LawVu allows you to create and manage custom OAuth clients for securely integrating external applications with the platform. This guide walks through each step of creating a new OAuth client, assigning the required permissions, and managing its configuration.
Creating and managing OAuth clients requires the Manage Integrations permission. Without this permission, the Custom Integrations option will not appear.
Contact your LawVu organization administrator to enable the Manage Integrations permission for your account. See the Managing roles and permissions help article for instructions.
After the permission has been granted, you may need to refresh the page for the change to take effect.
- Select Integrations from the side panel.
- Select Custom Integrations.
Select Create Integration to open the setup form. You will be prompted to provide the following details:
| Field | Description |
|---|---|
| Integration name | A descriptive, friendly name for your integration. This name is displayed on the OAuth consent screen when users authorize access. |
| Redirect URL | The HTTPS URL in your application that will receive OAuth callback responses. See Redirect URIs for requirements. |
| Contact details | Contact information for the individual or team responsible for the integration. LawVu uses these details to communicate planned outages or breaking changes for the API. |
| Terms acceptance | You must agree to the LawVu Developer Platform terms to create an integration. |
After the integration is created, LawVu displays key identifiers and URLs. You should record these immediately.
The Client Secret is shown only once at creation time. Copy and store it in a secure location (such as a secrets manager or vault) before leaving this page. If lost, you will need to generate a new secret.
| Value | Description |
|---|---|
| Client ID | The unique identifier assigned to your integration. You will use this in all OAuth requests. |
| Client Secret | A secret string used during authentication. Store this securely - it cannot be retrieved after you leave the page. |
| Client Secret Expiry | The validity period for the displayed secret. Expired secrets will be rejected during authentication. You can generate a new secret before expiry from the integration management page. |
| Authorize URL | The frontend web URL used to initiate the OAuth authorization flow and obtain an authorization code. |
| Token URL | The endpoint used by your application to exchange authorization codes or refresh tokens for access tokens. |
With your Client ID and Secret in hand, follow the Authentication guide to complete the OAuth authorization code flow and start making API calls.
After creation, integrations can be updated from the Integrations page. Available actions include:
- Editing the integration name and contact details
- Adding or removing redirect URLs
- Creating new client secrets or revoking existing ones
OAuth clients created in a sandbox environment cannot be migrated to production. Sandbox integrations - including client IDs, client secrets, redirect URLs, and configuration - will not transfer automatically. Because these environments operate independently, all OAuth clients must be recreated manually in production.
When you are ready to move to production, plan to:
- Recreate the OAuth client in the production Integrations area.
- Generate and securely store a new client secret.
- Update your application configuration with the new Client ID, Client Secret, Authorize URL, and Token URL.