POST
/
expenses
/
{id}
/
attachments
# Upload a PDF invoice
curl -X POST "https://api.contazen.ro/v1/expenses/exp_abc123/attachments" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@invoice_001.pdf" \
  -F "description=Original supplier invoice"

# Upload an image receipt
curl -X POST "https://api.contazen.ro/v1/expenses/exp_abc123/attachments" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@receipt.jpg" \
  -F "description=Receipt photo"

{
  "success": true,
  "attachment": {
    "id": "att_def456",
    "filename": "invoice_001.pdf",
    "filesize": 245760,
    "description": "Original supplier invoice",
    "created_at": "2024-01-20 14:30:00",
    "download_url": "https://api.contazen.ro/v1/files/download/att_def456"
  },
  "message": "Attachment uploaded successfully"
}

Overview

The Upload Attachment endpoint allows you to attach a single file to an expense record. This is essential for maintaining proper documentation, compliance with tax regulations, and audit trails. Expenses support one attachment at a time - uploading a new file replaces the previous one.
Security Note: Files undergo multiple validation checks including MIME type verification and content validation to ensure security.
Each expense supports only one attachment. Uploading a new file will replace the existing attachment.

Path Parameters

id
string
required
The CzUid of the expense to attach the file to

Request Body

This endpoint uses multipart/form-data encoding for file uploads:
file
file
required
The file to upload. See supported file types below.

Supported File Types

Files are validated at multiple levels:
  1. Extension validation
  2. MIME type verification
  3. Content header validation (e.g., PDFs must start with %PDF)

File Size Limits

Response

attachment
object
Information about the uploaded attachment
message
string
Success message confirming the upload

File Storage and Security

Storage Location

Files are stored securely on the server with:
  • Organized structure: galleries/expenses/{firm_id}/{year}/{month}/
  • Unique filenames: Generated to prevent conflicts and enhance security
  • Access control: Only accessible to authorized users of the owning firm

Security Measures

  • File validation: Content type verification beyond extension checking
  • Virus scanning: Files may be scanned for malware (implementation dependent)
  • Access logging: Download access is logged for audit purposes
  • Firm isolation: Attachments are strictly isolated per firm

Integration with Expense Workflow

Automatic Attachment Detection

When retrieving expenses, attachments are automatically detected: 
{
  "expense": {
    "id": "exp_abc123",
    "attachment": {
      "url": "https://api.contazen.ro/v1/files/download/att_def456",
      "type": "pdf"
    }
  }
}

Document Management

Attachments become part of the expense’s permanent record:
  • Audit trail: Preserved for compliance and audit requirements
  • Version control: Multiple attachments can be added to an expense
  • Integration: Can be referenced in reports and exports

Common Use Cases

Invoice Documentation

// Upload invoice PDF for expense documentation
const uploadInvoice = async (expenseId, invoiceFile) => {
  const formData = new FormData();
  formData.append('file', invoiceFile);
  formData.append('description', 'Original supplier invoice');
  
  const response = await uploadAttachment(expenseId, formData);
  return response.attachment;
};

Receipt Management

// Upload receipt photo from mobile app
const uploadReceipt = async (expenseId, receiptPhoto) => {
  const formData = new FormData();
  formData.append('file', receiptPhoto);
  formData.append('description', 'Receipt photo taken on mobile');
  
  return await uploadAttachment(expenseId, formData);
};

Supporting Documentation

// Upload additional supporting documents
const uploadSupporting = async (expenseId, documents) => {
  const attachments = [];
  
  for (const doc of documents) {
    const formData = new FormData();
    formData.append('file', doc.file);
    formData.append('description', doc.description);
    
    const attachment = await uploadAttachment(expenseId, formData);
    attachments.push(attachment);
  }
  
  return attachments;
};

# Upload a PDF invoice
curl -X POST "https://api.contazen.ro/v1/expenses/exp_abc123/attachments" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@invoice_001.pdf" \
  -F "description=Original supplier invoice"

# Upload an image receipt
curl -X POST "https://api.contazen.ro/v1/expenses/exp_abc123/attachments" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@receipt.jpg" \
  -F "description=Receipt photo"

{
  "success": true,
  "attachment": {
    "id": "att_def456",
    "filename": "invoice_001.pdf",
    "filesize": 245760,
    "description": "Original supplier invoice",
    "created_at": "2024-01-20 14:30:00",
    "download_url": "https://api.contazen.ro/v1/files/download/att_def456"
  },
  "message": "Attachment uploaded successfully"
}

Best Practices

File Organization

  1. Naming conventions: Use descriptive filenames that identify the expense
  2. File types: Prefer PDF for official documents, JPEG/PNG for photos
  3. File sizes: Optimize images to reduce file size while maintaining readability
  4. Descriptions: Always include meaningful descriptions for better organization

Upload Workflow

  1. Validation: Check file type and size before uploading
  2. Progress indicators: Show upload progress for large files
  3. Error handling: Implement proper error handling and user feedback
  4. Backup strategy: Consider keeping local copies of important documents

Security Considerations

  1. File scanning: Scan uploaded files for malware before processing
  2. Access control: Ensure only authorized users can upload attachments
  3. Data privacy: Be mindful of sensitive information in uploaded files
  4. Retention policies: Establish policies for how long attachments are kept

Integration Tips

  1. Bulk uploads: For multiple files, upload them sequentially to avoid overwhelming the server
  2. Mobile optimization: Optimize upload process for mobile devices with potentially slower connections
  3. Automated uploads: Consider automated workflows that upload documents from email or document management systems
  4. Thumbnail generation: For images, consider generating thumbnails for better UI experience

Authorizations

Authorization
string
header
required

Use your API key (sk_live_xxx or sk_test_xxx)

Path Parameters

id
string
required

Expense CzUid

Body

multipart/form-data
file
file
required

PDF or image file (max 10MB)

Response

Attachment uploaded successfully

success
boolean
data
object
meta
object