This article is an introduction to our public API, with a focus on what the API key does. For a guide on how to use the public API, click here.
How does the public API work?
A public API is a set of rules that allows two programs to securely communicate with each other to efficiently transfer data. If you wanted to copy your client and matter information into another program without an API key, you might have to individually reference and enter every line of your client and matter information by hand. By using your API key with a compatible program, your API key gives LeanLaw permission to tell the receiving program, “These entries are the clients’ names, these are their phone numbers, these entries are the matters,” etc. API keys can save you days of data entry.
How secure is an API key?
The API key is called a key because it essentially unlocks specific data from your LeanLaw to the program with which you shared the key. However, your API key is far more secure than any physical key. Your API key is a 30 digit, randomized, unique code that can be deleted by you at any time. Once you delete the key from your firm’s API page, our database will never let it be used to access your data again--even from a program that was previously allowed access. It’s a very secure way of transferring data.
Exactly what data can other services access with my API key?
Right now, the following data can be accessed with a LeanLaw API key:
All information from your Client Information page, such as names, phone numbers, and addresses.
All information from your Matter Info page, such as names, ID numbers, and practice areas.
All responsible and originating attorneys connected to matters--but not their rates.
That's all we allow our API keys to "unlock." Additionally, LeanLaw's Public API uses a query language called GraphQL; all requests are made by passing a query to our server, and these queries are read-only. This means data can be copied from your LeanLaw, but no service will ever be able to add or change anything within your LeanLaw data using your API key.
Who can see my firm's API keys?
API keys are created, and visible, only from the API page in your firm settings. The only users who create or view API keys in your firm are users with the “Access to Firm Setup” permission, which can be enabled or disabled from your firm’s Users settings page. Note that whenever you or anyone else creates an API key, you and all other users with the Access to Firm Setup permission will be able to view and use the key until it’s deleted.