Skip to main content

API Changelog

Clio Payments API Endpoints

Release Details

Release Date: 2024-05-16

Summary of Changes

New Clio Payments Endpoints for third-party integrations released

These endpoints will allow users to create payment links and use them to collect payments from clients.

The endpoints require access permissions to "Clio Payments" and "Accounting" to be able to fully utilize the new endpoints.

For full descriptions of each endpoint, see the API Reference page. We also provide a development guide on how to get started with the Clio Payments endpoints.

EndpointHTTP Methods
clio_payments/linksGET/POST
clio_payments/paymentsGET

Personal Injury API Endpoints

Release Details

Release Date: 2024-01-30

Summary of Changes

New Personal Injury Endpoints for third-party integrations released

These endpoints will allow users to interact and create entities for the Personal Injury add-on.

The endpoints require access permissions to "Personal Injury", and access permissions to "Matters", "Documents", and "Contacts" to be able to fully utilize the new endpoints.

For full descriptions of each endpoint, see the API Reference page. We also provide a development guide on how to get started with the Personal Injury endpoints.

EndpointHTTP Methods
medical_records_detailsGET/POST/GET/PATCH/DELETE
medical_recordsPATCH/DELETE
medical_billsPATCH/DELETE
damagesGET/POST/GET/PATCH/DELETE

4.0.9

Release Details

Release Date: 2022-11-21
Promotion to default version: 2023-02-21

caution

Because this change involves firm security settings, it will be backfilled to previous API versions on February 21, 2023.

Summary of Changes

Users may only see a subset of the contacts depending on the new “Contacts visibility” setting

A new permission, Contacts Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into contacts. Previously, any user could view all the contacts within the firm. If the permission is set to “Restricted”, the user can only see the contacts that are created by the user or belong to the user’s matters. This includes:

  • Client of the matters that the user can see
  • Related contacts to the matters that the user can see
  • Custom fields of type contact that belong to the matters that the user can see
  • Co-counsel contacts of the matter that the user can see

This change impacts all the endpoints that return Contact records, either directly or as a nested record. If the user requests a contact that they don’t have visibility into, they may receive a redacted version of the contact. Note that if Contacts Visibility is set to “all”, the behavior of the following endpoints will stay unchanged.

EndpointHTTP MethodObjectFieldsDescription
contactsGETcontactallUser will receive a list of contacts that they are allowed to see
activitiesGETvendor (nested property)allResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with asterisks. A “redacted: true” field will be added to the object.
activities/{activity_id}POST/PATCHvendor (nested property)idAdding a restricted contact to an activity via the vendor field will return a 422 if the contact is not visible for the user.
allocationsGETcontactallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object.
bank_transactionsGETclientallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
bank_transfersGETclientallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
billsGETclientallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
billable_mattersGETclientallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
calendar_entriesGETattendeesallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
calendar_entriesPOST/PATCHattendeesidAdding a restricted contact to a calendar entry via the attendees field will return a 422 if the contact is not visible for the user.
communicationsGETsenders, receiversallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
communicationsPOST/PATCHsenders, receiversidWill return 404 error if any senders or receivers are not visible
contacts/{contact_id}GETcompany, related_contacts, custom_field_values {contact}allResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
conversationsGETmemberships{member}allResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
conversation_messagesGETsender, receiversallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
conversation_messagesPOSTsender, receiversallAdding a restricted contact to a conversation message via the sender or receivers field will return a 422 if the contact is not visible for the user.
credit_memosGETcontactallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
documentsGETcontact, access_grantsallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
foldersGETcontact, access_grantsallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
mattersGETclient, custom_field_values {contact}allResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
matters/{matter_id}/clientGETclient, 

company
allResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
matters/{matter_id}/contactsGETcontactallUser will receive a list of contacts that they are allowed to see
notesGETcontactallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
outstanding_client_balancesGETcontactallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
relationshipsGETcontactallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
tasksGETassigneeallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
tasksPOST/PATCHassigneeidAdding a restricted contact to a task via the assignee field will return a 422 if the contact is not visible for the user.
trust_line_itemsGETclientallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.
usersGETcontactallResponse for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk.  A “redacted: true” field will be added to the object.

4.0.8

Release Details

Release Date: 2022-03-11
Promotion to default version: 2022-08-12

caution

Because this change involved firm security settings, it was backfilled to previous API versions on August 12, 2022.

Summary of Changes

Activity hours may be redacted based on new “Activity Hours Visibility” setting

A new permission, Activity Hour Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into other users’ time entry hours. If the permission is set to “Own and when acting as a matter’s Responsible Attorney”, the user may receive redacted values for time-related fields or be unable to update those fields.

This change impacts all endpoints that return Activity records of type TimeEntry, either directly (the activities endpoint) or as a nested object. The specific endpoints and fields affected are listed in the table below, along with a description of what the behaviour will be if the new permission is enabled for the requesting user.

EndpointHTTP MethodObjectFieldsDescription
activitiesGETactivity (type: TimeEntry)
  • quantity
  • rounded_quantity
  • rounded_quantity_in_hours
  • quantity_in_hours
  • total
  • non_billable_total
The listed fields will be null and a quantity_redacted: true field will be added to the response body.
activitiesPATCHactivity (type: TimeEntry)
  • quantity
  • user_id
If a user attempts to update any of the listed fields on an activity that has a quantity field redacted for them, they will receive a 403 error in response.
calendar_entriesGETtime_entries (nested property)same as activities GET requests abovesame as activities GET requests above
communicationsGETtime_entries (nested property)same as activities GET requests abovesame as activities GET behavior above
notesGETtime_entries (nested property)same as activities GET requests abovesame as activities GET behavior above
tasksGETtime_entries (nested property)same as activities GET requests abovesame as activities GET behavior above

Applications should ensure that use of these fields can handle potential null values as well as numbers. To test the redacted API field behavior, you must enable the Activity Hour Visibility setting for a firm user. This can be done in the user management settings when signed in as a firm administrator.

4.0.7

Release Details

Release Date: 2021-07-06
Promotion to default version: 2021-07-14

Summary of Changes

  • Change secure link format

4.0.6

Release Details

Release Date: 2021-01-27
Promotion to default version: n/a
Note: This change was backfilled to previous API versions on 2021-03-03

Summary of Changes

  • Introduce new DocumentVersions endpoint to retrieve all versions of a Document.
  • Change document_versions field on Documents to only return latest version of a document.

4.0.5

Release Details

Release Date: 2017-09-07
Promotion to default version: 2017-09-07

Summary of Changes

  • Removed: matter_balances field from Bills
  • Standardize enum values for status and state fields across all endpoints
  • Added: document nested resource on DocumentAutomation records
  • Redact price and total fields of Activity records based on a user's Billing Rate Visibility setting

4.0.4

Release Details

Release Date: 2017-08-04
Promotion to default version: 2017-08-04

Summary of Changes

  • Update quantity field on Activity records to return values in seconds rather than hours.