Table of Contents
New Endpoint: Practice Areas With Categories
Release Date: December 14, 2022
Summary Of Changes
In January 2023, Clio will release a revamped version of the Clio Manage feature for creating and managing practice areas. This new version will only be available to new US or Canadian users that sign up for Clio Manage on or after January 17, 2023. This revamped feature adds a new API endpoint called "Practice Areas with Categories".
If any request (GET/POST/PATCH/DELETE) is made to the existing Practice Areas endpoint by a user that signed up for Clio after January 17, the response will be a 307 Temporary Redirect with a Location header pointing to the new “Practice Areas with Categories” endpoint.
Likewise, the new “Practice Areas with Categories” endpoint will return a 307 response if a user that cannot access the new version of the Practice Areas feature attempts to use the new endpoint.
To ensure your integration continues to work, any call made to the “Practice Areas” endpoint should expect a possible 307 response code and make a follow-up request to the new endpoint accordingly.
4.0.9
Release Date: November 21, 2022
Promotion to default version: February 21, 2023
Note: Because this change involves firm security settings, it will be backfilled to previous API versions on February 21, 2023.
Summary of Changes
Users may only see a subset of the contacts depending on the new “Contacts visibility” setting
A new permission, Contacts Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into contacts. Previously, any user could view all the contacts within the firm. If the permission is set to “Restricted”, the user can only see the contacts that are created by the user or belong to the user’s matters. This includes:
- Clients of matters visible to the user
- Related contacts of matters visible to the user
- Custom fields of type "Contact" that belong to matters visible to the user
- Co-counsel contacts of matters visible to the user
This change impacts all endpoints that return Contact records, either directly or as a nested resource. If the user requests a contact for which that they don’t have visibility, they may receive a redacted version of the contact. Note that if Contacts Visibility is set to “all”, the behavior of the following endpoints will stay unchanged.
| Endpoint | HTTP Method | Object | Fields | Description |
|
contacts |
GET |
contact |
all |
Index requests will only return contacts the user is allowed to see. |
|
activities |
GET |
|
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with asterisks. A “redacted: true” field will be added to the object. |
|
activities/{activity_id} |
POST/PATCH |
vendor (nested property) |
id |
Adding a restricted contact to an activity via the |
|
allocations |
GET |
contact |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
bank_transactions |
GET |
client |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
bank_transfers |
GET |
client |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
bills |
GET |
client |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
billable_matters |
GET |
client |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
calendar_entries |
GET |
attendees |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
calendar_entries |
POST/PATCH |
attendees |
|
Adding a restricted contact to a calendar entry via the |
|
communications |
GET |
senders, receivers |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
communications |
POST/PATCH |
senders, receivers |
id |
Will return 404 error if any senders or receivers are not visible |
|
contacts/{contact_id} |
GET |
company, related_contacts, custom_field_values {contact} |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
conversations |
GET |
memberships{member} |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
conversation_messages |
GET |
sender, receivers |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
conversation_messages |
POST |
sender, receivers |
all |
Adding a restricted contact to a conversation message via the |
|
credit_memos |
GET |
contact |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
documents |
GET |
contact, access_grants |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
folders |
GET |
contact, access_grants |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
matters |
GET |
client, custom_field_values {contact} |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
matters/{matter_id}/client |
GET |
client, company |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
matters/{matter_id}/contacts |
GET |
contact |
all |
User will receive a list of contacts that they are allowed to see |
|
notes |
GET |
contact |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
outstanding_client_balances |
GET |
contact |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
relationships |
GET |
contact |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
tasks |
GET |
assignee |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
tasks |
POST/PATCH |
assignee |
id |
Adding a restricted contact to a task via the |
|
trust_line_items |
GET |
client |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
|
users |
GET |
contact |
all |
Response for the object will be a “redacted” contact containing only [id, name, type]. Name will be redacted with an asterisk. A “redacted: true” field will be added to the object. |
4.0.8
Release Date: March 11, 2022
Promotion to default version: August 12, 2022
Note: Because this change involves firm security settings, it will be backfilled to previous API versions on August 12, 2022.
Summary of Changes
Activity hours may be redacted based on new “Activity Hours Visibility” setting
A new permission, Activity Hour Visibility, can be set by a firm administrator in Clio Manage to limit a user’s visibility into other users’ time entry hours. If the permission is set to “Own and when acting as a matter’s Responsible Attorney”, the user may receive redacted values for time-related fields or be unable to update those fields.
This change impacts all endpoints that return Activity records of type TimeEntry, either directly (the activities endpoint) or as a nested object. The specific endpoints and fields affected are listed in the table below, along with a description of what the behaviour will be if the new permission is enabled for the requesting user.
| Endpoint | HTTP Method | Object | Fields | Description |
| activities | GET | activity (type: TimeEntry) |
|
The listed fields will be null and a quantity_redacted: true field will be added to the response body. |
| activities | PATCH | activity (type: TimeEntry) |
|
If a user attempts to update any of the listed fields on an activity that has a quantity field redacted for them, they will receive a 403 error in response. |
| calendar_entries | GET | time_entries (nested property) |
same as activities GET requests above |
same as activities GET requests above |
| communications | GET | time_entries (nested property) |
same as activities GET requests above |
same as activities GET behavior above |
|
notes |
GET | time_entries (nested property) |
same as activities GET requests above |
same as activities GET behavior above |
|
tasks |
GET | time_entries (nested property) | same as activities GET requests above | same as activities GET behavior above |
Applications should ensure that use of these fields can handle potential null values as well as numbers. To test the redacted API field behavior, you must enable the Activity Hour Visibility setting for a firm user. This can be done in the user management settings when signed in as a firm administrator.