Saltar al contenido principal

Integrations setup guide

Mandato connects to a handful of third-party services to unlock its full feature set — AI drafting, address autocomplete, calendar sync, payments, compliance screening and more. None of them are required: every feature has a demo/simulated fallback, so the app works out of the box. Connecting a service swaps that fallback for the real thing.

This guide walks through each integration: what it does, why you'd want it, and exactly where to find the credentials.

You normally don't need this document. In the app go to Settings → Integrations. Every service has a card showing its status and a Set up button that opens a step-by-step wizard: what the service does, a link to sign up, where to find the key, an input field and a Test connection button. The first-run checklist nudges you to connect at least three.

This file is the reference for administrators who prefer a written runbook, or who manage the deploy-time environment variables (Maps, WhatsApp) that aren't saved through the UI.

Where credentials live

Two storage models, depending on the integration:

  • Per-firm keys are entered in the wizard and stored encrypted against your tenant (Claude, Resend, Recall, Stripe, Holded, OpenSanctions). Each firm can use its own account, and the key never leaves the server.
  • Deploy-time environment variables are set once for the whole deployment in the Netlify dashboard (or .env.local for local dev), because they're build- or infrastructure-level (Google Maps, the WhatsApp number/token, OAuth client secrets). These need a redeploy to take effect.

When a per-firm key is absent, Mandato falls back to a shared system key (ANTHROPIC_API_KEY, HOLDED_API_KEY, …) if one is set, and otherwise to demo data.

Claude AI (Anthropic)

What it does — Claude powers every AI feature in Mandato: drafting client replies, analysing documents and nota simple reports, pre-call briefings, meeting summaries, fee-proposal generation and cross-sell detection.

Why you need it — Without a key these run on canned demo responses. With a key they run on the live model against your real data. You are billed by Anthropic for usage.

Setup

  1. Sign in at console.anthropic.com and open Settings → API Keys.
  2. Click Create Key, name it something like Mandato, and copy it. It starts with sk-ant-.
  3. Make sure your workspace has credit or billing configured, otherwise live calls will fail.
  4. In Mandato: Settings → Integrations → Claude AI → Set up, paste the key, press Test, then Save key.

Env fallback: ANTHROPIC_API_KEY (system-wide default).

Google Maps (Places)

What it does — Address autocomplete and standardisation on client, case and intake forms. As you type, Google suggests real addresses and fills the fields consistently.

Why you need it — Without a key, address fields are plain free text. A key turns on live suggestions so addresses are accurate and de-duplicated.

Setup

  1. Open the Google Cloud Console and create (or select) a project.

  2. Under APIs & Services → Library, enable both Maps JavaScript API and Places API.

  3. Go to Credentials → Create credentials → API key and copy the key.

  4. Restrict the key (HTTP referrers → your domain) so it can't be abused.

  5. Add it as an environment variable and redeploy:

    NEXT_PUBLIC_GOOGLE_MAPS_API_KEY=AIza...

This is a public, build-time variable (the browser loads the Maps script), so it's set in Netlify, not in the per-firm wizard. The wizard's Test button confirms the key loads the Places library once it's deployed.

Google Calendar

What it does — Pushes case deadlines, task due dates and meetings to Google Calendar, colour-coded by practice area. Events you tag in Google Calendar flow back into Mandato.

Why you need it — Your team sees legal deadlines where they already work, and nothing falls through the cracks between systems.

Setup

This is an OAuth connection — there's no key to paste.

  1. In Mandato: Settings → Integrations → Google Calendar → Set up.
  2. On the Connect step, click Connect Google Calendar.
  3. Sign in with the firm's Google account and grant calendar-events access. Mandato requests permission to manage events it creates — it does not read your personal events.

Deploy prerequisites: a Google Cloud OAuth client (GOOGLE_OAUTH_CLIENT_ID / GOOGLE_OAUTH_CLIENT_SECRET) with the Calendar scope and the Mandato redirect URI registered.

Email (Gmail, Outlook)

What it does — Connects a mailbox so lawyers send and receive client email inside Mandato, automatically matched to the right client and case. A system-inbox BCC fallback is also available — BCC or auto-forward client email to a firm address with no personal sign-in.

Why you need it — Keeps every client conversation on the case file. The system inbox is the recommended default for Ley 10/2010 record-keeping and survives staff turnover; OAuth is for firms that want native per-lawyer send/receive.

Setup (OAuth)

  1. Settings → Integrations → Email → Set up.
  2. Click Connect Gmail or Connect Outlook and authorize the mailbox.

Setup (system inbox / BCC)

  1. In the same wizard, enable Use a system inbox (BCC).
  2. Set the firm address and point your mailbox's auto-forwarding rule at the forwarding endpoint shown.

Deploy prerequisites: Google and/or Microsoft OAuth client credentials for the native-mailbox flow.

Resend

What it does — Delivers Mandato's automatic emails — client welcomes, invoice notices, appointment reminders, satisfaction surveys and marketing campaigns — from your own verified domain.

Why you need it — Without a key, sends are simulated so you can preview the flow. With a key, real email goes out with proper deliverability from your branded address.

Setup

  1. Create an account at resend.com and verify your sending domain (DNS records).
  2. Open API Keys → Create API Key. The key starts with re_.
  3. Copy it immediately — you won't be able to see it again.
  4. In Mandato: Settings → Integrations → Resend → Set up, paste the key, Test, then set the sender name and verified domain.

Env fallback: RESEND_API_KEY.

Recall AI

What it does — A Recall.ai bot joins video meetings, captures the audio and produces a transcript. Claude then writes a summary and extracts action items, which land on the case timeline.

Why you need it — Turns client calls into searchable notes and tasks automatically, with no one taking minutes.

Setup

  1. Sign up at recall.ai and open the dashboard.
  2. Go to the API Keys section and create a new key.
  3. Copy the key.
  4. In Mandato: Settings → Integrations → Recall.ai → Set up, paste the key and press Test connection.

Env fallback: RECALL_API_KEY. Firms can also set their own key here even when a system key exists.

Stripe

What it does — Lets clients pay invoices online by card or SEPA bank transfer. Payments settle directly into your own Stripe account.

Why you need it — Faster payment and automatic reconciliation. Without keys, payments run in a simulated test mode (marked paid without charging a card).

Setup (OAuth — recommended)

  1. Settings → Integrations → Stripe → Set up.
  2. Click Connect with Stripe and authorize Mandato. Funds settle into your account.

Setup (manual keys)

  1. Open the Stripe dashboard → Developers → API keys.
  2. Copy the Publishable key and the Secret key.
  3. Paste both into the wizard's manual section and Test.

Env fallback: STRIPE_SECRET_KEY (and Connect client config for OAuth).

Holded

What it does — Keeps invoicing in sync with Holded. Pull invoices into Mandato and raise new ones in Holded straight from a case. Holded stays the accounting source of truth.

Why you need it — One connection keeps billing and accounting aligned, with no double entry. Mandato deliberately does not handle FacturaE/SII/VAT — that lives in Holded.

Setup

  1. Sign in to Holded and open Settings → Developers.
  2. Under API key, generate or copy your key.
  3. In Mandato: Settings → Integrations → Holded → Set up, paste the key, Test connection, Connect, then Sync now.

Env fallback: HOLDED_API_KEY.

OpenSanctions

What it does — Screens clients against OpenSanctions: sanctions lists, PEP (politically exposed person) registers and crime watchlists, for AML / KYC compliance.

Why you need it — Spanish firms have Ley 10/2010 obligations. Live screening flags risky clients automatically and can re-screen on a schedule. Without a key it runs on demo data.

Setup

  1. Create an account at opensanctions.org.
  2. Open your account page and find (or request) your API key. It starts with os_.
  3. In Mandato: Settings → Integrations → OpenSanctions → Set up, paste the key and press Test key.
  4. Optionally enable Auto-screen new clients and a re-screening interval.

Env fallback: OPENSANCTIONS_API_KEY.

360dialog (WhatsApp)

What it does — Send and receive WhatsApp messages from the firm's WhatsApp Business number via 360dialog. Incoming messages land in the Communications inbox, attached to the client and case.

Why you need it — Clients reach the firm, not a personal phone, and every message is on the case record.

Setup

  1. Create a partner account at hub.360dialog.com and onboard your WhatsApp Business number.

  2. Generate an API key for the number in the 360dialog hub.

  3. Set the credentials in your environment and redeploy:

    WHATSAPP_API_KEY=...
    WHATSAPP_PHONE_NUMBER=+34...
    WHATSAPP_WEBHOOK_VERIFY_TOKEN=...

  4. In Mandato: Settings → Integrations → WhatsApp → Set up. On the Connect step, copy the Webhook URL and paste it into the 360dialog dashboard so incoming messages reach Mandato.

  5. Use Send a test message to confirm the connection.

The number and token are infrastructure-level, so they're env vars rather than per-firm keys. The webhook URL is firm-specific and shown in the wizard.

Spain & courts

The Integrations page also surfaces Spain-specific connections:

  • BOE / BORME monitoring — watch the official gazettes for mentions relevant to your cases. Toggle on in the Integrations page.
  • LexNET (court e-filing) and AEAT SII (VAT reporting) — coming soon. Both require a firm FNMT digital certificate. For now, track filings and VAT records manually on each case; the certificate vault lives in Settings → Digital certificate vault.

Troubleshooting

  • "Test" fails with a 401/403 — the key is wrong, revoked, or lacks billing. Re-copy it from the provider and check the account is funded.
  • Google Maps autocomplete doesn't appear — confirm both Maps JavaScript API and Places API are enabled, the key isn't restricted away from your domain, and the deploy picked up NEXT_PUBLIC_GOOGLE_MAPS_API_KEY (it needs a rebuild).
  • WhatsApp messages don't arrive — the webhook URL must be pasted into 360dialog exactly as shown, and WHATSAPP_WEBHOOK_VERIFY_TOKEN must match.
  • A connection shows "Not connected" after saving — saving a key and connecting can be two steps (e.g. Holded, Recall). Finish the Connect action in the wizard.
  • Everything runs on demo data — that's expected with no keys and no system env vars. It's safe; connect a service to go live.