I’m using the staff.json to programatically create and update the staff objects. However, while I am successfully able to create new and modify existing staff objects, the security role UUID (key: security_role_uuuid) is being completely ignored. There are no error messages. Here is an example of the body:
body {"first":"Frankie","last":"Test","email":"frankie.test@workm8s.com","security_role_uuid":"705fc70f-d134-468a-9d9a-226d5ad7fecb"
The security_role_uuid field is being completed ignored, and in the UI the role appears as “0”. I’ve tried via an OAUTH and API Key and the result is the same, the security_role_uuid is being ignored.
The only way I can update the staff security role is via the ServiceM8 UI, e.g, Settings > Staff.
Thanks for reporting this issue with the security_role_uuid field being ignored when creating or updating staff members via the API.
After reviewing our developer documentation, I wasn’t able to find specific guidance about this field behavior in the staff endpoint documentation. This suggests the issue you’re experiencing may be a bug or limitation that requires investigation by our development team.
Since you’ve confirmed that:
The API call is succeeding without errors
2. Other fields are being updated correctly
3. The security_role_uuid field is being completely ignored
4. This occurs with both OAuth and API Key authentication
5. Manual updates via the UI work correctly
I’ll need to escalate this to our engineering team for investigation. Could you please provide:
The exact API endpoint you’re using (POST/PUT to staff.json)
2. A sample of the complete request body you’re sending
3. The response you receive from the API
In the meantime, as you noted, updating security roles through the ServiceM8 UI (Settings > Staff) will continue to work as your temporary workaround.
We take API functionality seriously and will investigate this promptly. I’ll follow up once we have more information about this issue.
Thanks for reporting this issue. I can confirm you’re experiencing what appears to be an undocumented behavior with the security_role_uuid field on the Staff endpoint.
First, I noticed a typo in your example - you have “security_role_uuuid” with three u’s instead of two. However, since you’ve correctly identified it as “security_role_uuid” elsewhere in your post, I’m assuming this is just a typo in the example and not the actual issue.
The security_role_uuid field is documented as a valid field in both the Create and Update Staff endpoints. According to the API schema, this field should accept a UUID value in the format “123e4567-8820-49dc-ae2f-23b2e64e1d1b”. However, the documentation doesn’t explicitly indicate any special restrictions or read-only status for this field.
Given that:
You’re successfully creating and modifying other staff fields
You’re not receiving any error messages
The security_role_uuid is being silently ignored
You can successfully update this field through the ServiceM8 UI (Settings > Staff)
This suggests there may be an undocumented permission restriction or API limitation on programmatically setting security roles. This could be by design for security reasons, as staff security roles are sensitive permissions that control access levels within an account.
I’ve escalated this to the ServiceM8 development team for clarification on whether:
This field should be writable via the API
If not, why it’s not documented as read-only
What the intended method is for programmatically assigning security roles
We’ll update the documentation accordingly once we have clarification from the team. In the meantime, you’ll need to continue using the ServiceM8 UI to assign security roles to staff members.
Sorry for the inconvenience - we’ll get back to you as soon as we have more information.