Connected apps are how you authorise external systems and AI tools to access your Legatics environment. Each connected app represents a single integration (such as a reporting tool, a practice management system, or an AI assistant) and defines exactly what that integration is allowed to do.
Note: Connected apps are managed by system admins from the Administration System.
Overview
What a connected app is
A connected app is a named, scoped authorisation that allows an external system to authenticate with Legatics using OAuth 2.0. When you create a connected app, you define:
What it is: a name and description that identifies the integration
What it can access: the scopes (permissions) granted to the app
The connected app generates the credentials (a client ID and client secret) that the external system uses to request access tokens. Those tokens allow the system to make authenticated requests to the Legatics API or MCP server.
How it fits into the access model
Legatics uses a two-tier model for API and MCP access:
Role | Responsibility |
System admin | Creates and manages connected apps. Defines what each app can access. |
Member | Authenticates through a connected app to grant it access to their data. |
This means an external system can only access data that a Member has explicitly authorised. A connected app cannot access data beyond the scopes assigned to it, and cannot access data from Members who haven't authenticated through it.
The difference between the API and MCP
The API and MCP server are two different ways of accessing Legatics data. Both require a connected app, but they serve different purposes and different audiences
API: the external system calls Legatics endpoints directly, using the access token to read or write data
MCP: an AI assistant uses the connected app credentials to query Legatics data in real time during a conversation
In both cases, the connected app is created and managed in the same way.
Scopes
Scopes define what data a connected app can access. When you create a connected app, you select the scopes appropriate for the integration.
Scopes follow a least-privilege model: you should only grant the scopes the integration actually needs. You can update scopes on an existing connected app at any time.
Note: A full list of available scopes and their descriptions is available in the Administration System when creating or editing a connected app.
Managing connected apps
You can create, edit, disable, and delete connected apps from Integrations > Connected apps in the Administration System.
Read Create and manage connected apps for full instructions.


