API Changelog
Deprecation of currency changing features
Summary Of Coming Changes
Coming: 2025-06-30
We will be deprecating two actions in the API, detailed below. These changes are necessary to support the optional multi-currency billing feature in Clio Manage, which enforces proper currency handling rules.
- The currency of a bill cannot be edited.
- The currency of a bank account cannot be edited once transactions are recorded on the bank account.
Requests attempting to edit the currency of either a bill or a bank account with existing transactions will return a 422 error. This change will apply to all versions of the API.
4.0.11
Release Date: 2025-03-31
Summary Of Changes
New endpoints for retrieving all phone numbers and email addresses associated with Contacts
Two new endpoints are now available in the API: Email Addresses and Phone Numbers. These endpoints allow retrieving all email addresses or phone numbers associated with a Contact.
Phone numbers and email addresses can still be retrieved on the Contacts endpoint directly using the phone_numbers and email_addresses fields, but the API will now only return a maximum of 200 associated phone numbers and email addresses on a Contact object. If a contact has more than 200 associated phone numbers or email addresses, the new endpoints should be used to retrieve those records.
Rich Text Editor For Notes and Tasks Endpoints
Release Date: 2025-03-14
Summary of Changes
Notes and Tasks now support rich text formatting
The Clio API now supports a rich text editor for the notes detail field and the tasks description field. This allows users to format their notes and tasks with various styles, including bold, italics, lists, and more.
This feature enhances the user experience by providing a more flexible and visually appealing way to manage notes and tasks. This is supported on GET, POST and PATCH requests for the notes and tasks endpoints.
To use the rich text editor, users need to include the detail_text_type or description_text_type field in their requests. The value of these fields should be set to rich_text to enable the rich text editor. By default, the value is set to plain_text, which means that the text will be treated as plain text without any formatting.
The rich text editor is available for the following endpoints and fields:
| Endpoint | Fields | Field Flag |
|---|---|---|
| notes | detail | detail_text_type |
| tasks | description | description_text_type |
The rich text editor supports the following tags and attributes:
- Tags:
<a>,<b>,<br>,<div>,<em>,<i><li>,<ol>,<p>,<s>,<strong>,<u>and<ul> - Attributes:
href,rel,type,targetandstyle.
This is also noted in the API Reference page for notes and tasks.
4.0.10
Release Date: 2024-07-26
Summary Of Changes
Fixed validation of type query parameter on Notes endpoint
The Notes endpoint has a required type parameter to specify if the query should retrieve Matter Notes or Contact Notes. However, a validation error within the API mistakenly allowed an array of values to be passed into the parameter. As of v4.0.10, if the parameter value isn't matter or contact, a 422 error will be returned.
Clio Payments API Endpoints
Release Date: 2024-05-16
Summary of Changes
New Clio Payments Endpoints for third-party integrations released
These endpoints will allow users to create payment links and use them to collect payments from clients.
The endpoints require access permissions to "Clio Payments" and "Accounting" to be able to fully utilize the new endpoints.
For full descriptions of each endpoint, see the API Reference page. We also provide a development guide on how to get started with the Clio Payments endpoints.
| Endpoint | HTTP Methods |
|---|---|
| clio_payments/links | GET/POST |
| clio_payments/payments | GET |
Personal Injury API Endpoints
Release Date: 2024-01-30
Summary of Changes
New Personal Injury Endpoints for third-party integrations released
These endpoints will allow users to interact and create entities for the Personal Injury add-on.
The endpoints require access permissions to "Personal Injury", and access permissions to "Matters", "Documents", and "Contacts" to be able to fully utilize the new endpoints.
For full descriptions of each endpoint, see the API Reference page. We also provide a development guide on how to get started with the Personal Injury endpoints.
| Endpoint | HTTP Methods |
|---|---|
| medical_records_details | GET/POST/GET/PATCH/DELETE |
| medical_records | PATCH/DELETE |
| medical_bills | PATCH/DELETE |
| damages | GET/POST/GET/PATCH/DELETE |
4.0.9
Release Date: 2022-11-21
Promotion to default version: 2023-02-21
Because this change involves firm security settings, it will be backfilled to previous API versions on February 21, 2023.
Summary of Changes
Users may only see a subset of the contacts depending on the new “Contacts visibility” setting
A new permission, Contacts Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into contacts. Previously, any user could view all the contacts within the firm. If the permission is set to “Restricted”, the user can only see the contacts that are created by the user or belong to the user’s matters. This includes:
- Client of the matters that the user can see
- Related contacts to the matters that the user can see
- Custom fields of type contact that belong to the matters that the user can see
- Co-counsel contacts of the matter that the user can see
This change impacts all the endpoints that return Contact records, either directly or as a nested record. If the user requests a contact that they don’t have visibility into, they may receive a redacted version of the contact. Note that if Contacts Visibility is set to “all”, the behavior of the following endpoints will stay unchanged.
| Endpoint | HTTP Method | Object | Fields | Description |
|---|---|---|---|---|
| contacts | GET | contact | all | User will receive a list of contacts that they are allowed to see |
| activities | GET | vendor (nested property) | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with asterisks. A “redacted: true” field will be added to the object. |
| activities/{activity_id} | POST/PATCH | vendor (nested property) | id | Adding a restricted contact to an activity via the vendor field will return a 422 if the contact is not visible for the user. |
| allocations | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| bank_transactions | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| bank_transfers | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| bills | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| billable_matters | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| calendar_entries | GET | attendees | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| calendar_entries | POST/PATCH | attendees | id | Adding a restricted contact to a calendar entry via the attendees field will return a 422 if the contact is not visible for the user. |
| communications | GET | senders, receivers | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| communications | POST/PATCH | senders, receivers | id | Will return 404 error if any senders or receivers are not visible |
| contacts/{contact_id} | GET | company, related_contacts, custom_field_values {contact} | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| conversations | GET | memberships{member} | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| conversation_messages | GET | sender, receivers | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| conversation_messages | POST | sender, receivers | all | Adding a restricted contact to a conversation message via the sender or receivers field will return a 422 if the contact is not visible for the user. |
| credit_memos | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| documents | GET | contact, access_grants | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| folders | GET | contact, access_grants | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| matters | GET | client, custom_field_values {contact} | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| matters/{matter_id}/client | GET | client, company | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| matters/{matter_id}/contacts | GET | contact | all | User will receive a list of contacts that they are allowed to see |
| notes | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| outstanding_client_balances | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| relationships | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| tasks | GET | assignee | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| tasks | POST/PATCH | assignee | id | Adding a restricted contact to a task via the assignee field will return a 422 if the contact is not visible for the user. |
| trust_line_items | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| users | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
4.0.8
Release Date: 2022-03-11
Promotion to default version: 2022-08-12
Because this change involved firm security settings, it was backfilled to previous API versions on August 12, 2022.
Summary of Changes
Activity hours may be redacted based on new “Activity Hours Visibility” setting
A new permission, Activity Hour Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into other users’ time entry hours. If the permission is set to “Own and when acting as a matter’s Responsible Attorney”, the user may receive redacted values for time-related fields or be unable to update those fields.
This change impacts all endpoints that return Activity records of type TimeEntry, either directly (the activities endpoint) or as a nested object. The specific endpoints and fields affected are listed in the table below, along with a description of what the behaviour will be if the new permission is enabled for the requesting user.
| Endpoint | HTTP Method | Object | Fields | Description |
|---|---|---|---|---|
| activities | GET | activity (type: TimeEntry) |
| The listed fields will be null and a quantity_redacted: true field will be added to the response body. |
| activities | PATCH | activity (type: TimeEntry) |
| If a user attempts to update any of the listed fields on an activity that has a quantity field redacted for them, they will receive a 403 error in response. |
| calendar_entries | GET | time_entries (nested property) | same as activities GET requests above | same as activities GET requests above |
| communications | GET | time_entries (nested property) | same as activities GET requests above | same as activities GET behavior above |
| notes | GET | time_entries (nested property) | same as activities GET requests above | same as activities GET behavior above |
| tasks | GET | time_entries (nested property) | same as activities GET requests above | same as activities GET behavior above |
Applications should ensure that use of these fields can handle potential null values as well as numbers. To test the redacted API field behavior, you must enable the Activity Hour Visibility setting for a firm user. This can be done in the user management settings when signed in as a firm administrator.
4.0.7
Release Date: 2021-07-06
Promotion to default version: 2021-07-14
Summary of Changes
- Change secure link format
4.0.6
Release Date: 2021-01-27
Promotion to default version: n/a
Note: This change was backfilled to previous API versions on 2021-03-03
Summary of Changes
- Introduce new DocumentVersions endpoint to retrieve all versions of a Document.
- Change
document_versionsfield on Documents to only return latest version of a document.
4.0.5
Release Date: 2017-09-07
Promotion to default version: 2017-09-07
Summary of Changes
- Removed:
matter_balancesfield from Bills - Standardize enum values for
statusandstatefields across all endpoints - Added:
documentnested resource on DocumentAutomation records - Redact
priceandtotalfields of Activity records based on a user's Billing Rate Visibility setting
4.0.4
Release Date: 2017-08-04
Promotion to default version: 2017-08-04
Summary of Changes
- Update
quantityfield on Activity records to return values in seconds rather than hours.