We have an internal web portal that allows employees without “Reports” permissions to view/edit their own job activity week-by-week. I am using the REST API with an API Token. Employees can edit normal job activity just fine, but activities for which “activity_was_automated” is true cannot be edited or deleted (marked inactive). I get a response like:
[ERROR] [ServiceM8Client] Error response body: {“errorCode”:400,“message”:“JobActivity record is read-only”,“documentation”:“Please refer to ``https://developer.servicem8.com/llms.txt`` for developer documentation.”}
This is no mention of “read-only” job activities in the API. I can delete them through the ServiceM8 app, but this is time-consuming, and I cannot give employees this permission.
How can I edit automated activities through the REST API?
To update a JobActivity, the documented endpoint is POST /jobactivity/{uuid}.json, and it requires the manage_schedule OAuth scope.
To delete (archive) a JobActivity via the API, use DELETE /jobactivity/{uuid}.json; in ServiceM8, deleting a record sets its active field to 0 (soft delete), inactive records are still accessible on the API but hidden in the UI, and they can be restored by setting active back to 1.
If your portal needs the API to enforce each employee’s access level, you can use user impersonation by setting the x-impersonate-uuid header (it must be an active, valid staff UUID), and impersonation applies that user’s security to the request.
If you’re using an API key (rather than OAuth), it’s passed in the X-API-Key header on your requests.
Because the JobActivity endpoint reference pages describe 400 errors generically (malformed/invalid requests), the specific 400 response you’re seeing (“JobActivity record is read-only”) will need to be checked by our Support team against the specific activity type being generated.
Email support@servicem8.com with one example JobActivity UUID plus the exact request you’re sending and the full response body, and we’ll confirm what’s supported here.
You can’t edit or delete (archive) JobActivity records where activity_was_automated is true through the REST API, and the “JobActivity record is read-only” response is expected for those automated activities by design.
For non-automated JobActivity records, these are the REST endpoints:
Update: POST /jobactivity/{uuid}.json (requires OAuth scope manage_schedule).
What if an “automated” activity was recorded incorrectly? I have no way of changing it through the REST API? That’s ridiculous!
At least let me delete/archive/make inactive “activity_was_automated” activities so when there is an error I can replace them with non-automated ones with the correct job, start time and end time.
The API reference doesn’t currently document any special case for activity_was_automated, so the “JobActivity record is read-only” 400 you’re seeing needs to be confirmed against the specific type of automated activity being generated in your account.
What we can confirm from the docs is:
Updating a JobActivity is done via POST /jobactivity/{uuid}.json, and it requires the OAuth scope manage_schedule.
Archiving (soft-deleting) a JobActivity is done via DELETE /jobactivity/{uuid}.json; in ServiceM8, deleting a record sets its active field to 0, and inactive records are still accessible on the API but hidden in the UI.
Because the documented 400 response is described generically as “malformed or contains invalid parameters”, it doesn’t explain the specific “read-only” message you received.
If you email support@servicem8.com with (1) one example JobActivity UUID that’s failing, and (2) the exact request you’re sending (method, URL, headers, body), we can confirm whether that automated activity type is intentionally immutable via the API or whether something is misclassified.
I have already emailed support and provided CURL commands that fail as well as the UUID of the automated job that cannot be deactivated/edited. Afterwards, I received this response:
Charles (ServiceM8 Help)
Feb 26, 2026, 00:34 GMT+9:30
Hi Dylan,
Thank you for the update. We’ll continue to look into this and send another email once we get an update.
Regards,
Charles
ServiceM8 Support
That was 7 days ago. Do you want me to put the CURL commands here instead?
It’s best not to post the full cURL command publicly if it includes any credentials (API key, OAuth access token, app secret), because those values are what authenticate requests and allow API calls on behalf of an account.
If you do want to share an example here for peer review, a safe way is to redact the authentication bits (for example the X-API-Key header or any Authorization: Bearer … / access_token value), plus any real UUIDs/customer data.
For reference, the documented endpoint to update an activity is POST /jobactivity/{uuid}.json (requires OAuth scope manage_schedule). Archiving (soft-deleting) an activity is DELETE /jobactivity/{uuid}.json; in ServiceM8 deleting sets active to 0 (and it can be restored by setting active back to 1).
To follow up on the investigation, you can contact our Support team 24/7 via livechat/email from inside ServiceM8 (Home tab, then Help, then Contact Support Team).