> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update user profile or change password

> Updates the current user's profile fields or changes the user's password. When `resetCodeId` is present in the request body, the endpoint operates in password-change mode and requires `password` (current) and `newPassword` fields. Otherwise, it updates profile fields validated against the authorized properties list (email, fname, lname, picture, remember_history_count, use_location, use_stt, dark_mode, pin_ui, showSideBar, galleryAsGrid, ragOnlySearch, ragIgnore, ragKagMode, browser_voice, browser_voices, mustChangePassword, updatePasswordOnSSO, rt_voice, gemini_rt_voice, xai_rt_voice, mfaEnabled). Any properties not in this list are rejected.




## OpenAPI

````yaml /mdx/api-reference/runtime/runtime-api.json put /api/user/me
openapi: 3.0.0
info:
  title: Pria Runtime API
  version: 2.0.1
  description: >-
    Pria API Documentation Praxis's developer platform is a core part of our
    mission to empower organizations to grow better. Our APIs are designed to
    enable teams of any shape or size to build robust integrations that help
    them customize and get the most value out of Pria. All Pria APIs are built
    using REST conventions and designed to have a predictable URL structure.
    <br/>  <br/>They use many standard HTTP features, including methods (POST,
    GET, PUT, DELETE) and error response codes.  <br/> <br/>All API calls are
    made under https://hiimpria.ai/api and all responses return standard JSON.
    In these docs, you'll find lists of all available endpoints for a given API,
    along with interactive code blocks for building requests. For walkthroughs
    of basic usage for these APIs, check out the API guides.
servers:
  - url: https://pria.praxislxp.com
    description: Pria API Server
security: []
tags:
  - name: Authentication
    description: User authentication, registration, and password management (/api/auth)
  - name: OAuth
    description: OAuth authentication providers - Google, GitHub, SSO (/api/auth/oauth)
  - name: User
    description: User profile management and account operations (/api/user)
  - name: User Institutions
    description: User institution memberships and switching (/api/user/institution)
  - name: User Tools
    description: Available tools for authenticated users (/api/user/tools)
  - name: Institutions
    description: Institution settings and configuration (/api/user/institution)
  - name: Conversation
    description: AI conversation and Q&A endpoints (/api/ai)
  - name: Realtime
    description: Real-time voice AI and WebRTC sessions (/api/ai/rt)
  - name: Assistant
    description: AI assistant configuration and management (/api/user/assistant)
  - name: History
    description: Conversation history and favorites (/api/user/history)
  - name: RAG
    description: >-
      Document upload, embedding, and retrieval-augmented generation
      (/api/user/files, /api/user/rag)
  - name: Setting
    description: Instance variables and settings management (/api/user/setting)
  - name: Branding
    description: Digital twin branding and customization (/api/agent/branding)
  - name: Agent
    description: Agent engagement and session management (/api/agent)
  - name: SDK Launch
    description: >-
      SDK launch token signing and verification for secure iframe embedding
      (/api/auth/sdk-sign, /api/auth/sdk-verify)
  - name: Testing
    description: Health checks, diagnostics, and test endpoints (/api/test)
  - name: Admin Accounts
    description: Account management for super admins (/api/admin/account)
  - name: Admin Institutions
    description: Institution management for admins (/api/admin/institution)
  - name: Admin Users
    description: User management for admins (/api/admin/user)
  - name: Admin Entitlements
    description: >-
      User-institution relationships and permissions
      (/api/admin/userInstitution)
  - name: Admin Sessions
    description: Session management for admins (/api/admin/session)
  - name: Admin Histories
    description: Conversation history management and analytics (/api/admin/history)
  - name: Admin Assistants
    description: AI assistant management for admins (/api/admin/assistant)
  - name: Admin Questions
    description: Institution question and prompt management (/api/admin/question)
  - name: Admin Tools
    description: Tool configuration management (/api/admin/tool)
  - name: Admin AI Models
    description: AI model configuration (/api/admin/aimodel)
  - name: Admin MCP Servers
    description: Model Context Protocol server management (/api/admin/mcpserver)
  - name: Admin Feedbacks
    description: User feedback management (/api/admin/feedback)
  - name: Admin Uploads
    description: Upload management (/api/admin/upload)
  - name: Admin Charts
    description: Analytics and visualization chart management (/api/admin/chart)
  - name: Audio Notes
    description: Capture and ingest spoken notes into the personal vault
  - name: Memory
    description: User-facing memory parameters (personal + shared instance memory).
  - name: My Data
    description: >-
      GDPR controls — personal-scope counts, async ZIP-by-email export, and
      scoped soft-delete. Every endpoint pins `user = req.user._id` AND
      `institution: null`; institution-scoped data is governed by the
      institution's own retention policy and never reached from here.
  - name: Questions
    description: >-
      User-facing read of the onboarding question bank used by the "create a
      digital twin" wizard.
  - name: Transcription
    description: >-
      One-shot speech-to-text for in-place dictation. Audio blob in, transcript
      out — no Upload / History / RAG embeddings are persisted. Use
      `/audio-notes` for anything durable.
paths:
  /api/user/me:
    put:
      tags:
        - User
      summary: Update user profile or change password
      description: >
        Updates the current user's profile fields or changes the user's
        password. When `resetCodeId` is present in the request body, the
        endpoint operates in password-change mode and requires `password`
        (current) and `newPassword` fields. Otherwise, it updates profile fields
        validated against the authorized properties list (email, fname, lname,
        picture, remember_history_count, use_location, use_stt, dark_mode,
        pin_ui, showSideBar, galleryAsGrid, ragOnlySearch, ragIgnore,
        ragKagMode, browser_voice, browser_voices, mustChangePassword,
        updatePasswordOnSSO, rt_voice, gemini_rt_voice, xai_rt_voice,
        mfaEnabled). Any properties not in this list are rejected.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              oneOf:
                - title: Profile Update
                  type: object
                  description: >-
                    Any combination of authorized user properties. Only fields
                    from the authorized list are accepted.
                  properties:
                    email:
                      type: string
                      format: email
                      description: User email address
                    fname:
                      type: string
                      description: First name
                    lname:
                      type: string
                      description: Last name
                    picture:
                      type: string
                      description: Profile picture URL
                    remember_history_count:
                      type: integer
                      description: Number of history items to remember
                    use_location:
                      type: boolean
                      description: Whether to use location services
                    use_stt:
                      type: boolean
                      description: Whether speech-to-text is enabled
                    dark_mode:
                      type: boolean
                      description: Whether dark mode is enabled
                    pin_ui:
                      type: boolean
                      description: Whether the UI sidebar is pinned
                    showSideBar:
                      type: boolean
                      description: Whether to show the sidebar
                    galleryAsGrid:
                      type: boolean
                      description: Whether to display gallery as grid
                    ragIgnore:
                      type: boolean
                      description: >
                        Knowledge — retrieval mode (axis 1 of 2). When `true`,
                        retrieval is

                        skipped entirely and the LLM answers from its training
                        only.

                        Takes precedence over `ragKagMode` and `ragOnlySearch`.

                        Maps to the UI's "Disabled" Knowledge mode.
                    ragKagMode:
                      type: boolean
                      description: >
                        Knowledge — retrieval mode (axis 1 of 2). When `true`
                        AND retrieval

                        is on (`ragIgnore=false`) AND the user/institution is
                        KAG-eligible,

                        the knowledge-graph leg runs alongside the dense vector
                        leg and the

                        two are merged via Reciprocal Rank Fusion. NB. KAG is
                        always an

                        augmentation on top of RAG — there is no "KAG without
                        RAG" mode.

                        Maps to the UI's "RAG + KAG Fusion" Knowledge mode.

                        When `false` with `ragIgnore=false`, behaviour is "RAG
                        Only"

                        (dense vector retrieval only).
                    ragOnlySearch:
                      type: boolean
                      description: >
                        Knowledge — output mode (axis 2 of 2, orthogonal to
                        ragIgnore /

                        ragKagMode). When `true` AND retrieval is on, Pria
                        returns the

                        raw vault chunks ("Search Only") instead of an
                        LLM-rewritten

                        answer. Combinable with `ragKagMode` (graph chunks
                        included)

                        and with vanilla RAG. No effect when `ragIgnore=true`.

                        Knowledge mode combinations (frontend view):
                          • ragIgnore=true                                  → Disabled
                          • ragIgnore=false, ragKagMode=false, ragOnly=false → RAG Only
                          • ragIgnore=false, ragKagMode=true,  ragOnly=false → RAG + KAG Fusion
                          • ragIgnore=false, ragKagMode=false, ragOnly=true  → RAG Only + Search Only
                          • ragIgnore=false, ragKagMode=true,  ragOnly=true  → RAG + KAG Fusion + Search Only
                    browser_voice:
                      type: string
                      description: Selected browser voice for TTS
                    browser_voices:
                      type: array
                      items:
                        type: string
                      description: Available browser voices
                    mustChangePassword:
                      type: boolean
                      description: Whether user must change password on next login
                    updatePasswordOnSSO:
                      type: boolean
                      description: Reset password on SSO login
                    rt_voice:
                      type: string
                      description: Real-time voice selection (OpenAI Realtime)
                    gemini_rt_voice:
                      type: string
                      description: Real-time voice selection (Gemini Live)
                    xai_rt_voice:
                      type: string
                      description: Real-time voice selection (xAI Realtime)
                    mfaEnabled:
                      type: boolean
                      description: >-
                        Whether email multi-factor authentication is enabled for
                        this user
                - title: Password Change
                  type: object
                  required:
                    - resetCodeId
                    - password
                    - newPassword
                  properties:
                    resetCodeId:
                      type: string
                      description: >-
                        Reset code ID that must match the user's stored
                        resetCodeId to authorize the password change
                    password:
                      type: string
                      description: Current password for verification
                    newPassword:
                      type: string
                      minLength: 6
                      description: New password (must be at least 6 characters)
      responses:
        '200':
          description: Profile updated or password changed successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: true
                  message:
                    type: string
                    description: >-
                      Either 'Profile updated!' or 'Password Changes
                      Successfully'
        '400':
          description: >-
            Bad request - empty body, or missing/invalid newPassword during
            password change
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    description: >-
                      One of: 'Invalid properties', 'Please enter your existing
                      password', 'New password must be at least 6 alpha numeric
                      characters long'
        '401':
          description: Unauthorized - user not found or account deleted
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  error:
                    type: string
                    example: Authentication Required
        '403':
          description: >-
            Forbidden - invalid resetCodeId, wrong current password, or
            unauthorized properties in request body
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    description: >-
                      One of: 'Invalid or unauthorized change password request
                      (resetCodeId)', 'Password doesn't match with your current
                      value!', or 'Unauthorized properties detected: ...' when
                      body contains fields not in the authorized list
        '404':
          description: Not found - user record not found during update
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    description: >-
                      Either 'Not Found', 'User not found!', or 'Could not
                      update your profile! <error>'
      security:
        - apiKeyAuth: []
components:
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-access-token
      description: JWT token passed in x-access-token header

````