Help Center/Connected apps — manage OAuth partner connections

Connected apps — manage OAuth partner connections

In brief: See and revoke third-party apps that have OAuth access to your Certivus workspace.

The Settings → Connected apps page lists every third-party app you've approved to call the Certivus API on your firm's behalf via OAuth.

This is the opposite side of API access:

PageDirectionUsed by
API accessYour code → CertivusYou issuing your own credentials to integrate with us
Connected appsPartner → CertivusA partner (e.g. Hirenza) calling our API on your firm's behalf

How a connection is created

  1. The partner app sends you to a Certivus consent screen with a Stripe-style permissions list ("Hirenza wants to read your cases").
  2. You pick which firm to grant for (if you belong to more than one).
  3. You approve.
  4. The partner receives an authorization code, exchanges it for an access token, and starts calling the API.

The grant survives you leaving the firm — it belongs to the firm, not to you personally. A new firm owner can revoke at any time from this page.

Disconnecting a partner

Press Disconnect on any row. Type the partner's name to confirm. The reason you enter is recorded in the audit log.

When you disconnect:

  • The partner's refresh token is invalidated immediately. They cannot mint new access tokens.
  • Any access token they already hold continues to work for up to 15 minutes until it expires naturally. We don't kill tokens mid-flight — that would cause partial failures on in-progress requests.
  • A connection.revoked webhook is sent to the partner's webhook URL (if configured) so they can clean up their side.

Reconnecting

Disconnection is not permanent. The partner can simply restart the Connect flow, and you'll see a fresh consent screen with whatever permissions they're asking for now (which may differ from last time — re-consent is a chance to review).

Who can disconnect

  • Firm owner and Manager roles can revoke any connection for their firm.
  • Platform admins can revoke any firm's connection from the /admin console (kill-switch in case a partner needs to be cut off platform-wide).
  • Standard members and external auditors can see the list but cannot disconnect.

Audit trail

Every approve/disconnect is recorded in the audit log (/firm/settings/audit-log) with the actor, timestamp, partner, and revoke reason. Useful when MLROs review who-had-access-to-what during the annual compliance review.

Didn't find what you needed?

Contact support