Register an application in the Clio developer portal to obtain a client_id and client_secret, then redirect the user to /oauth/authorize with response_type=code and the required scopes.
Exchange the authorization code for tokens at /oauth/token; store the access token and refresh token, noting the access token's expiry.
Create a matter via POST to /api/v4/matters.json with a JSON body containing at minimum client (contact id), description, and practice_area.
Create or search contacts via POST or GET on /api/v4/contacts.json; use the fields query parameter to request only the fields you need, which improves response time and reduces payload size.
Handle 429 responses by reading the Retry-After header and pausing before retrying; implement exponential backoff for sustained high-volume operations.
Known gotchas
Clio enforces per-user rate limits (not per-app); in multi-user apps, a single active user making bursts of requests can hit limits independently of other users.
The fields parameter is additive but also required to get nested data — omitting it returns a minimal set of fields and may silently exclude data you expect.
Access tokens expire after a few hours; always proactively refresh them before expiry rather than waiting for a 401, as refresh token reuse windows are finite.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp