> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Search and retrieve user uploaded files

> Retrieves a paginated list of user uploads with optional filtering by filename, status, vault type, and institution. Supports compact and lean response modes. When no vault is specified, legacy behavior applies: the user's personal files plus institution files are returned, and account-shared uploads from sibling institutions are appended.



## OpenAPI

````yaml /mdx/api-reference/runtime/runtime-api.json post /api/user/uploads
openapi: 3.0.0
info:
  title: Pria Runtime API
  version: 2.0.1
  description: >-
    Pria API Documentation Praxis's developer platform is a core part of our
    mission to empower organizations to grow better. Our APIs are designed to
    enable teams of any shape or size to build robust integrations that help
    them customize and get the most value out of Pria. All Pria APIs are built
    using REST conventions and designed to have a predictable URL structure.
    <br/>  <br/>They use many standard HTTP features, including methods (POST,
    GET, PUT, DELETE) and error response codes.  <br/> <br/>All API calls are
    made under https://hiimpria.ai/api and all responses return standard JSON.
    In these docs, you'll find lists of all available endpoints for a given API,
    along with interactive code blocks for building requests. For walkthroughs
    of basic usage for these APIs, check out the API guides.
servers:
  - url: https://pria.praxislxp.com
    description: Pria API Server
security: []
tags:
  - name: Authentication
    description: User authentication, registration, and password management (/api/auth)
  - name: OAuth
    description: OAuth authentication providers - Google, GitHub, SSO (/api/auth/oauth)
  - name: User
    description: User profile management and account operations (/api/user)
  - name: User Institutions
    description: User institution memberships and switching (/api/user/institution)
  - name: User Tools
    description: Available tools for authenticated users (/api/user/tools)
  - name: Institutions
    description: Institution settings and configuration (/api/user/institution)
  - name: Conversation
    description: AI conversation and Q&A endpoints (/api/ai)
  - name: Realtime
    description: Real-time voice AI and WebRTC sessions (/api/ai/rt)
  - name: Assistant
    description: AI assistant configuration and management (/api/user/assistant)
  - name: History
    description: Conversation history and favorites (/api/user/history)
  - name: RAG
    description: >-
      Document upload, embedding, and retrieval-augmented generation
      (/api/user/files, /api/user/rag)
  - name: Setting
    description: Instance variables and settings management (/api/user/setting)
  - name: Branding
    description: Digital twin branding and customization (/api/agent/branding)
  - name: Agent
    description: Agent engagement and session management (/api/agent)
  - name: SDK Launch
    description: >-
      SDK launch token signing and verification for secure iframe embedding
      (/api/auth/sdk-sign, /api/auth/sdk-verify)
  - name: Testing
    description: Health checks, diagnostics, and test endpoints (/api/test)
  - name: Admin Accounts
    description: Account management for super admins (/api/admin/account)
  - name: Admin Institutions
    description: Institution management for admins (/api/admin/institution)
  - name: Admin Users
    description: User management for admins (/api/admin/user)
  - name: Admin Entitlements
    description: >-
      User-institution relationships and permissions
      (/api/admin/userInstitution)
  - name: Admin Sessions
    description: Session management for admins (/api/admin/session)
  - name: Admin Histories
    description: Conversation history management and analytics (/api/admin/history)
  - name: Admin Assistants
    description: AI assistant management for admins (/api/admin/assistant)
  - name: Admin Questions
    description: Institution question and prompt management (/api/admin/question)
  - name: Admin Tools
    description: Tool configuration management (/api/admin/tool)
  - name: Admin AI Models
    description: AI model configuration (/api/admin/aimodel)
  - name: Admin MCP Servers
    description: Model Context Protocol server management (/api/admin/mcpserver)
  - name: Admin Feedbacks
    description: User feedback management (/api/admin/feedback)
  - name: Admin Uploads
    description: Upload management (/api/admin/upload)
  - name: Admin Charts
    description: Analytics and visualization chart management (/api/admin/chart)
  - name: Audio Notes
    description: Capture and ingest spoken notes into the personal vault
  - name: Memory
    description: User-facing memory parameters (personal + shared instance memory).
  - name: My Data
    description: >-
      GDPR controls — personal-scope counts, async ZIP-by-email export, and
      scoped soft-delete. Every endpoint pins `user = req.user._id` AND
      `institution: null`; institution-scoped data is governed by the
      institution's own retention policy and never reached from here.
  - name: Questions
    description: >-
      User-facing read of the onboarding question bank used by the "create a
      digital twin" wizard.
  - name: Transcription
    description: >-
      One-shot speech-to-text for in-place dictation. Audio blob in, transcript
      out — no Upload / History / RAG embeddings are persisted. Use
      `/audio-notes` for anything durable.
paths:
  /api/user/uploads:
    post:
      tags:
        - IP Vault
      summary: Search and retrieve user uploaded files
      description: >-
        Retrieves a paginated list of user uploads with optional filtering by
        filename, status, vault type, and institution. Supports compact and lean
        response modes. When no vault is specified, legacy behavior applies: the
        user's personal files plus institution files are returned, and
        account-shared uploads from sibling institutions are appended.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UploadSearchRequest'
            examples:
              basicSearch:
                summary: Basic search excluding deleted files
                value:
                  lean: true
                  status:
                    $ne: deleted
                  fileNameSearch: report
              paginatedVaultSearch:
                summary: Paginated search within a specific vault
                value:
                  vault: instance
                  institution: 68566d7c4ec8e0cb02907997
                  page: 2
                  pageSize: 10
                  sortAscending: true
              withCounts:
                summary: Request with vault counts included
                value:
                  vault: personal
                  includeCounts: true
                  page: 1
                  pageSize: 25
      responses:
        '200':
          description: Successfully retrieved user uploads
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UploadSearchResponse'
        '400':
          description: Bad request - query failed or invalid uploadId
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Failed to get uploads <error message>
                  error:
                    type: object
                    description: Full error object from the caught exception
        '401':
          description: Unauthorized - user not found for the provided token
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Authentication Required
        '403':
          description: >-
            Forbidden - standard user attempted instance/account vault, or admin
            lacks `files.list` entitlement.
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Standard users cannot access instance vault
      security:
        - apiKeyAuth: []
components:
  schemas:
    UploadSearchRequest:
      type: object
      properties:
        lean:
          type: boolean
          description: >-
            When true, omits file_summary, filename, file_authors, mimetype,
            owner_data, and institution_data
        compact:
          type: boolean
          description: >-
            When true, omits file_title, file_summary, thumbnail, owner_data,
            and institution_data
        status:
          type: string
          enum:
            - inactive
            - selected
            - active
            - error
            - deleted
            - excluded
            - processing
          description: >
            Filter by status. Real DB values
            (inactive/selected/active/error/deleted) match exactly.

            Pseudo-values:
              - `excluded`: expands to `status $nin:['selected','deleted']`
              - `processing`: matches `ingestion.phase ∈ {extract, chunk, sanitize, embed, kag}` AND `status $ne:'deleted'`. Use this to surface files currently mid-ingestion regardless of their literal status (in-flight files usually carry status:'inactive' until the pipeline finishes).
            When omitted, defaults to $ne:'deleted'.
        fileNameSearch:
          type: string
          description: Case-insensitive regex search term applied to originalname
        uploadId:
          type: string
          description: Return only the upload with this specific ID
        uploadIds:
          type: array
          items:
            type: string
          maxItems: 50
          description: >-
            Batch fetch — return only uploads whose _id is in this list. Capped
            to 50. Used by the UI to poll in-flight ingestion uploads without
            re-running the full list query.
        vault:
          type: string
          enum:
            - personal
            - instance
            - account
          description: >-
            Filter by vault type. personal: user-owned files with no
            institution. instance: institution files that are not
            account-shared. account: account-shared files across all
            institutions.
        institution:
          type: string
          description: >-
            Institution ID to scope the query. Used with vault or all to target
            a specific institution.
        page:
          type: integer
          minimum: 1
          default: 1
          description: Page number for pagination (1-based)
        pageSize:
          type: integer
          minimum: 1
          maximum: 50
          default: 25
          description: Number of items per page (clamped to 1-50)
        sortAscending:
          type: boolean
          default: false
          description: When true, sorts in ascending order; otherwise descending
        nameOrder:
          type: boolean
          description: >-
            When truthy, sorts by created date instead of the default
            case-insensitive originalname sort
        sortBy:
          type: string
          enum:
            - ragHitCount
            - lastRagHitAt
          description: >-
            Sort field. When provided, overrides nameOrder. ragHitCount sorts by
            usage count, lastRagHitAt sorts by recency of RAG matches (nulls
            first when ascending).
        includeCollectionFiles:
          type: boolean
          description: >
            When true, includes files that belong to a vault-scoped collection
            in the results.

            Default false — files in collections are excluded from root vault
            listings to avoid

            duplicates with the CollectionStrip render. Auto-bypassed (treated
            as true) for the

            attention filters `status: 'processing'` and `status: 'error'` so
            the user can see

            every file needing attention from the vault root, regardless of its
            container.
        includeCounts:
          type: boolean
          description: >-
            When true, appends a vaultCounts object to the response with total
            and active counts per vault (personal, instance, account)
    UploadSearchResponse:
      type: object
      required:
        - success
        - data
        - total
        - hasMore
        - page
        - pageSize
      properties:
        success:
          type: boolean
          description: Whether the request succeeded
        data:
          type: array
          items:
            $ref: '#/components/schemas/UploadFile'
          description: Array of upload records for the requested page
        total:
          type: integer
          description: Total number of matching uploads across all pages
        hasMore:
          type: boolean
          description: Whether more pages exist beyond the current page
        page:
          type: integer
          description: Current page number (mirrors the request value)
        pageSize:
          type: integer
          description: Items per page used (mirrors the resolved request value)
        vaultCounts:
          type: object
          description: 'Vault-level counts (only present when includeCounts: true)'
          properties:
            personal:
              type: object
              properties:
                total:
                  type: integer
                  description: Total non-deleted personal files
                active:
                  type: integer
                  description: Personal files with status selected
            instance:
              type: object
              properties:
                total:
                  type: integer
                  description: Total non-deleted instance files
                active:
                  type: integer
                  description: Instance files with status selected
            account:
              type: object
              properties:
                total:
                  type: integer
                  description: Total non-deleted account-shared files
                active:
                  type: integer
                  description: Account-shared files with status selected
    UploadFile:
      type: object
      properties:
        _id:
          type: string
          description: Unique identifier for the file
        filename:
          type: string
          description: 'System-generated filename (omitted when lean: true)'
        originalname:
          type: string
          description: >-
            Original filename as uploaded, primary name identifier for the user
            and LLM
        mimetype:
          type: string
          description: 'MIME type of the file (omitted when lean: true)'
        created:
          type: string
          format: date-time
          description: File creation timestamp
        filesize:
          type: integer
          description: File size in bytes
        status:
          type: string
          enum:
            - inactive
            - selected
            - active
            - error
            - deleted
          description: >-
            Persisted upload state. inactive: waiting on RAG / ingestion queue.
            selected: RAG-ingested and included in the vault. active: uploaded
            with skipIndexing — visible but not RAG-indexed. error:
            RAG/ingestion failed. deleted: soft-delete tombstone.
        thumbnail:
          type: string
          description: 'Thumbnail picture encoded (omitted when compact: true)'
        user:
          type: string
          description: User ID who owns the file
        institution:
          type: string
          description: Institution ID the file is shared with (omitted when null)
        account_shared:
          type: boolean
          description: >-
            Whether the file is shared across all institutions in the same
            account
        file_summary:
          type: string
          description: >-
            AI-generated summary of file content (omitted when compact: true or
            lean: true)
        file_title:
          type: string
          description: 'AI-generated title for the file (omitted when compact: true)'
        file_url:
          type: string
          format: uri
          description: URL to access the file
        tokens_used:
          type: integer
          description: Number of tokens used for processing
        is_public:
          type: boolean
          description: >-
            Whether the file is publicly accessible (anyone with the link can
            access without authentication). Default: false.
          default: false
        is_private:
          type: boolean
          description: >-
            Whether the file is confidential (owner-only access, won't appear in
            citations). Default: false. Cannot be true when is_public is true.
          default: false
        file_dimensions:
          type: string
          description: Image dimensions (for image files)
        file_authors:
          type: string
          description: 'Authors of the content (omitted when lean: true)'
        embeddings_model:
          type: string
          description: Model used to generate embeddings
        summary_model:
          type: string
          description: Model used to generate the file summary
        image_analysis_model:
          type: string
          description: Model used for image analysis
        googleDriveFileId:
          type: string
          description: Google Drive file ID if synced from Drive
        googleDriveModifiedTime:
          type: string
          format: date-time
          description: Last modified time from Google Drive
        ragHitCount:
          type: integer
          description: >-
            Number of times this file appeared in RAG search results
            (deduplicated per search)
          default: 0
        lastRagHitAt:
          type: string
          format: date-time
          nullable: true
          description: Timestamp of most recent RAG search match (null if never used)
        vaultHealthScore:
          type: integer
          nullable: true
          description: >-
            Percentage (0-100) of chunks flagged as unoptimized content (code,
            markup, structured data). null = not yet scanned.
        fileOnDisk:
          type: boolean
          description: >-
            Whether the physical file exists on disk. Only present when the
            upload has a file_url.
        owner_data:
          type: object
          description: >-
            Trimmed owner info. In full mode, populated via $lookup. In
            lean/compact mode, batch-resolved for instance and account vault
            files. Omitted for personal vault files.
          properties:
            email:
              type: string
              format: email
            fname:
              type: string
            lname:
              type: string
            institution:
              type: string
              description: Owner's institution ID (only present in full $lookup mode)
        institution_data:
          type: object
          description: >-
            Institution info from $lookup (omitted when compact: true or lean:
            true)
          properties:
            name:
              type: string
            ainame:
              type: string
        institution_name:
          type: string
          description: >-
            Display name of the source institution (ainame or name). Only
            present for account_shared files with an institution.
        institution_display_name:
          type: string
          description: >-
            Full institution name, shown when it differs from institution_name
            (the ainame). Only present for account_shared files where ainame !==
            name.
        index:
          type: integer
          description: 1-indexed position of this item within the returned page
        collection:
          type: string
          description: >-
            ObjectId of the collection this file belongs to, or omitted when the
            file lives at the vault root.
        collection_path:
          type: array
          description: >
            Server-stamped breadcrumb from root → leaf of the file's containing
            collection (only when the file is inside a collection). Used by the
            Files panel to render `Collection 1 › sub-collection 2 › file.txt`
            without an extra round-trip. Walks `collection.parent` to bounded
            depth-10 (DocumentDB-friendly — no $graphLookup).
          items:
            type: object
            properties:
              _id:
                type: string
                description: Collection ObjectId
              name:
                type: string
                description: Collection display name
              color:
                type: string
                nullable: true
                description: >-
                  Per-collection accent hex (`#RGB` or `#RRGGBB`) for the folder
                  icon, or null for the default outline icon.
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-access-token
      description: JWT token passed in x-access-token header

````