What are Smokeball Apps?
Smokeball apps are self-contained applications that extend Smokeball’s functionality by integrating with firm data and workflows. Apps provide a secure, standardized way for third-party developers and firms to build custom solutions on top of the Smokeball platform.App Architecture
Components
A Smokeball app typically consists of:- Client Application - Your web, desktop, or mobile application
- API Integration - Calls to Smokeball API endpoints to access firm data
- Webhook Subscriptions (optional) - Real-time notifications for events
- Authentication Flow - OAuth 2.0 implementation for secure access
Integration Patterns
Apps can integrate with Smokeball in different ways:- API-only apps - Cloud-based applications that interact via REST API
- Webhook-driven apps - Event-driven integrations that respond to real-time notifications
- Plugin apps (coming soon) - Native integrations using the Smokeball Client SDK
- Hybrid apps - Combination of API, webhooks, and SDK
App Types
Smokeball supports two types of apps, each designed for different use cases:Public Apps
Public apps are designed to be used by multiple Smokeball firms:- Use Case: SaaS products, marketplace integrations, third-party services
- Distribution: Available through the Smokeball App Marketplace
- Credentials: Single set of client credentials for all firms
- Authentication: Authorization Code Grant
- Ideal For: Software vendors, integration partners, marketplace apps
- Document automation platforms
- Client portal solutions
- Legal practice management integrations
- Billing and accounting integrations
Private Apps
Private apps are designed for single-firm use only:- Use Case: Custom internal integrations, firm-specific workflows
- Distribution: Private to your firm only
- Credentials: Unique credentials for your firm
- Authentication: Client Credentials Grant or Authorization Code Grant (OAuth 2.0)
- Ideal For: Individual firms, custom internal tools, proof-of-concept projects
- Custom reporting dashboards
- Internal automation workflows
- Legacy system integrations
- Data migration tools
Authorization and Access
All apps use OAuth 2.0 to securely access firm data through the Smokeball API:How Authorization Works
- App Registration - Create an app in the Developer Console
- Credentials - Receive client ID and client secret
- Firm Authorization - Firms explicitly authorize your app
- Access Tokens - Obtain scoped access tokens via OAuth 2.0
- API Calls - Use tokens to make authenticated API requests
Security Features
- Scoped Permissions: Apps request only the data they need
- Secure Authentication: OAuth 2.0 industry standard
- Token Expiration: Access tokens expire and must be refreshed
- Audit Trail: All API access is logged
App Lifecycle
1. Development
- Create app in Developer Console
- Configure authentication settings
- Set up development environment
- Build and test in staging environment
2. Testing
- Test OAuth flow
- Verify API integrations
- Test webhook handling
- Validate error handling
3. Deployment
- Private Apps: Deploy and use immediately
- Public Apps: Submit for review, then publish to marketplace
4. Maintenance
- Monitor API usage
- Handle version updates
- Respond to firm support requests
- Track error rates and performance
Managing Your Apps
Use the Developer Console to:- Create and configure apps
- Manage API credentials
- Set OAuth redirect URIs
- Configure webhook subscriptions
- Monitor app usage and performance
- View error logs and analytics
Next Steps
Ready to build your app? Here’s how to get started:- Creating an App - Step-by-step guide to creating your first app
- Building Your App - Development best practices and patterns
- API Documentation - Complete API reference
- SDK Documentation - Client SDK guides (for plugin apps)
Need help deciding between Public and Private apps? Choose Private for single-firm use and simpler setup. Choose Public to distribute to multiple firms via the marketplace.