Delete File

DELETE/api/v1/users/me/files/:id

Soft-deletes an attachment the patient uploaded. The DB row is retained (isDeleted = true), the bucket object is retained, and a CaseActivity row of type DELETE_ATTACHMENT is recorded.

cv-api-key + Bearer accessToken

Productionhttps://api.care360-next.carevalidate.com/api/v1/users/me/files/{id}

Staginghttps://api-staging.care360-next.carevalidate.com/api/v1/users/me/files/{id}

note

This is a soft delete. The bucket object is not removed; the DB row is flagged isDeleted = true and excluded from all subsequent reads. A CaseActivity row of type DELETE_ATTACHMENT is written with the patient as actorId — visible to staff via the case activity feed.

Headers

Headers

cv-api-keystringrequired

Your unique API key for authentication.

Authorizationstringrequired

Bearer access token from /verify-otp.

Path Parameters

Path Parameters

idstringrequired

Attachment UUID.

Behavior

The handler returns 404 VALIDATION_ERROR "File not found" if any of the following is true:

• Not found, or already isDeleted === true.
• case.submitterId !== userId (not the patient's case).
• case.organizationId !== organizationId (wrong tenant).
• uploadedById !== userId — patients can only delete attachments they uploaded.

After a successful delete, the row no longer appears on GET /me/files, :id/metadata, :id/download, or repeat DELETE — they all surface 404 VALIDATION_ERROR.

Example Request

cURL

curl -X DELETE '<BASE_URL>/api/v1/users/me/files/<id>' \
-H 'cv-api-key: <redacted>' \
-H 'Authorization: Bearer <accessToken>'

JavaScript

const response = await fetch(
'<BASE_URL>/api/v1/users/me/files/<id>',
{
  method: 'DELETE',
  headers: {
    'cv-api-key': '<redacted>',
    'Authorization': 'Bearer <accessToken>',
  },
}
);
const data = await response.json();
console.log(data);

Python

import requests

response = requests.delete(
  '<BASE_URL>/api/v1/users/me/files/<id>',
  headers={
      'cv-api-key': '<redacted>',
      'Authorization': 'Bearer <accessToken>',
  },
)
print(response.json())

Responses

▶200Success

{
  "status": 200,
  "success": true,
  "message": "File deleted successfully"
}

▶400Validation errorcv-api-key missing or id not a UUID.

{
  "status": 400,
  "success": false,
  "error": "Validation failed",
  "code": "VALIDATION_ERROR"
}

▶401Authentication failure

{
  "status": 401,
  "success": false,
  "error": "Invalid or expired token",
  "code": "VALIDATION_ERROR"
}

▶404File not foundUniform across not-found, soft-deleted, wrong-owner, wrong-tenant, or wrong-uploader.

{
  "status": 404,
  "success": false,
  "error": "File not found",
  "code": "VALIDATION_ERROR"
}

Try It Out

Try itAPI Playground

▶