Approve and attest booked hours

Use the booked hours API to move time records from created, to approved, to attested.

Each booked hour record can exist in one of these states:

Created — unapproved and unattested.
Approved — reviewed by a manager or responsible person.
Attested — confirmed as final and locked. Attested records are read-only.

How to approve and attest booked hours

Create a new time record

Endpoint: POST /bookedhours

Newly created records always start as unapproved and unattested. Records cannot be created in an approved or attested state.
Approve an existing time record

Endpoint: PUT /bookedhours/{id}

Request body:
```
{
  "approved": true
}
```
This marks the record as approved. Once the record is approved, you can attest it using the separate attest endpoint.
Attest approved time records

This is only applicable for records that are already approved. You can attest a set of booked hours as long as all records in the request are approved.

Request body:
```
{
  "records": [19980, 19981]
}
```
Unattest a record

Endpoint: PUT /bookedhours/{id}

Request body:
```
{
  "attested": false
}
```
Use this to reverse the attested state if a correction is needed. Once unattested, the record can be edited or unapproved again. The system will clear or reset attestTime accordingly.

Limitations and rules

Records cannot be created as already approved or attested.
You can attest only after approval.
You can unattest by setting attested=false via PUT.
You can unapprove only after unattesting.
approvedTime and attestTime are always generated by the system and cannot be backdated.

Although it is technically possible to change certain fields, such as user or professionitemid, for a booked hour entry that has already been approved and attested using the PUT endpoint, this should not be done.
In Next Client, attested entries become read-only by design. Respect the same restriction when using the Next API, even if the system allows the update.