This guide will walk you through the key considerations and requirements for developing a Smokeball App.

To begin creating your App, first navigate to the Developer Console and select your target region. Then click the “New App” button to start the app creation process. This will guide you through setting up the basic configuration for your application.

Partners are currently limited to creating a single app. Please contact our Partnerships team if you need to create additional apps or delete your existing app.

App Parameters

When creating an App, you will need to specify several parameters.

App Name and Description

The App name and description help identify your app within the Developer Console and internal systems. While these are important for development and administration purposes, they are separate from your marketplace listing details which are managed through our Partnerships team.

Choose a clear, descriptive name and provide a concise description that accurately represents your app’s functionality.

App Type

Public Apps are intended to be listed in the Smokeball marketplace. These are only available to Partners.

Private Apps are intended for private usage, typically developed by firms for their own internal use.

Public Client

The Public Client option relates to how your application authenticates with Smokeball using OAuth 2.0. OAuth 2.0 is an industry-standard protocol for authorization that enables applications to obtain limited access to user accounts without handling their credentials directly.

For applications that run in less secure environments, such as:

  • Mobile applications
  • Single-page applications (SPAs)
  • Browser-based applications

These types of applications cannot securely store client secrets because their code is exposed to the end user. Instead of using client secrets for authentication, public clients use PKCE (Proof Key for Code Exchange) - an extension to the OAuth 2.0 protocol that provides additional security for these scenarios.

PKCE works by having the client generate a unique code verifier for each authorization request, making the flow more secure even without a client secret. This enhances the standard OAuth 2.0 Authorization Code flow by preventing certain types of attacks. This is particularly important for:

  • Applications where the source code is publicly accessible
  • Environments where secure storage of secrets is challenging
  • Situations where the client code could be intercepted or examined

If your application falls into any of these categories, you should enable the Public Client option. Private applications that run in secure server environments typically don’t need this option as they can safely store and use client secrets.

This setting cannot be updated later. Please contact our Partnerships team if you are unsure.

Security

The security of our customers’ data is paramount. Your App must:

  • Meet industry security standards
  • Implement recommended security best practices
  • Complete a security risk assessment before launch

User Experience

While we maintain flexibility in design, your App should:

  • Complement Smokeball’s existing functionality
  • Provide clear value to users
  • Maintain a consistent and intuitive interface
  • Follow platform UI/UX best practices

Next Steps

After creating your app, it’s time to build it!

  • Use our API to start integrating with your application. See API documentation here.
  • If you integrating to Smokeball with our Plugin architecture (coming soon), you can use the Smokeball SDK to integrate. See SDK documentation here.