> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Upload files

> Uploads one or more files to the user's IP Vault for RAG processing and embedding. Files are uploaded via multipart form-data using the 'files' field name. Audio files (mp3, m4a, webm, wav, mp4, mov, etc.) are limited to 25MB each. Non-audio files are limited to 150MB each. The multer middleware enforces a 500MB overall limit per file before the handler's own size checks.



## OpenAPI

````yaml /mdx/api-reference/runtime/runtime-api.json post /api/user/files
openapi: 3.0.0
info:
  title: Pria Runtime API
  version: 2.0.1
  description: >-
    Pria API Documentation Praxis's developer platform is a core part of our
    mission to empower organizations to grow better. Our APIs are designed to
    enable teams of any shape or size to build robust integrations that help
    them customize and get the most value out of Pria. All Pria APIs are built
    using REST conventions and designed to have a predictable URL structure.
    <br/>  <br/>They use many standard HTTP features, including methods (POST,
    GET, PUT, DELETE) and error response codes.  <br/> <br/>All API calls are
    made under https://hiimpria.ai/api and all responses return standard JSON.
    In these docs, you'll find lists of all available endpoints for a given API,
    along with interactive code blocks for building requests. For walkthroughs
    of basic usage for these APIs, check out the API guides.
servers:
  - url: https://pria.praxislxp.com
    description: Pria API Server
security: []
tags:
  - name: Authentication
    description: User authentication, registration, and password management (/api/auth)
  - name: OAuth
    description: OAuth authentication providers - Google, GitHub, SSO (/api/auth/oauth)
  - name: User
    description: User profile management and account operations (/api/user)
  - name: User Institutions
    description: User institution memberships and switching (/api/user/institution)
  - name: User Tools
    description: Available tools for authenticated users (/api/user/tools)
  - name: Institutions
    description: Institution settings and configuration (/api/user/institution)
  - name: Conversation
    description: AI conversation and Q&A endpoints (/api/ai)
  - name: Realtime
    description: Real-time voice AI and WebRTC sessions (/api/ai/rt)
  - name: Assistant
    description: AI assistant configuration and management (/api/user/assistant)
  - name: History
    description: Conversation history and favorites (/api/user/history)
  - name: RAG
    description: >-
      Document upload, embedding, and retrieval-augmented generation
      (/api/user/files, /api/user/rag)
  - name: Setting
    description: Instance variables and settings management (/api/user/setting)
  - name: Branding
    description: Digital twin branding and customization (/api/agent/branding)
  - name: Agent
    description: Agent engagement and session management (/api/agent)
  - name: SDK Launch
    description: >-
      SDK launch token signing and verification for secure iframe embedding
      (/api/auth/sdk-sign, /api/auth/sdk-verify)
  - name: Testing
    description: Health checks, diagnostics, and test endpoints (/api/test)
  - name: Admin Accounts
    description: Account management for super admins (/api/admin/account)
  - name: Admin Institutions
    description: Institution management for admins (/api/admin/institution)
  - name: Admin Users
    description: User management for admins (/api/admin/user)
  - name: Admin Entitlements
    description: >-
      User-institution relationships and permissions
      (/api/admin/userInstitution)
  - name: Admin Sessions
    description: Session management for admins (/api/admin/session)
  - name: Admin Histories
    description: Conversation history management and analytics (/api/admin/history)
  - name: Admin Assistants
    description: AI assistant management for admins (/api/admin/assistant)
  - name: Admin Questions
    description: Institution question and prompt management (/api/admin/question)
  - name: Admin Tools
    description: Tool configuration management (/api/admin/tool)
  - name: Admin AI Models
    description: AI model configuration (/api/admin/aimodel)
  - name: Admin MCP Servers
    description: Model Context Protocol server management (/api/admin/mcpserver)
  - name: Admin Feedbacks
    description: User feedback management (/api/admin/feedback)
  - name: Admin Uploads
    description: Upload management (/api/admin/upload)
  - name: Admin Charts
    description: Analytics and visualization chart management (/api/admin/chart)
  - name: Audio Notes
    description: Capture and ingest spoken notes into the personal vault
  - name: Memory
    description: User-facing memory parameters (personal + shared instance memory).
  - name: My Data
    description: >-
      GDPR controls — personal-scope counts, async ZIP-by-email export, and
      scoped soft-delete. Every endpoint pins `user = req.user._id` AND
      `institution: null`; institution-scoped data is governed by the
      institution's own retention policy and never reached from here.
  - name: Questions
    description: >-
      User-facing read of the onboarding question bank used by the "create a
      digital twin" wizard.
  - name: Transcription
    description: >-
      One-shot speech-to-text for in-place dictation. Audio blob in, transcript
      out — no Upload / History / RAG embeddings are persisted. Use
      `/audio-notes` for anything durable.
paths:
  /api/user/files:
    post:
      tags:
        - IP Vault
      summary: Upload files
      description: >-
        Uploads one or more files to the user's IP Vault for RAG processing and
        embedding. Files are uploaded via multipart form-data using the 'files'
        field name. Audio files (mp3, m4a, webm, wav, mp4, mov, etc.) are
        limited to 25MB each. Non-audio files are limited to 150MB each. The
        multer middleware enforces a 500MB overall limit per file before the
        handler's own size checks.
      requestBody:
        required: true
        content:
          multipart/form-data:
            schema:
              type: object
              required:
                - files
              properties:
                files:
                  type: array
                  items:
                    type: string
                    format: binary
                  description: >-
                    File(s) to upload. Audio files limited to 25MB, non-audio
                    limited to 150MB.
                confidential:
                  type: string
                  description: >-
                    Legacy global confidential flag (string 'true'/'false').
                    Only applied when institution is provided. Overridden
                    per-file by fileConfidential.
                  example: 'false'
                fileConfidential:
                  type: string
                  description: >-
                    JSON string mapping original filenames to per-file
                    confidential booleans. Example: '{"report.pdf": true,
                    "notes.txt": false}'. Overrides the global confidential
                    flag.
                  example: '{"report.pdf": true, "notes.txt": false}'
                skipIndexing:
                  type: string
                  description: >-
                    Global skip-indexing flag (string 'true'/'false'). When
                    true, all files in this upload batch skip RAG embedding
                    generation and are set to status 'active' with no
                    embeddings. Overridden per-file by fileSkipIndexing.
                  example: 'false'
                fileSkipIndexing:
                  type: string
                  description: >-
                    JSON string mapping original filenames to per-file
                    skip-indexing booleans. Example: '{"report.pdf": true,
                    "notes.txt": false}'. Overrides the global skipIndexing
                    flag.
                  example: '{"report.pdf": true}'
                institution:
                  type: string
                  description: Institution ID to associate the uploads with
                  example: 6631915765bb0a94cfd6ca99
                account_shared:
                  type: string
                  description: >-
                    When 'true' and institution is set, marks files as shared
                    across the institution's account
                  example: 'false'
                selectedCourse:
                  type: string
                  description: >-
                    JSON string with course context for the upload history
                    record. Example: '{"course_id": 1750532703472,
                    "course_name": "Research"}'
                  example: '{"course_id": 1750532703472, "course_name": "Research"}'
                selectedAssistant:
                  type: string
                  description: >-
                    Assistant ID for the upload history record (used as fallback
                    if selectedCourse.assistant._id is not set)
                  example: 6856fa89cbafcff8d98680f5
                collection:
                  type: string
                  description: >-
                    Collection ID to associate the uploaded files with. When
                    provided, each Upload record is linked to this collection.
                  example: 6631915765bb0a94cfd6ca99
      responses:
        '200':
          description: >-
            Upload completed. Individual file results are in the files array;
            each file has its own success/message.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UploadFilesResponse'
        '400':
          description: >-
            Bad request - multer error (file too large, too many files,
            unexpected field), missing files, invalid user, or processing error
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/MulterErrorResponse'
                  - type: object
                    properties:
                      success:
                        type: boolean
                        example: false
                      message:
                        type: string
                        example: Failed to upload files
                      error:
                        description: Error object from the failed operation
        '401':
          description: Unauthorized - Invalid or missing access token
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: >-
            Forbidden - standard user attempted to upload to an instance vault;
            standard user personal upload denied because the institution has
            disableFileUploadForUser=true and the user's email domain is not in
            enableFileUploadForEmail; or admin lacks files.add entitlement on
            the target institution
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: File uploads are disabled for your account
      security:
        - apiKeyAuth: []
components:
  schemas:
    UploadFilesResponse:
      type: object
      properties:
        success:
          type: boolean
          example: true
        message:
          type: string
          example: Upload completed
        files:
          type: array
          items:
            $ref: '#/components/schemas/ProcessedFileResult'
          description: Array of per-file processing results
    MulterErrorResponse:
      type: object
      description: >-
        Error returned by the multer upload middleware before reaching the
        handler
      properties:
        error:
          type: string
          description: Error category
          example: File too large
        message:
          type: string
          description: Human-readable error message
          example: File size exceeds 500MB limit
    ErrorResponse:
      type: object
      properties:
        success:
          type: boolean
          example: false
        message:
          type: string
          description: Human-readable error message
        error:
          type: string
          description: Technical error details
    ProcessedFileResult:
      type: object
      description: Result for each processed file in the upload batch
      properties:
        fieldname:
          type: string
          example: files
        originalname:
          type: string
          description: Original filename as uploaded
        filename:
          type: string
          description: System-generated filename on disk
        mimetype:
          type: string
          description: MIME type of the file
        size:
          type: integer
          description: File size in bytes
        success:
          type: boolean
          description: Whether this individual file was processed successfully
        message:
          type: string
          description: Status message for this file
        usage:
          type: integer
          description: Tokens used for RAG processing of this file
        uploadId:
          type: string
          description: MongoDB ObjectId of the created Upload record
        file_url:
          type: string
          format: uri
          description: URL to access the file
        file_title:
          type: string
          description: AI-generated title for the file
        file_summary:
          type: string
          description: AI-generated summary of file content
        summary_model:
          type: string
          description: AI model used for summarization
        image_analysis_model:
          type: string
          description: AI model used for image analysis (if applicable)
        embeddings_model:
          type: string
          description: AI model used for embeddings generation
        is_public:
          type: boolean
          description: Whether the file is publicly accessible
        is_private:
          type: boolean
          description: Whether the file is marked as confidential
        status:
          type: string
          description: Current status of the upload record
        thumbnail:
          type: string
          description: Base64-encoded thumbnail image
        queued:
          type: boolean
          description: >-
            Present and true when the file was handed off to the ingestion
            queue. Processing continues asynchronously — poll the Upload record
            to watch ingestion.phase transition to 'done' or 'error'.
        ingestion:
          type: object
          description: >-
            Ingestion job state. Only present when the file has been queued or
            has a terminal outcome.
          properties:
            phase:
              type: string
              enum:
                - queued
                - extract
                - chunk
                - sanitize
                - embed
                - finalize
                - done
                - error
            progress:
              type: integer
              description: Percent complete within the current phase (0-100)
            attempts:
              type: integer
            enqueuedAt:
              type: string
              format: date-time
            startedAt:
              type: string
              format: date-time
            completedAt:
              type: string
              format: date-time
            lastError:
              type: string
            errorClass:
              type: string
              enum:
                - permanent
                - transient
                - unknown
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-access-token
      description: JWT token passed in x-access-token header

````