Table of Contents
4.0.8
Release Date: 2022-03-11
Promotion to default version: 2022-08-12
Note: Because this change involves firm security settings, it will be backfilled to previous API versions on August 12, 2022.
Summary of Changes
Activity hours may be redacted based on new “Activity Hours Visibility” setting
A new permission, Activity Hour Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into other users’ time entry hours. If the permission is set to “Own and when acting as a matter’s Responsible Attorney”, the user may receive redacted values for time-related fields or be unable to update those fields.
This change impacts all endpoints that return Activity
records of type TimeEntry
, either directly (the activities
endpoint) or as a nested object. The specific endpoints and fields affected are listed in the table below, along with a description of what the behaviour will be if the new permission is enabled for the requesting user.
Endpoint | HTTP Method | Object | Fields | Description |
activities | GET | activity (type: TimeEntry) |
|
The listed fields will be null and a quantity_redacted: true field will be added to the response body. |
activities | PATCH | activity (type: TimeEntry) |
|
If a user attempts to update any of the listed fields on an activity that has a quantity field redacted for them, they will receive a 403 error in response. |
calendar_entries | GET | time_entries (nested property) |
same as activities GET requests above |
same as activities GET requests above |
communications | GET | time_entries (nested property) |
same as activities GET requests above |
same as activities GET behavior above |
notes |
GET | time_entries (nested property) |
same as activities GET requests above |
same as activities GET behavior above |
tasks |
GET | time_entries (nested property) | same as activities GET requests above | same as activities GET behavior above |
Applications should ensure that use of these fields can handle potential null values as well as numbers. To test the redacted API field behavior, you must enable the Activity Hour Visibility setting for a firm user. This can be done in the user management settings when signed in as a firm administrator.