API Introduction


Tracker APIs enable access to Tracker data sets and functionality to integrate with another application.

Legal Tracker provides a RESTful API that can be accessed from external applications.

Tracker API endpoints accept JSON formatted request bodies, return JSON formatted responses, and use standard HTTP response codes, authentication and verbs.

An external application must be registered with Tracker before it can use the APIs. Connect with the Tracker Support Team or your Customer Support Manager to help register your application.

Tracker APIs use HTTPS protocol and are TLS 1.2 compliant. OAuth2 framework is used for authentication and authorization.

URI Architecture

The API reference is organized by resource type. Each resource type has one ore more data representations and one or more methods.

The general format of our API endpoint:

https://{regional-url}/legal-tracker/{resource type}-api/{version number}


To adhere to data residency requirements and provide minimal latency, Tracker APIs are provided in four different Regions: US, UK, Canada, and Australia. Each company has its data stored in only one of these regions and as a result you must connect to the correct regional Tracker endpoint.

Tracker APIs are hosted at the following regional endpoints:

Region Endpoint
United States https://api.thomsonreuters.com
United Kingdom https://api.thomsonreuters.co.uk
Canada https://api.thomsonreuters.ca
Australia https://api.thomsonreuters.com.au


All requests to Tracker APIs, including access token requests, need to be prepended with one of these regional endpoints.  For example, to access a matter for a company located in the UK issue an HTTP POST to acquire an access token and then an HTTP GET to the matters endpoint:

POST https://api.thomsonreuters.co.uk/onepass/oauth2/token

GET https://api.thomsonreuters.co.uk/legal-tracker/matters-api/v1/matters/14559

If you use an incorrect regional endpoint a 401 Unauthorized error will be returned.


The resource type represents Tracker data sets, e.g. firms, matters, invoices, etc.


The version number of the API will be updated with each major release. The current version of the API is 1.

API Permissions

During the OAuth handshake a company account is associated with each API token.

When an API call is made, the user account permissions enforced by the web interface are not taken into consideration to service that API call. The level of access to data and functionality through APIs is similar to that of a Tracker Coordinator user.

The external application is responsible for managing user access to data in a similar manner as Tracker.


Once your application is registered, you can use the client ID and client secret in the authorization flow. These keys grant access to your company data and allow you to perform any API request to Tracker.

The client ID and client secret can be retrieved from My Apps.

Request access token

POST https://api.thomsonreuters.com/onepass/oauth2/token


There is a specific client_id and client_secret for AP Data Exchange API,  and other important access details  

See Sandbox AP Data Exchange API Setup Details

client_id Required The client id created when the application was registered
client_secret Required The client secret created when the application was registered
grant_type Required Must contain the value: client_credentials



POST https://api.thomsonreuters.com/onepass/oauth2/token

Host: api.thomsonreuters.com

Content-Type: application/x-www-form-urlencoded


The response to this POST will be a JSON string containing the access token that can be used to access the API:

"refresh_token_expires_in": "0",
"api_product_list": "[Legal Tracker]",
"api_product_list_json": [
"Legal Tracker"
"organization_name": "tr-api-cloud",
"developer.email": "developer@samplecomapny.com",
"token_type": "Bearer",
"issued_at": "1572022779636",
"client_id": "og6GQAKa73nnOdBdwastuo7CVQkTwCeG",
"access_token": "0DSAOQ3jCPyW3qtABTt14z4oe3nT",
"application_name": "ea1eb73a-fb08-463b-8c8f-948b19254daf",
"scope": "",
"expires_in": "3599",
"refresh_count": "0",
"status": "approved"

Sandbox access

Tracker API sandbox can be accessed as following:

See Sandbox AP Data Exchange API Setup Details for details specific to the AP Data Exchange API

Tracker user interface can be accessed here: https://sandboxtracker.serengetilaw.com

Use company username and lion as password to log in.