diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml
index a2d352ae..255ce74f 100644
--- a/.github/actions/build-proxies/action.yml
+++ b/.github/actions/build-proxies/action.yml
@@ -54,7 +54,12 @@ runs:
       working-directory: .
       shell: bash
       run: |
-        make build-json-oas-spec APIM_ENV=dev
+        if [ -z $PR_NUMBER ]
+        then
+          make build-json-oas-spec APIM_ENV=dev
+        else
+          make build-json-oas-spec APIM_ENV=dev-pr
+        fi
 
     - name: Set target
       shell: bash
diff --git a/.tool-versions b/.tool-versions
index d847774c..8fd35386 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -8,6 +8,7 @@ terraform 1.10.1
 terraform-docs 0.19.0
 trivy 0.61.0
 vale 3.6.0
+poetry 2.1.4
 
 # ==============================================================================
 # The section below is reserved for Docker image versions.
diff --git a/Makefile b/Makefile
index 69922f07..1efc73f5 100644
--- a/Makefile
+++ b/Makefile
@@ -53,9 +53,16 @@ set-access: guard-APIM_ENV
 	envsubst '$${ACCESS}' \
 	< specification/api/components/x-nhsd-apim/access-template.yml > specification/api/components/x-nhsd-apim/access.yml
 
+set-security: guard-APIM_ENV
+	@ SECURITY=security-$$APIM_ENV.yml \
+	envsubst '$${SECURITY}' \
+	< specification/api/components/security/security-template.yml > specification/api/components/security/security.yml
+
 construct-spec: guard-APIM_ENV
 	$(MAKE) set-target APIM_ENV=$$APIM_ENV
 	$(MAKE) set-access APIM_ENV=$$APIM_ENV
+	$(MAKE) set-security APIM_ENV=$$APIM_ENV
+
 
 
 build-json-oas-spec: guard-APIM_ENV
diff --git a/specification/api/components/security/security-dev-pr.yml b/specification/api/components/security/security-dev-pr.yml
new file mode 100644
index 00000000..8a4ddb31
--- /dev/null
+++ b/specification/api/components/security/security-dev-pr.yml
@@ -0,0 +1 @@
+app-level0: []
diff --git a/specification/api/components/security/security-dev.yml b/specification/api/components/security/security-dev.yml
new file mode 100644
index 00000000..878d7f27
--- /dev/null
+++ b/specification/api/components/security/security-dev.yml
@@ -0,0 +1 @@
+app-level3: [ ]
diff --git a/specification/api/components/security/security-sandbox.yml b/specification/api/components/security/security-sandbox.yml
new file mode 100644
index 00000000..8a4ddb31
--- /dev/null
+++ b/specification/api/components/security/security-sandbox.yml
@@ -0,0 +1 @@
+app-level0: []
diff --git a/specification/api/components/security/security-template.yml b/specification/api/components/security/security-template.yml
new file mode 100644
index 00000000..ffd1d328
--- /dev/null
+++ b/specification/api/components/security/security-template.yml
@@ -0,0 +1 @@
+$ref: $SECURITY
diff --git a/specification/api/components/security/security.yml b/specification/api/components/security/security.yml
new file mode 100644
index 00000000..fcb0445a
--- /dev/null
+++ b/specification/api/components/security/security.yml
@@ -0,0 +1 @@
+$ref: security-dev-pr.yml
diff --git a/specification/api/components/x-nhsd-apim/access-dev-pr.yml b/specification/api/components/x-nhsd-apim/access-dev-pr.yml
new file mode 100644
index 00000000..a74f73d2
--- /dev/null
+++ b/specification/api/components/x-nhsd-apim/access-dev-pr.yml
@@ -0,0 +1,3 @@
+- title: Application Restricted
+  grants:
+    app-level0: []
diff --git a/specification/api/components/x-nhsd-apim/access-dev.yml b/specification/api/components/x-nhsd-apim/access-dev.yml
index e7268b38..de21d5dc 100644
--- a/specification/api/components/x-nhsd-apim/access-dev.yml
+++ b/specification/api/components/x-nhsd-apim/access-dev.yml
@@ -1,4 +1,3 @@
 - title: Application Restricted
   grants:
-    app-level0: []
     app-level3: []
diff --git a/specification/api/components/x-nhsd-apim/access.yml b/specification/api/components/x-nhsd-apim/access.yml
index 95f5f0b9..3575e12d 100644
--- a/specification/api/components/x-nhsd-apim/access.yml
+++ b/specification/api/components/x-nhsd-apim/access.yml
@@ -1 +1 @@
-$ref: access-sandbox.yml
+$ref: access-dev-pr.yml
diff --git a/specification/api/components/x-nhsd-apim/target-dev-pr.yml b/specification/api/components/x-nhsd-apim/target-dev-pr.yml
new file mode 100644
index 00000000..c779aa5d
--- /dev/null
+++ b/specification/api/components/x-nhsd-apim/target-dev-pr.yml
@@ -0,0 +1,7 @@
+type: external
+healthcheck: /_status
+url: https://suppliers.dev.nhsnotify.national.nhs.uk
+security:
+  type: apikey
+  header: Authorization
+  secret: nhs-notify-supplier-key
diff --git a/specification/api/components/x-nhsd-apim/target.yml b/specification/api/components/x-nhsd-apim/target.yml
index b24b21da..db3f3af0 100644
--- a/specification/api/components/x-nhsd-apim/target.yml
+++ b/specification/api/components/x-nhsd-apim/target.yml
@@ -1 +1 @@
-$ref: target-sandbox.yml
+$ref: target-dev-pr.yml
diff --git a/specification/api/notify-supplier-phase1.yml b/specification/api/notify-supplier-phase1.yml
index 620b2849..374c784c 100644
--- a/specification/api/notify-supplier-phase1.yml
+++ b/specification/api/notify-supplier-phase1.yml
@@ -8,7 +8,7 @@ info:
     This specification represents the in-development 'next' version of the API schema
     and should be treated as unstable.
 security:
-  - app-level0: [ ]
+  - $ref: 'components/security/security.yml'
 paths:
   /letters:
     parameters:
@@ -55,10 +55,11 @@ paths:
       $ref: 'components/endpoints/headDataId.yml'
 components:
   securitySchemes:
-    nhs-login-p0:
-      $ref: https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/nhs-login-p0
+    app-level3:
+      $ref: https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/app-level3
     app-level0:
       $ref: https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/app-level0
+
 tags:
   - name: letter
     description: ''