PlansBuildersFor ContractorsFor HomeownersFor BuildersPricingHelpStart Free Trial

Developer Portal Overview

Self-serve signup, OAuth app management, and API credentials for BlueClerk integrations

On this page

OverviewGetting StartedManaging OAuth AppsRotating SecretsAPI Usage TrackingPassword ResetSecurity NotesQuestions

Overview

The BlueClerk Developer Portal lets you build integrations with the BlueClerk Public API. Sign up with email verification, create OAuth applications, manage client credentials, rotate secrets, and track API usage - all self-serve without contacting support.

Getting Started

Creating a Developer Account

  1. Visit /developers on BlueClerk
  2. Click "Sign Up" to create your developer account
  3. Enter your email and password
  4. Check your email for a verification link
  5. Click the verification link to activate your account
  6. Log in at /developers/login

Email Verification

Your email must be verified before you can create OAuth apps:

  • Check your inbox after signing up
  • Click the verification link in the email
  • Link expires in 24 hours - request a new one if needed
  • Resend verification from the dashboard if you didn't receive it

Managing OAuth Apps

Creating an OAuth App

  1. Log in to your developer account
  2. Go to Dashboard at /developers/dashboard
  3. Click "Create App"
  4. Fill in app details:
    • Name: Your integration name (max 100 characters)
    • Description: What your app does (optional)
    • Redirect URIs: Where users return after OAuth (up to 5)
    • Scopes: API permissions your app needs (at least one required)
    • Contact Email: Support email for your app
    • Logo URL: Optional app logo (must be HTTPS)
  5. Click "Create"
  6. Save your client secret - it's shown only once

Client Credentials

After creating an app, you'll receive:

  • client_id: Public identifier for your app
  • client_secret: Secret key for token exchange - save it immediately

Important: The client secret is shown only once on the creation confirmation page. Store it securely in a password manager or secret vault. If you lose it, you'll need to rotate the secret (which invalidates the old one).

Managing Apps

From your dashboard, you can:

  • View all your apps with status and creation date
  • Click any app to see details, credentials, and usage stats
  • Edit app details - name, description, redirect URIs, scopes, contact email, logo
  • Rotate client secret - generates new secret, invalidates old one after 30 days
  • Revoke app - disables all tokens, prevents new authorizations

App Limits

  • 5 active apps maximum per developer account
  • Revoked apps don't count toward the limit
  • Abuse protection: 3 signups per email domain per hour

Rotating Secrets

If your client secret is compromised or you need to rotate it for security:

  1. Open your app from the dashboard
  2. Click "Rotate Secret"
  3. New secret is generated and shown once
  4. Old secret works for 30 days - giving you time to update your app
  5. Update your integration with the new secret before the grace period ends

API Usage Tracking

Each app detail page shows:

  • Total requests made with this app's credentials
  • Request history for the last 30 days
  • Daily breakdown of API calls

Password Reset

If you forget your password:

  1. Go to /developers/login
  2. Click "Forgot password?"
  3. Enter your email address
  4. Check your email for a reset link
  5. Click the link and enter your new password
  6. Link expires in 1 hour

Security Notes

  • Passwords are hashed using bcrypt before storage
  • JWT sessions with 7-day expiration
  • Separate from contractor auth - developer accounts don't access contractor data
  • Email verification required before creating apps
  • Rate limiting on signup to prevent abuse

Questions

Q: Can I use the same email for a developer account and a contractor account? A: Yes, developer accounts are separate from contractor accounts. You can use the same email for both.

Q: What happens to my OAuth apps if I don't verify my email? A: You can't create apps until your email is verified. The dashboard will show a verification prompt.

Q: How long do client secrets last? A: Client secrets don't expire unless you rotate them. After rotation, the old secret works for 30 days.

Q: What happens if I hit the 5-app limit? A: Revoke an app you're not using to free up a slot. Revoked apps don't count toward the limit.

Q: Can I change my redirect URIs after creating an app? A: Yes, edit your app and update the redirect URIs anytime. Changes take effect immediately.

Was this helpful?
Contact Support →