Skip to main content
This guide will walk you through the key considerations and requirements for developing a Smokeball App. To begin creating your App, first navigate to the Developer Console and select your target region. Then click the “New App” button to start the app creation process. This will guide you through setting up the basic configuration for your application.
Partners are currently limited to creating a single app. Please contact our Partnerships team if you need to create additional apps or delete your existing app.

App Parameters

When creating an App, you will need to specify several parameters.

App Name

The App name and description help identify your app within the Developer Console and internal systems. While these are important for development and administration purposes, they are separate from your marketplace listing details which are managed through our Partnerships team. Choose a clear, descriptive name and provide a concise description that accurately represents your app’s functionality.

App Type

There are important considerations to make when selecting an App Type. Smokeball supports two options: Public App and Private App.

Choosing an App Type

App TypeAvailabilityTypical Use CaseRequired OAuth Flow(s)
Public AppPartners onlyListed on the Smokeball marketplace and used by multiple firmsAuthorization Code Grant
Private AppPartners & FirmsNot listed on marketplace for internal use by a single firmAuthorization Code Grant or Client Credentials Grant
Private apps using the Client Credentials Grant are not yet available to create through the Developer Console.This option is currently under development and will be released in a future update. For now, all apps created in the Developer Console must use the Authorization Code Grant flow.

What is a Public App?

Public Apps are designed to be listed and distributed in the Smokeball marketplace. They are intended for broad use across multiple firms and must meet our review and approval requirements.

What is a Private App?

Private Apps are intended for private/internal use within a single firm and are not distributed through the marketplace.
  • Private apps can be used by firms building their own integrations, or by partners developing an app specifically for a firm’s use.
  • Private apps can use either the Authorization Code Grant flow or the Client Credentials Grant for authentication.
    • The Client Credentials Grant is recommended for server-to-server apps tied to only one firm (note: this will be available in a future version).
  • This option is available to both Partners and Firms.

Public Client

The Public Client option relates to how your application authenticates with Smokeball using OAuth 2.0. OAuth 2.0 is an industry-standard protocol for authorization that enables applications to obtain limited access to user accounts without handling their credentials directly. For applications that run in less secure environments, such as:
  • Mobile applications
  • Single-page applications (SPAs)
  • Browser-based applications
These types of applications cannot securely store client secrets because their code is exposed to the end user. Instead of using client secrets for authentication, public clients use PKCE (Proof Key for Code Exchange) - an extension to the OAuth 2.0 protocol that provides additional security for these scenarios. PKCE works by having the client generate a unique code verifier for each authorization request, making the flow more secure even without a client secret. This enhances the standard OAuth 2.0 Authorization Code flow by preventing certain types of attacks. This is particularly important for:
  • Applications where the source code is publicly accessible
  • Environments where secure storage of secrets is challenging
  • Situations where the client code could be intercepted or examined
If your application falls into any of these categories, you should enable the Public Client option. Private applications that run in secure server environments typically don’t need this option as they can safely store and use client secrets.
This setting cannot be updated later. Please contact our Partnerships team if you are unsure.

Security

The security of our customers’ data is paramount. Your App must:
  • Meet industry security standards
  • Implement recommended security best practices
  • Complete a security risk assessment before launch

User Experience

While we maintain flexibility in design, your App should:
  • Complement Smokeball’s existing functionality
  • Provide clear value to users
  • Maintain a consistent and intuitive interface
  • Follow platform UI/UX best practices

Next Steps

After creating your app, it’s time to build it!
  • Use our API to start integrating with your application. See API documentation here.
  • If you integrating to Smokeball with our Plugin architecture (coming soon), you can use the Smokeball SDK to integrate. See SDK documentation here.