> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update an existing upload file's metadata

> Updates the metadata of an uploaded file. Only whitelisted fields are accepted (originalname, file_title, file_summary, file_authors, file_url, source_url, status, is_private, is_public, institution, account_shared, collection, embeddings_model, summary_model, image_analysis_model, audio_analysis_model). Setting is_public to true automatically forces is_private to false. Sending institution or collection as empty string or null triggers $unset. Users with accountType user can only update their own files. Admins can update files within their own institution, or files they originally uploaded (owner match) regardless of institution.



## OpenAPI

````yaml /mdx/api-reference/runtime/runtime-api.json put /api/user/upload/{id}
openapi: 3.0.0
info:
  title: Pria Runtime API
  version: 2.0.1
  description: >-
    Pria API Documentation Praxis's developer platform is a core part of our
    mission to empower organizations to grow better. Our APIs are designed to
    enable teams of any shape or size to build robust integrations that help
    them customize and get the most value out of Pria. All Pria APIs are built
    using REST conventions and designed to have a predictable URL structure.
    <br/>  <br/>They use many standard HTTP features, including methods (POST,
    GET, PUT, DELETE) and error response codes.  <br/> <br/>All API calls are
    made under https://hiimpria.ai/api and all responses return standard JSON.
    In these docs, you'll find lists of all available endpoints for a given API,
    along with interactive code blocks for building requests. For walkthroughs
    of basic usage for these APIs, check out the API guides.
servers:
  - url: https://pria.praxislxp.com
    description: Pria API Server
security: []
tags:
  - name: Authentication
    description: User authentication, registration, and password management (/api/auth)
  - name: OAuth
    description: OAuth authentication providers - Google, GitHub, SSO (/api/auth/oauth)
  - name: User
    description: User profile management and account operations (/api/user)
  - name: User Institutions
    description: User institution memberships and switching (/api/user/institution)
  - name: User Tools
    description: Available tools for authenticated users (/api/user/tools)
  - name: Institutions
    description: Institution settings and configuration (/api/user/institution)
  - name: Conversation
    description: AI conversation and Q&A endpoints (/api/ai)
  - name: Realtime
    description: Real-time voice AI and WebRTC sessions (/api/ai/rt)
  - name: Assistant
    description: AI assistant configuration and management (/api/user/assistant)
  - name: History
    description: Conversation history and favorites (/api/user/history)
  - name: RAG
    description: >-
      Document upload, embedding, and retrieval-augmented generation
      (/api/user/files, /api/user/rag)
  - name: Setting
    description: Instance variables and settings management (/api/user/setting)
  - name: Branding
    description: Digital twin branding and customization (/api/agent/branding)
  - name: Agent
    description: Agent engagement and session management (/api/agent)
  - name: SDK Launch
    description: >-
      SDK launch token signing and verification for secure iframe embedding
      (/api/auth/sdk-sign, /api/auth/sdk-verify)
  - name: Testing
    description: Health checks, diagnostics, and test endpoints (/api/test)
  - name: Admin Accounts
    description: Account management for super admins (/api/admin/account)
  - name: Admin Institutions
    description: Institution management for admins (/api/admin/institution)
  - name: Admin Users
    description: User management for admins (/api/admin/user)
  - name: Admin Entitlements
    description: >-
      User-institution relationships and permissions
      (/api/admin/userInstitution)
  - name: Admin Sessions
    description: Session management for admins (/api/admin/session)
  - name: Admin Histories
    description: Conversation history management and analytics (/api/admin/history)
  - name: Admin Assistants
    description: AI assistant management for admins (/api/admin/assistant)
  - name: Admin Questions
    description: Institution question and prompt management (/api/admin/question)
  - name: Admin Tools
    description: Tool configuration management (/api/admin/tool)
  - name: Admin AI Models
    description: AI model configuration (/api/admin/aimodel)
  - name: Admin MCP Servers
    description: Model Context Protocol server management (/api/admin/mcpserver)
  - name: Admin Feedbacks
    description: User feedback management (/api/admin/feedback)
  - name: Admin Uploads
    description: Upload management (/api/admin/upload)
  - name: Admin Charts
    description: Analytics and visualization chart management (/api/admin/chart)
  - name: Audio Notes
    description: Capture and ingest spoken notes into the personal vault
  - name: Memory
    description: User-facing memory parameters (personal + shared instance memory).
  - name: My Data
    description: >-
      GDPR controls — personal-scope counts, async ZIP-by-email export, and
      scoped soft-delete. Every endpoint pins `user = req.user._id` AND
      `institution: null`; institution-scoped data is governed by the
      institution's own retention policy and never reached from here.
  - name: Questions
    description: >-
      User-facing read of the onboarding question bank used by the "create a
      digital twin" wizard.
  - name: Transcription
    description: >-
      One-shot speech-to-text for in-place dictation. Audio blob in, transcript
      out — no Upload / History / RAG embeddings are persisted. Use
      `/audio-notes` for anything durable.
paths:
  /api/user/upload/{id}:
    put:
      tags:
        - IP Vault
      summary: Update an existing upload file's metadata
      description: >-
        Updates the metadata of an uploaded file. Only whitelisted fields are
        accepted (originalname, file_title, file_summary, file_authors,
        file_url, source_url, status, is_private, is_public, institution,
        account_shared, collection, embeddings_model, summary_model,
        image_analysis_model, audio_analysis_model). Setting is_public to true
        automatically forces is_private to false. Sending institution or
        collection as empty string or null triggers $unset. Users with
        accountType user can only update their own files. Admins can update
        files within their own institution, or files they originally uploaded
        (owner match) regardless of institution.
      parameters:
        - in: path
          name: id
          required: true
          schema:
            type: string
          description: >-
            The unique identifier of the upload to update (must be a valid
            ObjectId)
          example: 68566d7c4ec8e0cb02907997
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateUploadRequest'
      responses:
        '200':
          description: Upload successfully updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UpdateUploadResponse'
        '400':
          description: >-
            Bad request - invalid upload ID, empty body, or update operation
            failed
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Invalid Upload id
                  error:
                    type: object
                    description: >-
                      Full error object (only present when the catch block is
                      reached)
        '401':
          description: Unauthorized - user not found for the provided token
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Authentication Required
        '403':
          description: >-
            Forbidden - user does not own the file; standard user attempted to
            move a file to an instance or account vault; admin's institution
            does not match the file's institution and admin is not the original
            uploader; or admin lacks files.edit entitlement on the file's
            institution
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Cant update or delete a file that is not yours!
        '404':
          description: Upload not found
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Upload not found!
      security:
        - apiKeyAuth: []
components:
  schemas:
    UpdateUploadRequest:
      type: object
      description: >-
        Only whitelisted fields are accepted. Fields not in the allowed list are
        silently ignored. Setting is_public to true automatically forces
        is_private to false.
      properties:
        originalname:
          type: string
          description: The original name of the uploaded file
          example: markdown_render_with_error_boundary
        status:
          type: string
          description: >-
            The new status for the upload. active: default status. selected:
            file will be included in RAG searches. deleted: soft deleted, hidden
            from lists and RAG.
          enum:
            - active
            - selected
            - deleted
          example: selected
        is_public:
          type: boolean
          description: >-
            When true, anyone with the link can access the file without
            authentication. Setting to true automatically clears is_private.
          example: false
        is_private:
          type: boolean
          description: >-
            When true, marks the file as confidential (owner-only access, hidden
            from citations). Cannot be true when is_public is true.
          example: true
        institution:
          type: string
          description: >-
            Institution ID to share the file with. Send an empty string "" or
            null to unset (remove) the institution field via $unset.
        file_title:
          type: string
          description: Title for the file
        file_summary:
          type: string
          description: Summary of the file content
        file_authors:
          type: string
          description: Authors of the content
        account_shared:
          type: boolean
          description: Whether the file is shared across the institution account
        collection:
          type: string
          description: >-
            Collection ID. Send an empty string "" or null to remove from
            collection.
    UpdateUploadResponse:
      type: object
      properties:
        success:
          type: boolean
          description: Indicates if the operation was successful
          example: true
        message:
          type: string
          description: Success message
          example: Upload updated!
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-access-token
      description: JWT token passed in x-access-token header

````