Adding Dynamic Inputs: Secure, Firm-Defined Fields for Ask Clio API Calls
Dynamic Inputs allow your firm to define arbitrary, secure fields that can be injected into Ask Clio tool calls at runtime.
Dynamic Inputs allow your firm to define arbitrary, secure fields that can be injected into Ask Clio tool calls at runtime.
This works similarly to passing a clearing account ID, but instead of relying on a single pre-defined identifier, Dynamic Inputs let you create any number of firm-defined inputs (e.g. internal account IDs, portfolio IDs, entitlement flags, jurisdiction codes) and pass them securely via the Ask Clio session token API.
Dynamic Inputs are:
Passed server-to-server during session creation
Not exposed to the LLM prompt
Only available to tools that explicitly reference them
How Dynamic Inputs Work
Your firm defines one or more Dynamic Input keys in the Ask Clio dashboard
Your backend passes values for those keys when creating a session token
Ask Clio makes those values available to tools during execution
Step 1
Navigate to Integrations → Dynamic Inputs in the Ask Clio dashboard.
Step 2
Create a new Dynamic Input by defining a key.
This key represents a secure identifier that exists in your own system.
Examples:
internal_account_id
portfolio_id
advisor_tier
jurisdiction_code
Note on User Identity
Dynamic Inputs are intended for resource- or account-level identifiers (e.g. internal account IDs, clearing account IDs, portfolio IDs).
Do not use Dynamic Inputs as a replacement for user.id. user.id should always represent your application’s internal user identifier (for example, a user UUID from your auth system).
Chat history is not affected by Dynamic Inputs. Conversation history is always keyed by user.id.
Step 3
Set the Dynamic Input key that you will reference in your API calls.
This key:
Maps to a value stored in your database
Is passed explicitly during session creation
Is never derived or inferred by Ask Clio
Ask Clio does not persist this value outside the session lifecycle.
Step 4
Use your Client Signing Keys to securely pass Dynamic Input values when creating a session token.
Dynamic Inputs are included in the tools_input object of the token request.
Security & Model Access
Dynamic Inputs are never included in the LLM prompt
They are only accessible to tool execution
They are passed server-to-server during session creation
They are only returned in responses if a tool explicitly returns them
This mirrors the security model used for clearing account identifiers.
Example
Description
This endpoint generates a session token for Ask Clio by calling the token API with client-specific information.
In this example, internal_account_id is a firm-defined Dynamic Input passed in the tools_input field, allowing Ask Clio tools to access client-specific data securely.
How It Works
Fetch the client from your database (includes internal account ID)
Call Ask Clio’s token endpoint with client credentials
Pass Dynamic Inputs in tools_input
Receive a session token for SDK initialization
Important: User ID vs Dynamic Inputs
Dynamic Inputs (including clearing account identifiers such as alpaca_account_id) must be passed only via tools_input.
Do not place clearing account IDs in user.id.
The user.id field should always represent your application’s internal end-user identifier (e.g. your user UUID), not a brokerage or clearing account.
