());
+    }
+}
diff --git a/tests/Api/ApigeeX/Controller/AppGroupAppCredentialControllerTest.php b/tests/Api/ApigeeX/Controller/AppGroupAppCredentialControllerTest.php
new file mode 100644
index 00000000..85562193
--- /dev/null
+++ b/tests/Api/ApigeeX/Controller/AppGroupAppCredentialControllerTest.php
@@ -0,0 +1,92 @@
+<?php
+
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Apigee\Edge\Tests\Api\ApigeeX\Controller;
+
+use Apigee\Edge\Api\ApigeeX\Controller\AppGroupAppCredentialController;
+use Apigee\Edge\Api\ApigeeX\Entity\AppGroupInterface;
+use Apigee\Edge\Api\Management\Entity\AppInterface;
+use Apigee\Edge\Api\Management\Entity\AppOwnerInterface;
+use Apigee\Edge\ClientInterface;
+use Apigee\Edge\Entity\EntityInterface;
+use Apigee\Edge\Tests\Api\ApigeeX\Entity\AppGroupAppTestEntityProviderTrait;
+use Apigee\Edge\Tests\Api\ApigeeX\Entity\AppGroupTestEntityProviderTrait;
+use Apigee\Edge\Tests\Test\Controller\EntityControllerTester;
+use Apigee\Edge\Tests\Test\Controller\EntityControllerTesterInterface;
+use Apigee\Edge\Tests\Test\Controller\EntityCreateOperationControllerTester;
+use Apigee\Edge\Tests\Test\Controller\EntityCreateOperationTestControllerTesterInterface;
+
+/**
+ * Class AppGroupAppCredentialControllerTest.
+ *
+ * @group controller
+ * @group management
+ */
+class AppGroupAppCredentialControllerTest extends AppCredentialControllerTestBase
+{
+    use AppGroupControllerAwareTestTrait;
+    use AppGroupAppControllerAwareTestTrait;
+    use AppGroupTestEntityProviderTrait;
+    use AppGroupAppTestEntityProviderTrait;
+
+    /**
+     * {@inheritdoc}
+     */
+    protected static function entityController(ClientInterface $client = null): EntityControllerTesterInterface
+    {
+        $client = $client ?? static::defaultAPIClient();
+
+        return new EntityControllerTester(new AppGroupAppCredentialController(static::defaultTestOrganization($client), static::$testAppOwner->id(), static::$testApp->id(), $client));
+    }
+
+    protected static function setupTestApp(AppOwnerInterface $appOwner): AppInterface
+    {
+        $app = static::getNewAppGroupApp();
+        static::appGroupAppController()->create($app);
+
+        return $app;
+    }
+
+    protected static function setupTestAppOwner(): AppOwnerInterface
+    {
+        $appGroup = static::getNewAppGroup();
+        static::appGroupController()->create($appGroup);
+
+        return $appGroup;
+    }
+
+    protected static function appGroupAppControllerAppGroupAppOwner(): AppGroupInterface
+    {
+        return static::$testAppOwner;
+    }
+
+    protected static function entityCreateOperationTestController(): EntityCreateOperationTestControllerTesterInterface
+    {
+        return new EntityCreateOperationControllerTester(static::appGroupAppController());
+    }
+
+    protected static function getNewEntity(): EntityInterface
+    {
+        return static::getNewAppGroupApp();
+    }
+
+    protected static function appByOwnerController(): EntityControllerTesterInterface
+    {
+        return static::appGroupAppController();
+    }
+}
diff --git a/tests/Api/ApigeeX/Entity/AppGroupAppTestEntityProviderTrait.php b/tests/Api/ApigeeX/Entity/AppGroupAppTestEntityProviderTrait.php
new file mode 100644
index 00000000..3f3f7c54
--- /dev/null
+++ b/tests/Api/ApigeeX/Entity/AppGroupAppTestEntityProviderTrait.php
@@ -0,0 +1,56 @@
+<?php
+
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Apigee\Edge\Tests\Api\ApigeeX\Entity;
+
+use Apigee\Edge\Api\ApigeeX\Entity\AppGroupApp;
+use Apigee\Edge\Api\ApigeeX\Entity\AppGroupAppInterface;
+use Apigee\Edge\Structure\AttributesProperty;
+use Apigee\Edge\Tests\Test\Utility\RandomGeneratorAwareTrait;
+
+trait AppGroupAppTestEntityProviderTrait
+{
+    use RandomGeneratorAwareTrait;
+
+    protected static function getNewAppGroupApp(array $apiProducts = [], bool $randomData = true): AppGroupAppInterface
+    {
+        $entity = new AppGroupApp([
+            'name' => $randomData ? static::randomGenerator()->machineName() : 'phpunit_test_app',
+            'apiProducts' => $apiProducts,
+            'callbackUrl' => 'http://example.com',
+        ]);
+        $entity->setDisplayName($randomData ? static::randomGenerator()->displayName() : 'PHP Unit: Test app');
+        $entity->setDescription($randomData ? static::randomGenerator()->text() : 'This is a test app created by PHP Unit.');
+        // We have to use this trick to ensure the order of the attributes is
+        // the same as Apigee Edge returns.
+        $entity->setAttributes(new AttributesProperty(['DisplayName' => $entity->getDisplayName(), 'Notes' => $entity->getDescription(), 'foo' => 'bar']));
+
+        return $entity;
+    }
+
+    protected static function getUpdatedAppGroupApp(AppGroupAppInterface $existing, bool $randomData = true): AppGroupAppInterface
+    {
+        $updated = clone $existing;
+        $updated->setCallbackUrl('http://foo.example.com');
+        $updated->setAttributes(new AttributesProperty(['foo' => 'foo', 'bar' => 'baz']));
+        $updated->setDisplayName($randomData ? static::randomGenerator()->displayName() : '(Edited) PHP Unit: Test app');
+        $updated->setDescription($randomData ? static::randomGenerator()->text() : '(Edited) This is a test app created by PHP Unit.');
+
+        return $updated;
+    }
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/apiproducts/POST.json b/tests/offline-test-data/v1/organizations/phpunit/apiproducts/POST.json
index 398921d5..3f3bd2f3 100644
--- a/tests/offline-test-data/v1/organizations/phpunit/apiproducts/POST.json
+++ b/tests/offline-test-data/v1/organizations/phpunit/apiproducts/POST.json
@@ -7,11 +7,11 @@
             "value": "bar"
         }
     ],
-    "createdAt": 648345600000,
+    "createdAt": "648345600000",
     "createdBy": "phpunit@example.com",
     "displayName": "PHP Unit Test product",
     "environments": [],
-    "lastModifiedAt": 648345600000,
+    "lastModifiedAt": "648345600000",
     "lastModifiedBy": "phpunit@example.com",
     "name": "phpunit_test",
     "proxies": [],
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/GET.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/GET.json
new file mode 100644
index 00000000..e3c1950c
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/GET.json
@@ -0,0 +1,206 @@
+{
+    "app": [
+        {
+            "appFamily": "default",
+            "appId": "a47891c5-ca20-4f2f-975e-0e7588ec81f0",
+            "attributes": [
+                {
+                    "name": "DisplayName",
+                    "value": "PHP Unit: Test app"
+                },
+                {
+                    "name": "Notes",
+                    "value": "This is a test app created by PHP Unit."
+                },
+                {
+                    "name": "foo",
+                    "value": "foo"
+                },
+                {
+                    "name": "bar",
+                    "value": "baz"
+                }
+            ],
+            "callbackUrl": "http://foo.example.com",
+            "createdAt": 648345600000,
+            "createdBy": "phpunit@example.com",
+            "credentials": [
+                {
+                    "apiProducts": [],
+                    "attributes": [],
+                    "consumerKey": "Zww6GKaGRxQFGkfE36vgSN0eoac1Ymk3",
+                    "consumerSecret": "LtdYkcmgDYV7kzxz",
+                    "issuedAt": 648345600000,
+                    "scopes": [],
+                    "status": "approved"
+                }
+            ],
+            "appGroup": "phpunit",
+            "lastModifiedAt": 648345600000,
+            "lastModifiedBy": "phpunit@example.com",
+            "name": "phpunit_test_app",
+            "scopes": [],
+            "status": "approved"
+        },
+        {
+            "appFamily": "default",
+            "appId": "b3e71cbb-7eb5-1111-b384-ac82bca1d9dc",
+            "attributes": [
+                {
+                    "name": "DisplayName",
+                    "value": "PHP Unit: Test app"
+                },
+                {
+                    "name": "Notes",
+                    "value": "This is a test app created by PHP Unit."
+                },
+                {
+                    "name": "foo",
+                    "value": "bar"
+                }
+            ],
+            "callbackUrl": "http://example.com",
+            "createdAt": 648345600000,
+            "createdBy": "phpunit@example.com",
+            "credentials": [
+                {
+                    "apiProducts": [],
+                    "attributes": [],
+                    "consumerKey": "Zww6GKaGRxQFGkfE36vgSN0eoac1Ymk3",
+                    "consumerSecret": "LtdYkcmgDYV7kzxz",
+                    "issuedAt": 648345600000,
+                    "scopes": [],
+                    "status": "approved"
+                }
+            ],
+            "appGroup": "phpunit",
+            "lastModifiedAt": 648345600000,
+            "lastModifiedBy": "phpunit@example.com",
+            "name": "1phpunit_test_app",
+            "scopes": [],
+            "status": "approved"
+        },
+        {
+            "appFamily": "default",
+            "appId": "b3e71cbb-7eb5-2222-b384-ac82bca1d9dc",
+            "attributes": [
+                {
+                    "name": "DisplayName",
+                    "value": "PHP Unit: Test app"
+                },
+                {
+                    "name": "Notes",
+                    "value": "This is a test app created by PHP Unit."
+                },
+                {
+                    "name": "foo",
+                    "value": "foo"
+                },
+                {
+                    "name": "bar",
+                    "value": "baz"
+                }
+            ],
+            "callbackUrl": "http://example.com",
+            "createdAt": 648345600000,
+            "createdBy": "phpunit@example.com",
+            "credentials": [
+                {
+                    "apiProducts": [],
+                    "attributes": [],
+                    "consumerKey": "wAXAIiOr2oJOVGqFltnm3Jwr2LE0GEuY",
+                    "consumerSecret": "S8YjnsjmdBqDAegR",
+                    "issuedAt": 648345600000,
+                    "scopes": [],
+                    "status": "approved"
+                }
+            ],
+            "appGroup": "phpunit",
+            "lastModifiedAt": 648345600000,
+            "lastModifiedBy": "phpunit@example.com",
+            "name": "2phpunit_test_app",
+            "scopes": [],
+            "status": "approved"
+        },
+        {
+            "appFamily": "default",
+            "appId": "b3e71cbb-7eb5-3333-b384-ac82bca1d9dc",
+            "attributes": [
+                {
+                    "name": "DisplayName",
+                    "value": "PHP Unit: Test app"
+                },
+                {
+                    "name": "Notes",
+                    "value": "This is a test app created by PHP Unit."
+                },
+                {
+                    "name": "foo",
+                    "value": "bar"
+                }
+            ],
+            "callbackUrl": "http://example.com",
+            "createdAt": 648345600000,
+            "createdBy": "phpunit@example.com",
+            "credentials": [
+                {
+                    "apiProducts": [],
+                    "attributes": [],
+                    "consumerKey": "wAXAIiOr2oJOVGqFltnm3Jwr2LE0GEuY",
+                    "consumerSecret": "S8YjnsjmdBqDAegR",
+                    "issuedAt": 648345600000,
+                    "scopes": [],
+                    "status": "approved"
+                }
+            ],
+            "appGroup": "phpunit",
+            "lastModifiedAt": 648345600000,
+            "lastModifiedBy": "phpunit@example.com",
+            "name": "3phpunit_test_app",
+            "scopes": [],
+            "status": "approved"
+        },
+        {
+            "appFamily": "default",
+            "appId": "b3e71cbb-7eb5-4444-b384-ac82bca1d9dc",
+            "attributes": [
+                {
+                    "name": "DisplayName",
+                    "value": "PHP Unit: Test app"
+                },
+                {
+                    "name": "Notes",
+                    "value": "This is a test app created by PHP Unit."
+                },
+                {
+                    "name": "foo",
+                    "value": "foo"
+                },
+                {
+                    "name": "bar",
+                    "value": "baz"
+                }
+            ],
+            "callbackUrl": "http://example.com",
+            "createdAt": 648345600000,
+            "createdBy": "phpunit@example.com",
+            "credentials": [
+                {
+                    "apiProducts": [],
+                    "attributes": [],
+                    "consumerKey": "wAXAIiOr2oJOVGqFltnm3Jwr2LE0GEuY",
+                    "consumerSecret": "S8YjnsjmdBqDAegR",
+                    "issuedAt": 648345600000,
+                    "scopes": [],
+                    "status": "approved"
+                }
+            ],
+            "appGroup": "phpunit",
+            "lastModifiedAt": 648345600000,
+            "lastModifiedBy": "phpunit@example.com",
+            "name": "4phpunit_test_app",
+            "scopes": [],
+            "status": "approved"
+        }
+    ]
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/POST.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/POST.json
new file mode 100644
index 00000000..3bfce4a0
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/POST.json
@@ -0,0 +1,38 @@
+{
+    "appId": "f98678b9-4d1b-4927-ba17-62e6efaadfcc",
+    "attributes": [
+        {
+            "name": "DisplayName",
+            "value": "PHP Unit: Test app"
+        },
+        {
+            "name": "Notes",
+            "value": "This is a test app created by PHP Unit."
+        },
+        {
+            "name": "foo",
+            "value": "bar"
+        }
+    ],
+    "callbackUrl": "http://example.com",
+    "createdAt": 648345600000,
+    "createdBy": "phpunit@example.com",
+    "credentials": [
+        {
+            "apiProducts": [],
+            "attributes": [],
+            "consumerKey": "0YQxigR9Fcbo1vKLBrM5QRWgXx6nU1k1",
+            "consumerSecret": "6DwTp11hKT4fap65",
+            "expiresAt": -1,
+            "issuedAt": 648345600000,
+            "scopes": [],
+            "status": "approved"
+        }
+    ],
+    "appGroup": "phpunit",
+    "lastModifiedAt": 648345600000,
+    "lastModifiedBy": "phpunit@example.com",
+    "name": "phpunit_test_app",
+    "scopes": [],
+    "status": "approved"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/GET.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/GET.json
new file mode 100644
index 00000000..0f9aa94a
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/GET.json
@@ -0,0 +1,39 @@
+{
+    "appFamily": "default",
+    "appId": "f98678b9-4d1b-4927-ba17-62e6efaadfcc",
+    "attributes": [
+        {
+            "name": "DisplayName",
+            "value": "PHP Unit: Test app"
+        },
+        {
+            "name": "Notes",
+            "value": "This is a test app created by PHP Unit."
+        },
+        {
+            "name": "foo",
+            "value": "bar"
+        }
+    ],
+    "callbackUrl": "http://example.com",
+    "createdAt": 648345600000,
+    "createdBy": "phpunit@example.com",
+    "credentials": [
+        {
+            "apiProducts": [],
+            "attributes": [],
+            "consumerKey": "0YQxigR9Fcbo1vKLBrM5QRWgXx6nU1k1",
+            "consumerSecret": "6DwTp11hKT4fap65",
+            "expiresAt": -1,
+            "issuedAt": 648345600000,
+            "scopes": [],
+            "status": "approved"
+        }
+    ],
+    "appGroup": "phpunit",
+    "lastModifiedAt": 648345600000,
+    "lastModifiedBy": "phpunit@example.com",
+    "name": "phpunit_test_app",
+    "scopes": [],
+    "status": "approved"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/PUT.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/PUT.json
new file mode 100644
index 00000000..38f828f6
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/PUT.json
@@ -0,0 +1,42 @@
+{
+    "appId": "f98678b9-4d1b-4927-ba17-62e6efaadfcc",
+    "attributes": [
+        {
+            "name": "foo",
+            "value": "foo"
+        },
+        {
+            "name": "bar",
+            "value": "baz"
+        },
+        {
+            "name": "DisplayName",
+            "value": "(Edited) PHP Unit: Test app"
+        },
+        {
+            "name": "Notes",
+            "value": "(Edited) This is a test app created by PHP Unit."
+        }
+    ],
+    "callbackUrl": "http://foo.example.com",
+    "createdAt": 648345600000,
+    "createdBy": "phpunit@example.com",
+    "credentials": [
+        {
+            "apiProducts": [],
+            "attributes": [],
+            "consumerKey": "0YQxigR9Fcbo1vKLBrM5QRWgXx6nU1k1",
+            "consumerSecret": "6DwTp11hKT4fap65",
+            "expiresAt": -1,
+            "issuedAt": 648345600000,
+            "scopes": [],
+            "status": "approved"
+        }
+    ],
+    "appGroup": "phpunit",
+    "lastModifiedAt": 648345600000,
+    "lastModifiedBy": "phpunit@example.com",
+    "name": "phpunit_test_app",
+    "scopes": [],
+    "status": "approved"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/GET.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/GET.json
new file mode 100644
index 00000000..b8e46ed5
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/GET.json
@@ -0,0 +1,16 @@
+{
+    "attribute": [
+        {
+            "name": "foo",
+            "value": "bar"
+        },
+        {
+            "name": "name1",
+            "value": "value1"
+        },
+        {
+            "name": "name2",
+            "value": "value2"
+        }
+    ]
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/POST.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/POST.json
new file mode 100644
index 00000000..ef0e2310
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/POST.json
@@ -0,0 +1,24 @@
+{
+    "attribute": [
+        {
+            "name": "foo",
+            "value": "bar"
+        },
+        {
+            "name": "name1",
+            "value": "value1"
+        },
+        {
+            "name": "name2",
+            "value": "value2"
+        },
+        {
+            "name": "DisplayName",
+            "value": "PHP Unit: Test app"
+        },
+        {
+            "name": "Notes",
+            "value": "This is a test app created by PHP Unit."
+        }
+    ]
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/name1/GET.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/name1/GET.json
new file mode 100644
index 00000000..70781593
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/name1/GET.json
@@ -0,0 +1,4 @@
+{
+    "name": "name1",
+    "value": "value1"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/name1/POST.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/name1/POST.json
new file mode 100644
index 00000000..9edebb0a
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/attributes/name1/POST.json
@@ -0,0 +1,4 @@
+{
+    "name": "name1",
+    "value": "value1-edited"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/create/POST.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/create/POST.json
new file mode 100644
index 00000000..c9ab77b8
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/create/POST.json
@@ -0,0 +1,9 @@
+{
+    "apiProducts": [],
+    "attributes": [],
+    "consumerKey": "phpunit_test_app_key",
+    "consumerSecret": "phpunit_test_app_secret",
+    "issuedAt": 648345600000,
+    "scopes": [],
+    "status": "approved"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/GET.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/GET.json
new file mode 100644
index 00000000..77813e98
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/GET.json
@@ -0,0 +1,10 @@
+{
+    "apiProducts": [],
+    "attributes": [],
+    "consumerKey": "phpunit_test_app_key",
+    "consumerSecret": "phpunit_test_app_secret",
+    "expiresAt": -1,
+    "issuedAt": 648345600000,
+    "scopes": [],
+    "status": "approved"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/POST.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/POST.json
new file mode 100644
index 00000000..d868a733
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/POST.json
@@ -0,0 +1,15 @@
+{
+    "apiProducts": [
+        {
+            "apiproduct": "phpunit_test",
+            "status": "approved"
+        }
+    ],
+    "attributes": [],
+    "consumerKey": "phpunit_test_app_key",
+    "consumerSecret": "phpunit_test_app_secret",
+    "expiresAt": -1,
+    "issuedAt": 648345600000,
+    "scopes": [],
+    "status": "approved"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/PUT.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/PUT.json
new file mode 100644
index 00000000..28798535
--- /dev/null
+++ b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/apps/phpunit_test_app/keys/phpunit_test_app_key/PUT.json
@@ -0,0 +1,17 @@
+{
+    "apiProducts": [
+        {
+            "apiproduct": "phpunit_test",
+            "status": "approved"
+        }
+    ],
+    "attributes": [],
+    "consumerKey": "phpunit_test_app_key",
+    "consumerSecret": "phpunit_test_app_secret",
+    "expiresAt": -1,
+    "issuedAt": 648345600000,
+    "scopes": [
+        "scope 1"
+    ],
+    "status": "approved"
+}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/GET.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/GET.json
deleted file mode 100644
index 98cc96d6..00000000
--- a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/GET.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-    "developer": [
-    ]
-}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/POST.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/POST.json
deleted file mode 100644
index 0bb140db..00000000
--- a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/POST.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-    "developer": [
-        {
-            "email": "phpunit@example.com",
-            "role": "simple member"
-        }
-    ]
-}
diff --git a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/phpunit@example.com/DELETE.json b/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/phpunit@example.com/DELETE.json
deleted file mode 100644
index 98cc96d6..00000000
--- a/tests/offline-test-data/v1/organizations/phpunit/appgroups/phpunit/developers/phpunit@example.com/DELETE.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-    "developer": [
-    ]
-}