> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Refresh user entitlements and permissions

> Retrieves the current user's entitlements across all institutions. Transforms populated institution/account into institution_data/account_data. Sorts by favorite flag, ainame, and institution name. Auto-cleans null-institution duplicate records. Returns accountManagerAccounts.



## OpenAPI

````yaml /mdx/api-reference/runtime/runtime-api.json post /api/user/refresh/entitlements
openapi: 3.0.0
info:
  title: Pria Runtime API
  version: 2.0.1
  description: >-
    Pria API Documentation Praxis's developer platform is a core part of our
    mission to empower organizations to grow better. Our APIs are designed to
    enable teams of any shape or size to build robust integrations that help
    them customize and get the most value out of Pria. All Pria APIs are built
    using REST conventions and designed to have a predictable URL structure.
    <br/>  <br/>They use many standard HTTP features, including methods (POST,
    GET, PUT, DELETE) and error response codes.  <br/> <br/>All API calls are
    made under https://hiimpria.ai/api and all responses return standard JSON.
    In these docs, you'll find lists of all available endpoints for a given API,
    along with interactive code blocks for building requests. For walkthroughs
    of basic usage for these APIs, check out the API guides.
servers:
  - url: https://pria.praxislxp.com
    description: Pria API Server
security: []
tags:
  - name: Authentication
    description: User authentication, registration, and password management (/api/auth)
  - name: OAuth
    description: OAuth authentication providers - Google, GitHub, SSO (/api/auth/oauth)
  - name: User
    description: User profile management and account operations (/api/user)
  - name: User Institutions
    description: User institution memberships and switching (/api/user/institution)
  - name: User Tools
    description: Available tools for authenticated users (/api/user/tools)
  - name: Institutions
    description: Institution settings and configuration (/api/user/institution)
  - name: Conversation
    description: AI conversation and Q&A endpoints (/api/ai)
  - name: Realtime
    description: Real-time voice AI and WebRTC sessions (/api/ai/rt)
  - name: Assistant
    description: AI assistant configuration and management (/api/user/assistant)
  - name: History
    description: Conversation history and favorites (/api/user/history)
  - name: RAG
    description: >-
      Document upload, embedding, and retrieval-augmented generation
      (/api/user/files, /api/user/rag)
  - name: Setting
    description: Instance variables and settings management (/api/user/setting)
  - name: Branding
    description: Digital twin branding and customization (/api/agent/branding)
  - name: Agent
    description: Agent engagement and session management (/api/agent)
  - name: SDK Launch
    description: >-
      SDK launch token signing and verification for secure iframe embedding
      (/api/auth/sdk-sign, /api/auth/sdk-verify)
  - name: Testing
    description: Health checks, diagnostics, and test endpoints (/api/test)
  - name: Admin Accounts
    description: Account management for super admins (/api/admin/account)
  - name: Admin Institutions
    description: Institution management for admins (/api/admin/institution)
  - name: Admin Users
    description: User management for admins (/api/admin/user)
  - name: Admin Entitlements
    description: >-
      User-institution relationships and permissions
      (/api/admin/userInstitution)
  - name: Admin Sessions
    description: Session management for admins (/api/admin/session)
  - name: Admin Histories
    description: Conversation history management and analytics (/api/admin/history)
  - name: Admin Assistants
    description: AI assistant management for admins (/api/admin/assistant)
  - name: Admin Questions
    description: Institution question and prompt management (/api/admin/question)
  - name: Admin Tools
    description: Tool configuration management (/api/admin/tool)
  - name: Admin AI Models
    description: AI model configuration (/api/admin/aimodel)
  - name: Admin MCP Servers
    description: Model Context Protocol server management (/api/admin/mcpserver)
  - name: Admin Feedbacks
    description: User feedback management (/api/admin/feedback)
  - name: Admin Uploads
    description: Upload management (/api/admin/upload)
  - name: Admin Charts
    description: Analytics and visualization chart management (/api/admin/chart)
  - name: Audio Notes
    description: Capture and ingest spoken notes into the personal vault
  - name: Memory
    description: User-facing memory parameters (personal + shared instance memory).
  - name: My Data
    description: >-
      GDPR controls — personal-scope counts, async ZIP-by-email export, and
      scoped soft-delete. Every endpoint pins `user = req.user._id` AND
      `institution: null`; institution-scoped data is governed by the
      institution's own retention policy and never reached from here.
  - name: Questions
    description: >-
      User-facing read of the onboarding question bank used by the "create a
      digital twin" wizard.
  - name: Transcription
    description: >-
      One-shot speech-to-text for in-place dictation. Audio blob in, transcript
      out — no Upload / History / RAG embeddings are persisted. Use
      `/audio-notes` for anything durable.
paths:
  /api/user/refresh/entitlements:
    post:
      tags:
        - User
      summary: Refresh user entitlements and permissions
      description: >-
        Retrieves the current user's entitlements across all institutions.
        Transforms populated institution/account into
        institution_data/account_data. Sorts by favorite flag, ainame, and
        institution name. Auto-cleans null-institution duplicate records.
        Returns accountManagerAccounts.
      responses:
        '200':
          description: Successfully refreshed user entitlements
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RefreshEntitlementsResponse'
        '400':
          description: General error during entitlements retrieval
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  error:
                    type: object
                  message:
                    type: string
        '401':
          description: 'User not found: authentication required'
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Authentication required
      security:
        - apiKeyAuth: []
components:
  schemas:
    RefreshEntitlementsResponse:
      type: object
      properties:
        success:
          type: boolean
          description: Indicates if the operation was successful
        entitlements:
          type: array
          items:
            $ref: '#/components/schemas/EntitlementData'
          description: >-
            Array of user-institution records, sorted by favorite (desc), ainame
            (asc), institution name (asc). Null-institution duplicates are
            auto-cleaned.
        accountManagerAccounts:
          type: array
          items:
            $ref: '#/components/schemas/AccountManagerAccount'
          description: >-
            Accounts where this user is an account manager (array of {_id, name}
            objects)
    EntitlementData:
      type: object
      description: >-
        A user-institution membership record. Fields digitaltwin, creditAwarded,
        and lastIP are always stripped from the response.
      properties:
        _id:
          type: string
          description: Unique identifier for the user-institution record
        entitlements:
          type: array
          items:
            type: string
          description: Array of permission strings (e.g. institutions.list, users.add)
        accountType:
          type: string
          enum:
            - super
            - admin
            - user
          description: 'Role in this institution: super, admin, or user'
        status:
          type: string
          enum:
            - active
            - inactive
            - pending
            - deleted
          description: >-
            Current status of the membership (deleted records are filtered out
            in the query, but the enum value exists)
        user:
          type: string
          description: User ID associated with this entitlement
        institution:
          type: string
          description: >-
            Institution ObjectId (raw ID after transformation, or undefined for
            personal accounts)
        institution_data:
          type: object
          description: >-
            Populated institution object with selected fields: name, ainame,
            status, credits, poolCredits, rtEnabled, rtAdminOnly, rtVoice,
            displayAgentDetails, displayThinkingDetails,
            displayRagSearchDetails, displayThinkingExecution,
            displayToolExecution, disableAddCredits, contactEmail, account (ID),
            picture, picture_animated, questionType, allowJoining,
            joiningAdminOnly, joinId, publicId, preventSwitchingInstance. NOTE:
            `css`, `theme`, and `about` are intentionally omitted to keep the
            picker payload small. css/theme apply only to the active session
            (loaded via /api/user/refresh/profile → instancePublicFields). about
            is lazy-loaded per institution via POST /api/user/institutionAbout
            when the Gallery card flips or the About modal opens.
          properties:
            _id:
              type: string
            name:
              type: string
              description: Institution display name
            ainame:
              type: string
              description: AI assistant name for this institution
        account_data:
          type: object
          description: >-
            Populated account object with selected fields: name, credits,
            managerEmail, status, transferCreditsMode. NOTE: `privacyPolicyHTML`
            is intentionally omitted — the consent gate only renders for the
            ACTIVE userInstitution, so the field has been moved onto
            profile.institution.account (returned by /api/user/refresh/profile)
            to avoid duplicating multi-KB HTML across every entitlement row
            sharing the same account.
          properties:
            _id:
              type: string
            name:
              type: string
              description: Account name
        created:
          type: string
          format: date-time
          description: Creation timestamp
        lastLogin:
          type: string
          format: date-time
          description: Last login timestamp
        lastKA:
          type: string
          format: date-time
          description: Last keep-alive timestamp
        favorite:
          type: boolean
          description: Whether this membership is marked as favorite (affects sort order)
        favoriteAssistants:
          type: array
          items:
            type: string
          description: Array of favorite assistant ObjectIds
        acceptedAccountPrivacyPolicyDate:
          type: string
          format: date-time
          description: Date when user accepted the account privacy policy
        creditAwardedDate:
          type: string
          format: date-time
          description: Date when credits were awarded to this membership
        lticontextid:
          type: string
          description: LTI context ID linked to this user-institution
        lastConversation:
          $ref: '#/components/schemas/LastConversation'
        canvasApiToken:
          $ref: '#/components/schemas/CanvasApiToken'
        digitaltwinrole:
          type: string
          description: Digital twin role identifier
        joinedAt:
          type: string
          format: date-time
          description: Date when the user joined this institution
    AccountManagerAccount:
      type: object
      properties:
        _id:
          type: string
          description: Account ObjectId
        name:
          type: string
          description: Account name
    LastConversation:
      type: object
      properties:
        course_id:
          type: number
          description: Unique identifier for the course
        course_name:
          type: string
          description: Name of the course/conversation
        assistant:
          type: object
          properties:
            _id:
              type: string
              description: Assistant unique identifier
            name:
              type: string
              description: Assistant name
            picture_url:
              type: string
              description: URL to assistant picture
        history_count:
          type: number
          description: Number of dialogue entries in history
        last_dialogue_date:
          type: string
          format: date-time
          description: Timestamp of last dialogue
    CanvasApiToken:
      type: object
      required:
        - access_token
        - token_type
        - user
        - institutionid
      properties:
        access_token:
          type: string
          description: Canvas API access token
          example: >-
            24379~vCERVnFWh9yyEVQkafGWQL8WwUk9YKv2mEmMyv6WtkzUYkEHDRGtPP2aMMCYf4C9
        token_type:
          type: string
          description: Type of the token
          example: Bearer
        user:
          $ref: '#/components/schemas/CanvasUser'
        canvas_region:
          type: string
          description: Canvas region identifier
          example: us-east-1
        expires_in:
          type: integer
          description: Token expiration time in seconds
          example: 3600
        created:
          type: integer
          description: Token creation timestamp
          example: 1
        refresh_token:
          type: string
          description: Refresh token for renewing access
          example: >-
            24379~MTDRu7Aw3RGk2DPmrNuAP2E37LcRHQ2A2wk978CMK3GTMFwkrJA8wQkeaKmxWvRA
        institutionid:
          type: string
          description: Institution identifier
          example: 65cfebc32f5e1b37d4e52329
    CanvasUser:
      type: object
      properties:
        id:
          type: integer
          description: Canvas user ID
          example: 110
        name:
          type: string
          description: Full name of the user
          example: Hugo Lebegue
        global_id:
          type: string
          description: Global Canvas user identifier
          example: '243790000000000110'
        effective_locale:
          type: string
          description: User's effective locale setting
          example: en
        fake_student:
          type: boolean
          description: Whether the user is a fake student account
          example: false
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-access-token
      description: JWT token passed in x-access-token header

````