> ## Documentation Index
> Fetch the complete documentation index at: https://docs.auditynow.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Partially update a project

> Updates an allowlisted subset of project fields. At least one allowed field must be present in the body. Project status, ownership, and credits are NOT updatable via this endpoint.

**Allowed fields:** `clientName`, `industry`, `companySize`, `description`, `currency`.

**Validation:**
- `description` must be a string when present and is capped at 5,000 characters.
- An empty body (no allowed fields) returns 400 `EMPTY_PATCH`.
- A non-string `description` returns 400 `INVALID_DESCRIPTION_TYPE`.
- A `description` over 5,000 chars returns 400 `DESCRIPTION_TOO_LONG`.

Returns the updated project (camelCase, same shape as `Project`). Returns 404 if the project does not exist or does not belong to the caller.

**Requires:** an audit-capable write plan, AND a PAT carrying the `write` scope (PATs only). Browser sessions implicitly have all scopes.



## OpenAPI

````yaml /api-reference/openapi.json patch /api/projects/{id}
openapi: 3.1.0
info:
  title: Audity Agent API
  version: 1.0.0
  summary: >-
    The agent-facing surface of Audity AI: projects, leads, Nucleus, and
    account.
  description: >-
    Audity is a B2B SaaS for consultants who run automated business audits. This
    API is the agent-facing slice: a deliberately small set of task-shaped
    endpoints that lets external AI agents (Claude, ChatGPT, Cursor, n8n) act on
    a consultant's Audity workspace on their behalf.


    **Authentication:** Bearer token (`aky_...`) issued from
    `https://app.auditynow.com/dashboard/settings/api-tokens`. The middleware
    resolves the token to a Clerk user identity; tier and Row-Level Security
    gates apply automatically.


    **Rate limits:** reads 100/min, writes 20/min, async job polling 120/min;
    some expensive or high-volume endpoints have stricter caps. 429 responses
    include `Retry-After`.


    **Tier gating:** public plan names can change faster than API enum names.
    Use `GET /api/user/tier` and any `requiredTier` field in 403 responses as
    the source of truth for a specific account. Read-only or
    lead-generation-focused plans can read available data; audit-capable paid
    plans unlock writes, subject to token scope and credits.
  contact:
    name: Audity Support
    email: support@auditynow.com
    url: https://app.auditynow.com
  license:
    name: Proprietary
    identifier: LicenseRef-Audity-Proprietary
  termsOfService: https://auditynow.com/terms
servers:
  - url: https://app.auditynow.com
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Projects
    description: >-
      Audit project lifecycle, create, list, fetch, trigger analysis, get
      deliverables.
  - name: Leads
    description: ReadyLink-sourced leads, list, fetch, convert into projects.
  - name: Nucleus
    description: >-
      Nucleus is Audity's persistent memory + insight layer. Search memories,
      capture notes, read proactive insights, manage contacts.
  - name: Account
    description: Identity, tier, credits, usually called once per session for context.
  - name: ReadyLinks
    description: >-
      Manage ReadyLinks, the survey distribution links that generate leads. CRUD
      operations for links, customization, lead tracking.
  - name: Assessment Configs
    description: >-
      Manage assessment configurations that define survey questions, order,
      scoring, and customization.
  - name: Jobs
    description: >-
      Monitor async job status for long-running operations like audit analysis
      synthesis.
paths:
  /api/projects/{id}:
    parameters:
      - $ref: '#/components/parameters/ProjectId'
    patch:
      tags:
        - Projects
      summary: Partially update a project
      description: >-
        Updates an allowlisted subset of project fields. At least one allowed
        field must be present in the body. Project status, ownership, and
        credits are NOT updatable via this endpoint.


        **Allowed fields:** `clientName`, `industry`, `companySize`,
        `description`, `currency`.


        **Validation:**

        - `description` must be a string when present and is capped at 5,000
        characters.

        - An empty body (no allowed fields) returns 400 `EMPTY_PATCH`.

        - A non-string `description` returns 400 `INVALID_DESCRIPTION_TYPE`.

        - A `description` over 5,000 chars returns 400 `DESCRIPTION_TOO_LONG`.


        Returns the updated project (camelCase, same shape as `Project`).
        Returns 404 if the project does not exist or does not belong to the
        caller.


        **Requires:** an audit-capable write plan, AND a PAT carrying the
        `write` scope (PATs only). Browser sessions implicitly have all scopes.
      operationId: patchProject
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PatchProjectInput'
            example:
              description: >-
                Mid-market manufacturer evaluating AI transformation readiness.
                Updated after intake call.
              companySize: 500-1000
      responses:
        '200':
          description: Project updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Project'
        '400':
          description: >-
            Validation failed. The `code` field disambiguates: `EMPTY_PATCH`,
            `INVALID_DESCRIPTION_TYPE`, `DESCRIPTION_TOO_LONG`.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorWithCode'
              examples:
                emptyPatch:
                  value:
                    error: At least one field must be provided
                    code: EMPTY_PATCH
                descriptionTooLong:
                  value:
                    error: Description exceeds maximum length (5000 chars)
                    code: DESCRIPTION_TOO_LONG
                invalidDescriptionType:
                  value:
                    error: description must be a string
                    code: INVALID_DESCRIPTION_TYPE
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/InsufficientCreditsOrTier'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  parameters:
    ProjectId:
      name: id
      in: path
      required: true
      description: The project's UUID.
      schema:
        type: string
        format: uuid
  schemas:
    PatchProjectInput:
      type: object
      description: >-
        All fields optional. At least ONE must be present, an empty body returns
        400 EMPTY_PATCH. Status, ownership, and credits are not updatable here.
      properties:
        clientName:
          type: string
          minLength: 1
          maxLength: 200
        industry:
          type: string
          minLength: 1
          maxLength: 100
        companySize:
          type: string
          maxLength: 50
        description:
          type: string
          maxLength: 5000
          description: >-
            Up to 5000 characters. Non-string values return 400
            INVALID_DESCRIPTION_TYPE.
        currency:
          type: string
          minLength: 3
          maxLength: 3
          description: ISO 4217 currency code.
      additionalProperties: false
    Project:
      type: object
      properties:
        id:
          type: string
          format: uuid
        clientName:
          type: string
        industry:
          type: string
        companySize:
          type: string
        description:
          type:
            - string
            - 'null'
        currency:
          type: string
        status:
          $ref: '#/components/schemas/ProjectStatus'
        createdAt:
          type: string
          format: date-time
        updatedAt:
          type: string
          format: date-time
      required:
        - id
        - clientName
        - industry
        - companySize
        - status
        - createdAt
    ErrorWithCode:
      type: object
      description: >-
        Error response with an optional stable `code` field. When present,
        branch on `code` (the human-readable `error` may change). Some 403/400
        responses omit `code` (e.g. generic feature-disabled gates).
      properties:
        error:
          type: string
          description: Human-readable error message.
        code:
          type: string
          description: >-
            Stable error code, when applicable. Examples: `EMPTY_PATCH`,
            `INVALID_DESCRIPTION_TYPE`, `DESCRIPTION_TOO_LONG`, `PAT_MALFORMED`,
            `PAT_ROUTE_NOT_ALLOWED`, `PAT_NOT_SUPPORTED_FOR_ENDPOINT`,
            `PAT_SCOPE_INSUFFICIENT`, `PAT_DISABLED`.
      required:
        - error
    ProjectStatus:
      type: string
      enum:
        - setup
        - analysis
        - interviews
        - complete
        - archived
      description: Lifecycle state of an audit project.
    Error:
      type: object
      properties:
        error:
          type: string
          description: Human-readable error message.
        details:
          type: string
          description: Additional context (development only).
      required:
        - error
    TierError:
      type: object
      properties:
        error:
          type: string
        currentTier:
          type: string
          enum:
            - solo
            - starter
            - growth
            - agency
        requiredTier:
          type: string
          enum:
            - solo
            - starter
            - growth
            - agency
        upgradeUrl:
          type: string
          format: uri
      required:
        - error
  responses:
    Unauthorized:
      description: Missing or invalid token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Unauthorized
    InsufficientCreditsOrTier:
      description: Either you're out of credits or your tier doesn't include this feature.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TierError'
          example:
            error: Feature not available on your tier
            currentTier: solo
            requiredTier: starter
            upgradeUrl: https://app.auditynow.com/billing/upgrade
    NotFound:
      description: Resource not found, or you don't have access (RLS).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: Audity Personal Access Token (aky_...)
      description: >-
        A Personal Access Token issued from
        https://app.auditynow.com/dashboard/settings/api-tokens. Format:
        `aky_<32 random chars>`.

````