Step 1: Create a Developer App
Before you can authenticate, your Lawmatics account needs Developer Settings enabled.
Contact [email protected] (or your Account Manager) to have Developer Settings turned on.
Once enabled, go to
https://app.lawmatics.com/settings/developerswhile logged in.Click New Application and provide:
Name, description, and logo — shown to users when they authorize your app
Callback URL — where users are redirected after granting access
This generates a Client ID and Client Secret for your app.
Step 2: Get a Grant Code
Send the user to Lawmatics' authorize URL:
https://app.lawmatics.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_CALLBACK_URL&response_type=code
Required query params:
Param | Description |
| Your app's ID from Developer Settings |
| Must match the callback URL set on your app |
| Always |
| Round-tripped back to your callback to preserve state |
After the user logs in and grants access, Lawmatics redirects them back to your callback URL with a short-lived grant code:
https://www.yourapp.com/callback?code={GRANT_CODE}Step 3: Exchange the Code for an Access Token
From your backend, make a POST to:
https://api.lawmatics.com/oauth/token
Required body params:
Param | Description |
| Your app's Client ID |
| Your app's Client Secret |
| Always |
| The grant code from Step 2 |
| Same callback URL used in Step 2 |
Successful response:
HTTP/1.1 200 OK { "token_type": "bearer", "access_token": "{ACCESS_TOKEN}", "created_at": 1539723267 }Step 4: Authenticate Requests
Pass the access token as a Bearer token on every request:
Authorization: Bearer {ACCESS_TOKEN}curl -H "Authorization: Bearer <access_token>" https://api.lawmatics.com/v1/prospects/74
Important Limitations
Access tokens do not expire. There is no refresh token — none is needed.
No scopes are supported. Once a user authorizes your app, it has full CRUD access to their account.
No deauthorization endpoint exists. To revoke access, the firm must remove/reset the integration from their Lawmatics settings.
Rate limit: see the Errors & Rate Limits article for current limits.
Don't Need Full OAuth?
If you're just collecting web form submissions (not building a full two-way integration), you don't need a Developer App or the OAuth flow at all — use the unauthenticated Custom Form Submit endpoint instead. See Connecting Your Webform to Lawmatics via API.
Questions? [email protected]
