The file is streamed directly through the GraphQL mutation using the Upload scalar type, following the GraphQL multipart request specification.
UploadFileToEntity
Quick Links
Accounts Accounting Entries Products Customers Sales quotes Sales invoices Suppliers Purchase invoices| HTTP | Operation | Type | Object | DTO Why-DTOs? |
|---|---|---|---|---|
| (Mutation Why 200?) | uploadFileToEntity |
UploadFileInput |
Description
The UploadFileToEntity mutation allows you to directly upload a file and associate it with a business entity such as a Customer, Supplier, or AccountingEntry.
Required Parameters
You must provide the following information:
- file: Must be set to
nullin the GraphQL variables (GraphQLUploadscalar).
The actual file content is sent separately using themultipart/form-dataprotocol according to the GraphQL multipart request specification. - entityType: The business entity to associate the file with.
- entityId: The ID of the record within that entity.
- fileName: (Optional) Allows assigning a more explicit or meaningful name to the uploaded file than its original filename.
- businessDate: (Optional) A business-relevant date associated with the file.
- comment: (Optional) Description or note.
Upload logic and multipart structure
The UploadFileToEntity mutation expects the file to be sent using the GraphQL multipart request specification, which is supported by HotChocolate.
In this approach, the mutation input includes a file field set to null, and the actual file content is passed separately using the multipart/form-data protocol.
The structure of the request includes three main parts:
- operations: a JSON string containing the GraphQL query and variables, where the file field is set to
null. - map: a JSON string linking the uploaded file to the correct variable path in the query (e.g.
"0": ["variables.input.file"]). - file: the actual file data, associated with the key defined in the map (e.g.
0).
This allows the server to inject the file stream into the mutation input at runtime, making it available as a stream on the backend for processing.
An additional HTTP header GraphQL-preflight: 1 is required when uploading a file.
This header is mandatory for security reasons and must be included in your multipart upload requests.
Header
| Key | Value |
|---|---|
Authorization |
Bearer Current access Token How to find? |
X-TenantId |
Current tenant id Why deprecated ? |
X-OrganizationId |
Current organization Id How to find? |
x-api-key |
Primary or secondary subscription key of your app How to find? |
GraphQL-preflight ⚠️ |
1 |
How to upload a pdf file to an accountingEntry ?
GraphQL Mutation
mutation($input: UploadFileInput!) {
uploadFileToEntity(input: $input)
{
id
}
}
GraphQL Variables (in operations)
{
"input": {
"file": null,
"entityType": "ACCOUNTING_ENTRY",
"entityId": "8b21a143-4d9c-41ea-b1dc-1cf9d91a72f1",
"fileName": "invoice-q1",
"businessDate": "2025-04-04",
"comment": "Invoice for Q1"
}
}
File Binding Map (in map)
{
"0": ["variables.input.file"]
}
File Part (in the multipart request)
The actual file is sent in the multipart body as a separate part, using the key 0 (as referenced in the map):
--boundary
Content-Disposition: form-data; name="0"; filename="invoice-q1.pdf"
Content-Type: application/pdf
(binary file content here)
--boundary--
Most GraphQL clients (like Postman, Insomnia, or Apollo Upload Client) handle this automatically when using the Upload scalar. Just make sure:
- the field is named
0, - the file is selected in the form-data body,
- and the
mapandoperationsfields are correctly provided.
Example Response
{
"data": {
"uploadFileToEntity": {
"id": "98f7adc7dd104cd984f9c113ef9a8e54.pdf"
}
}
}
How to test an upload with Postman ?
In Postman, uploading a file via GraphQL requires setting a multipart/form-data request, adding the GraphQL-preflight: 1 header, and correctly populating the operations, map, and file parts of the request.
Steps:
- In Postman, open the Headers tab.
- Add the usual authentication headers required for any API call:
- Authorization:
Bearer {Current access Token} - X-TenantId:
{Current tenant id} - X-OrganizationId:
{Current organization id} - x-api-key:
{Primary or secondary subscription key}
- Authorization:
- Add an additional header specifically required for uploads:
- Key:
GraphQL-preflight - Value:
1
- Key:
- In the Body tab, select form-data.
-
Set the following three key/value pairs:
Key Type Value / Example operations Text GraphQL mutation + variables, with file: null(see example below)map Text { "0": ["variables.input.file"] }0 File The actual file to upload (e.g., invoice-q1.pdf)
-
operations:
A JSON string containing the GraphQL mutation and its variables, as in the following example.
The file field must be set tonullin the variables.{ "query": "mutation($input: UploadFileInput!) { uploadFileToEntity(input: $input){id}}", "variables": { "input": { "file": null, "entityType": "Customer", "entityId": "8b21a143-4d9c-41ea-b1dc-1cf9d91a72f1", "fileName": "invoice-q1", "businessDate": "2025-04-04", "comment": "Customer invoice Q1" } } } -
map:
A JSON string mapping the uploaded file (index0) to the GraphQL variable path:{ "0": ["variables.input.file"] } -
0:
The actual file upload. As the key, use0(matching the map).
Select type File and upload your PDF, image, or other supported file.
Make sure that:
- Content-Type is correctly set to multipart/form-data (Postman does this automatically when using form-data body type).
- The key for the file (e.g.,
0) matches exactly the one referenced in themap. - Without the
GraphQL-preflight: 1header, the server will reject the upload request.
UploadFileInput Input Parameters
| Fields | Type | Description | Length |
|---|---|---|---|
| file | Upload | Must be set to null |
|
| entityType |
|
Type of business entity (e.g., Customer, Supplier, etc.) | |
| entityId | UUID | ID of the target entity record | |
| fileName | String | Display name to assign to the uploaded file | 100 |
| businessDate | DateTime | Relevant date associated with the file | |
| comment | String (Optional) | Optional text or description | 255 |
Info
-
file: This field must be included in the GraphQL variables but always set to
null.
The actual file content is not sent as part of the JSON payload.
Instead, it is transmitted separately using themultipart/form-dataprotocol, following the GraphQL multipart request specification.
The server automatically binds the uploaded file to this field at runtime based on the mapping defined in themapsection of the multipart request. -
entityType: The value is an enum that indicates the type of business entity (for example,
Customer,Supplier, etc.).CUSTOMER: Represents a customer entity.SUPPLIER: Represents a supplier entity.- …
AP_AUTOMATION: (Accounts Payable Automation) Represents the automated process of accounts payable. A purchase invoice is automatically created based on the analysis of an uploaded PDF through OCR.
The invoice will then be available in the Purchase Invoices module, where it can be manually posted to generate the accounting entries and enable payment tracking. More details: Upload File to Ap Automation
-
entityId: (Required except for specific cases such as
AP_AUTOMATION) The ID of the target entity record to which the file will be attached.
For example, if entityType =CUSTOMER, then entityId must contain the ID of the customer the file should be linked to.
This ensures the uploaded document is correctly associated with the corresponding business record. - fileName: (Optional) Defines the display name of the uploaded file.
- It can be used to assign a clearer or more descriptive name than the original filename.
- If provided with an extension, the extension will be automatically removed.
- If not provided, it defaults to the original file name without its extension.
- The file extension is automatically stored in the type field.
- businessDate: (Optional) Represents the business-relevant date associated with the uploaded file.
It can be used to override the automatic date detection and set a specific business date.
For example, if the file upload date is January 15 but the invoice actually refers to January 3, you can manually set businessDate to2025-01-03.
If not provided, the businessDate will automatically default to the file’s upload date.
uploadFileToEntity Response
Returns a String containing the unique ID of the uploaded file.
This ID includes the original file extension.
| Fields | Type | Description |
|---|---|---|
| id | String | File identifier (e.g., "98f7adc7dd104cd984f9c113ef9a8e54.pdf") |
Example Response
{
"data": {
"uploadFileToEntity": {
"id": "98f7adc7dd104cd984f9c113ef9a8e54.pdf"
}
}
}
Errors depending on the uploaded file
- For
businessErrormessages, you can use localizedErrorMessage to resolve the associated label in the desired language. - Be aware that for uploads in the context of AP_Automation, you should refer to the specific errors associated with that workflow.
| Error Code | HTTP | Description |
|---|---|---|
global.businessErrors.files_fileTypeNotAllowed |
200 | Returned when the uploaded file has a format or extension that is not permitted.
|
global.businessErrors.files_fileTooLargeOrEmpty |
200 | Returned when the uploaded file is empty or exceeds the maximum allowed size of 20 MB. |
global.businessErrors.files_fileUploadError |
200 | Returned when the file could not be uploaded due to an unexpected internal error. |
global.businessErrors.files_importServiceFailure |
200 | Returned when the Import Service fails to process the uploaded file. |
global.businessErrors.files_unknownError |
200 | Returned when an unexpected error occurred during file upload or processing. |
How to verify that a file was successfully uploaded
File uploads are processed asynchronously.
After the upload request is received, the file is placed in a queue for antivirus scanning to ensure it is not infected.
A file passes through several status values during this process:
| Status | Description |
|---|---|
| Pending | Upload in progress |
| ToCheck | File ready to be submitted to the antivirus solution |
| Done | File is safe and has been stored |
| Rejected | File is infected and was not stored |
To check the status of a file, use the files query, filtering by the file id, and check the value of the status field.
- If status is
PendingorToCheck, processing is still in progress. - When status is
Done, the file has been successfully uploaded and is available. - If status is
Rejected, the file was not stored due to infection.
GraphQL Query Example (filtering by file ID)
query {
files(
where: {
id: { eq: "98f7adc7dd104cd984f9c113ef9a8e54.pdf" }
}
) {
edges {
node {
fileName
status
}
}
}
}
Example Response
{
"data": {
"files": {
"edges": [
{
"node": {
"fileName": "invoice-q1",
"status": "Done"
}
}
]
}
}
}
By default, the files operation automatically filters out files whose status is not Done, so that only accessible files are returned.
The only exception is when filtering by id, in which case this automatic filter is not applied, allowing you to check the status of an uploaded file.