API Changelog
Clio Payments API Endpoints
Release Date: 2024-05-16
Summary of Changes
New Clio Payments Endpoints for third-party integrations released
These endpoints will allow users to create payment links and use them to collect payments from clients.
The endpoints require access permissions to "Clio Payments" and "Accounting" to be able to fully utilize the new endpoints.
For full descriptions of each endpoint, see the API Reference page. We also provide a development guide on how to get started with the Clio Payments endpoints.
| Endpoint | HTTP Methods |
|---|---|
| clio_payments/links | GET/POST |
| clio_payments/payments | GET |
Personal Injury API Endpoints
Release Date: 2024-01-30
Summary of Changes
New Personal Injury Endpoints for third-party integrations released
These endpoints will allow users to interact and create entities for the Personal Injury add-on.
The endpoints require access permissions to "Personal Injury", and access permissions to "Matters", "Documents", and "Contacts" to be able to fully utilize the new endpoints.
For full descriptions of each endpoint, see the API Reference page. We also provide a development guide on how to get started with the Personal Injury endpoints.
| Endpoint | HTTP Methods |
|---|---|
| medical_records_details | GET/POST/GET/PATCH/DELETE |
| medical_records | PATCH/DELETE |
| medical_bills | PATCH/DELETE |
| damages | GET/POST/GET/PATCH/DELETE |
4.0.9
Release Date: 2022-11-21
Promotion to default version: 2023-02-21
Because this change involves firm security settings, it will be backfilled to previous API versions on February 21, 2023.
Summary of Changes
Users may only see a subset of the contacts depending on the new “Contacts visibility” setting
A new permission, Contacts Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into contacts. Previously, any user could view all the contacts within the firm. If the permission is set to “Restricted”, the user can only see the contacts that are created by the user or belong to the user’s matters. This includes:
- Client of the matters that the user can see
- Related contacts to the matters that the user can see
- Custom fields of type contact that belong to the matters that the user can see
- Co-counsel contacts of the matter that the user can see
This change impacts all the endpoints that return Contact records, either directly or as a nested record. If the user requests a contact that they don’t have visibility into, they may receive a redacted version of the contact. Note that if Contacts Visibility is set to “all”, the behavior of the following endpoints will stay unchanged.
| Endpoint | HTTP Method | Object | Fields | Description |
|---|---|---|---|---|
| contacts | GET | contact | all | User will receive a list of contacts that they are allowed to see |
| activities | GET | vendor (nested property) | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with asterisks. A “redacted: true” field will be added to the object. |
| activities/{activity_id} | POST/PATCH | vendor (nested property) | id | Adding a restricted contact to an activity via the vendor field will return a 422 if the contact is not visible for the user. |
| allocations | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| bank_transactions | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| bank_transfers | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| bills | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| billable_matters | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| calendar_entries | GET | attendees | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| calendar_entries | POST/PATCH | attendees | id | Adding a restricted contact to a calendar entry via the attendees field will return a 422 if the contact is not visible for the user. |
| communications | GET | senders, receivers | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| communications | POST/PATCH | senders, receivers | id | Will return 404 error if any senders or receivers are not visible |
| contacts/{contact_id} | GET | company, related_contacts, custom_field_values {contact} | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| conversations | GET | memberships{member} | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| conversation_messages | GET | sender, receivers | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| conversation_messages | POST | sender, receivers | all | Adding a restricted contact to a conversation message via the sender or receivers field will return a 422 if the contact is not visible for the user. |
| credit_memos | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| documents | GET | contact, access_grants | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| folders | GET | contact, access_grants | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| matters | GET | client, custom_field_values {contact} | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| matters/{matter_id}/client | GET | client, company | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| matters/{matter_id}/contacts | GET | contact | all | User will receive a list of contacts that they are allowed to see |
| notes | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| outstanding_client_balances | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| relationships | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| tasks | GET | assignee | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| tasks | POST/PATCH | assignee | id | Adding a restricted contact to a task via the assignee field will return a 422 if the contact is not visible for the user. |
| trust_line_items | GET | client | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
| users | GET | contact | all | Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
4.0.8
Release Date: 2022-03-11
Promotion to default version: 2022-08-12
Because this change involved firm security settings, it was backfilled to previous API versions on August 12, 2022.
Summary of Changes
Activity hours may be redacted based on new “Activity Hours Visibility” setting
A new permission, Activity Hour Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into other users’ time entry hours. If the permission is set to “Own and when acting as a matter’s Responsible Attorney”, the user may receive redacted values for time-related fields or be unable to update those fields.
This change impacts all endpoints that return Activity records of type TimeEntry, either directly (the activities endpoint) or as a nested object. The specific endpoints and fields affected are listed in the table below, along with a description of what the behaviour will be if the new permission is enabled for the requesting user.
| Endpoint | HTTP Method | Object | Fields | Description |
|---|---|---|---|---|
| activities | GET | activity (type: TimeEntry) |
| The listed fields will be null and a quantity_redacted: true field will be added to the response body. |
| activities | PATCH | activity (type: TimeEntry) |
| If a user attempts to update any of the listed fields on an activity that has a quantity field redacted for them, they will receive a 403 error in response. |
| calendar_entries | GET | time_entries (nested property) | same as activities GET requests above | same as activities GET requests above |
| communications | GET | time_entries (nested property) | same as activities GET requests above | same as activities GET behavior above |
| notes | GET | time_entries (nested property) | same as activities GET requests above | same as activities GET behavior above |
| tasks | GET | time_entries (nested property) | same as activities GET requests above | same as activities GET behavior above |
Applications should ensure that use of these fields can handle potential null values as well as numbers. To test the redacted API field behavior, you must enable the Activity Hour Visibility setting for a firm user. This can be done in the user management settings when signed in as a firm administrator.
4.0.7
Release Date: 2021-07-06
Promotion to default version: 2021-07-14
Summary of Changes
- Change secure link format
4.0.6
Release Date: 2021-01-27
Promotion to default version: n/a
Note: This change was backfilled to previous API versions on 2021-03-03
Summary of Changes
- Introduce new DocumentVersions endpoint to retrieve all versions of a Document.
- Change
document_versionsfield on Documents to only return latest version of a document.
4.0.5
Release Date: 2017-09-07
Promotion to default version: 2017-09-07
Summary of Changes
- Removed:
matter_balancesfield from Bills - Standardize enum values for
statusandstatefields across all endpoints - Added:
documentnested resource on DocumentAutomation records - Redact
priceandtotalfields of Activity records based on a user's Billing Rate Visibility setting
4.0.4
Release Date: 2017-08-04
Promotion to default version: 2017-08-04
Summary of Changes
- Update
quantityfield on Activity records to return values in seconds rather than hours.