Connecting third-party apps

What ClientCasa checks — and what it doesn’t

ClientCasa lets independent developers build apps that connect to your account through our API. We do not review, audit, or endorse these apps. The one thing we verify is mechanical: that the developer controls the DNS for the domain shown on the consent screen. When you see “Domain confirmed: example.com,” it means exactly that — the developer proved control of that domain’s DNS, nothing more. It is not a quality, security, or trust rating.

Before you click “Allow”

• Read the permissions. The consent screen lists exactly what the app can read or change. If an app asks for more than it needs, that’s a reason to pause.
• Check who built it. Look at the confirmed domain and the developer’s privacy policy and terms (linked on the consent screen). Those documents are the developer’s, not ours.
• Only connect apps you trust. Connecting an app gives it ongoing access to your data under the scopes shown — until you disconnect it.

Staying in control

• You can review and disconnect any connected app at any time in Settings → Connected apps. Disconnecting immediately revokes the app’s access.
• If an app misuses your data, doesn’t work, or looks unsafe, use Report this app on the Connected apps page. Reports help us spot abuse.

What we do about abuse

We can’t guarantee an app’s behavior, but we can act on it. If an app violates our Developer App Agreement or is used abusively, we may disable it — which immediately blocks it from obtaining new access. We act for cause, based on reports and signals.

Building an integration yourself? See the developer platform.