Skip to content
  • There are no suggestions because the search field is empty.

LeanLaw API: Getting Started with Developer Access

How to generate and manage API keys in LeanLaw, what the public API supports, and where to find the developer portal for authentication details, endpoint reference, and examples.

LeanLaw's public REST API lets developers and technical administrators connect LeanLaw to other systems — automating data flows, building custom integrations, and accessing firm data programmatically. This article covers how to generate API keys and where to find the full developer documentation.

What the LeanLaw API Supports

LeanLaw's API is a REST API that supports reading and writing firm data programmatically. Supported resources include:

  • Clients & Matters: Create, read, and update client and matter records.
  • Time Entries: Create and read time entries.
  • Expenses: Create and read expense records.
  • Invoices: Read invoice data.
  • Users: Read user records.
  • Codes: Read LEDES activity, task, and expense codes.

📋 Developer portal: For the most up-to-date endpoint reference, authentication details, supported resources, rate limits, and code examples, use LeanLaw's developer portal. The developer portal is the authoritative source — this article covers only access setup.

Generating an API Key

API keys are managed in LeanLaw's firm settings. Only users with Firm Setup access can generate and manage API keys.

  1. Click the gear icon ⚙️ to open Settings.
  2. In the left-hand menu, find the API Keys section (under Integrations or Developer Settings).
  3. Click Generate New API Key (or the equivalent button).
  4. Give the key a descriptive name (e.g., 'Zapier Integration' or 'Custom Dashboard').
  5. Copy the key immediately — it will only be shown once. Store it securely (e.g., in a password manager or your deployment's secret manager).

⚠️ API keys are sensitive credentials: Treat your API key like a password. Anyone with the key can access your firm's LeanLaw data within the key's permission scope. Do not share keys in plain text, commit them to source code repositories, or include them in client-facing applications.

Using an API Key

Include your API key as an authentication header in API requests. The exact format is documented in the developer portal. General pattern:

Authorization: Bearer YOUR_API_KEY

All requests must be made over HTTPS. Requests without a valid API key or over HTTP will be rejected.

Managing API Keys

From the API Keys settings page, you can:

  • View active keys: See all keys currently issued for your firm, their names, and when they were created.
  • Revoke a key: Delete a key to immediately invalidate it. Any integrations using the revoked key will stop working until a new key is issued.

💡 Rotate keys periodically: Best practice is to rotate API keys regularly — especially if a key may have been exposed or if a team member with API access leaves the firm. Revoking the old key and issuing a new one takes minutes.

Getting Help with the API

For questions about what's possible with the API, recommended integration approaches, or troubleshooting authentication, contact LeanLaw's Solution Engineering team at support@myleanlaw.com.