Skip to main content

Connected apps explained

Learn what connected apps are and how they control access to the Legatics API and MCP server

Connected apps are how you authorise external systems and AI tools to access your Legatics environment. Each connected app represents a single integration (such as a reporting tool, a practice management system, or an AI assistant) and defines exactly what that integration is allowed to do.

Note: Connected apps are managed by system admins from the Administration System.


Overview

What a connected app is

A connected app is a named, scoped authorisation that allows an external system to authenticate with Legatics using OAuth 2.0. When you create a connected app, you define:

  • What it is: a name and description that identifies the integration

  • What it can access: the scopes (permissions) granted to the app

The connected app generates the credentials (a client ID and client secret) that the external system uses to request access tokens. Those tokens allow the system to make authenticated requests to the Legatics API or MCP server.

How it fits into the access model

Legatics uses a two-tier model for API and MCP access:

Role

Responsibility

System admin

Creates and manages connected apps. Defines what each app can access.

Member

Authenticates through a connected app to grant it access to their data.

This means an external system can only access data that a Member has explicitly authorised. A connected app cannot access data beyond the scopes assigned to it, and cannot access data from Members who haven't authenticated through it.

The difference between the API and MCP

The API and MCP server are two different ways of accessing Legatics data. Both require a connected app, but they serve different purposes and different audiences

  • API: the external system calls Legatics endpoints directly, using the access token to read or write data

  • MCP: an AI assistant uses the connected app credentials to query Legatics data in real time during a conversation

In both cases, the connected app is created and managed in the same way.


Scopes

Scopes define what data a connected app can access. When you create a connected app, you select the scopes appropriate for the integration.

Scopes follow a least-privilege model: you should only grant the scopes the integration actually needs. You can update scopes on an existing connected app at any time.

Note: A full list of available scopes and their descriptions is available in the Administration System when creating or editing a connected app.


Managing connected apps

You can create, edit, disable, and delete connected apps from Integrations > Connected apps in the Administration System.

Read Create and manage connected apps for full instructions.

Did this answer your question?