> ## Documentation Index
> Fetch the complete documentation index at: https://docs.aiinsurance.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Submission

> Updates a Field Model V1 submission. The request body is a flat JSON
object where keys are field `referenceId`s. Fields not included in the
request are preserved — this is a **merge**, not a full replacement.

**Lifecycle fields** (`submissionStatus`, `submissionNumber`,
`submissionName`, `submissionPrimaryInsured`, `submissionBoundDate`,
`submissionQuotes`) are system-managed and will be rejected with a
400 error if included in the request body.

**Required permission:** `company.quote:update`

> Note: Uses `company.quote:update` because `company.submission:update`
> does not exist yet.




## OpenAPI

````yaml /openapi/generated-external-api.yaml put /api/v1/external/companies/{companyId}/submissions/{submissionId}
openapi: 3.0.3
info:
  title: AI Insurance External API
  description: External API for AI Insurance platform
  version: 1.0.0
  contact:
    email: support@aiinsurance.io
servers:
  - url: https://app.aiinsurance.io
    description: Production
security:
  - ApiKeyAuth: []
paths:
  /api/v1/external/companies/{companyId}/submissions/{submissionId}:
    put:
      tags:
        - Field Model Submissions
      summary: Update Submission
      description: |
        Updates a Field Model V1 submission. The request body is a flat JSON
        object where keys are field `referenceId`s. Fields not included in the
        request are preserved — this is a **merge**, not a full replacement.

        **Lifecycle fields** (`submissionStatus`, `submissionNumber`,
        `submissionName`, `submissionPrimaryInsured`, `submissionBoundDate`,
        `submissionQuotes`) are system-managed and will be rejected with a
        400 error if included in the request body.

        **Required permission:** `company.quote:update`

        > Note: Uses `company.quote:update` because `company.submission:update`
        > does not exist yet.
      operationId: updateSubmissionV1
      parameters:
        - $ref: '#/components/parameters/companyId'
        - name: submissionId
          in: path
          required: true
          schema:
            type: string
            format: uuid
          description: Submission identifier
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
              description: Submission field data to update (keys are field referenceIds)
            examples:
              updateFields:
                summary: Update submission data
                value:
                  submissionName: Acme Corp Renewal
      responses:
        '200':
          description: Submission updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SubmissionV1Response'
              examples:
                success:
                  summary: Updated submission
                  value:
                    id: 550e8400-e29b-41d4-a716-446655440010
                    companyId: 550e8400-e29b-41d4-a716-446655440000
                    fieldModelV1Data:
                      submissionNumber: SUB-2025-001
                      submissionName: Acme Corp Renewal
                      submissionType: newBusiness
                      submissionStatus: quoteInProgress
                      submissionPrimaryInsured: Acme Corp
                      submissionQuotes:
                        - 550e8400-e29b-41d4-a716-446655440001
                    createdAt: '2025-01-15T10:30:00.000Z'
                    createdBy: google-oauth2|123456789
                    updatedAt: '2025-01-20T14:00:00.000Z'
                    updatedBy: null
        '400':
          description: Bad Request — validation error or lifecycle fields included
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                lifecycleField:
                  summary: Lifecycle field rejected
                  value:
                    error:
                      code: VALIDATION_ERROR
                      message: >-
                        Lifecycle fields cannot be set on update:
                        submissionStatus
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          description: Submission not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                submissionNotFound:
                  summary: Submission not found
                  value:
                    error:
                      code: NOT_FOUND
                      message: Submission not found
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  parameters:
    companyId:
      name: companyId
      in: path
      required: true
      schema:
        type: string
        format: uuid
      description: Company identifier
  schemas:
    SubmissionV1Response:
      type: object
      description: A Field Model V1 submission with custom field data.
      required:
        - id
        - companyId
        - fieldModelV1Data
        - createdAt
      properties:
        id:
          type: string
          format: uuid
          description: Submission identifier
        companyId:
          type: string
          format: uuid
          description: Company identifier
        fieldModelV1Data:
          type: object
          additionalProperties: true
          description: |
            Submission-level custom field data. Keys are field `referenceId`s
            defined in the company's field configuration. Includes lifecycle
            fields (`submissionStatus`, `submissionType`, `submissionNumber`,
            `submissionName`, `submissionPrimaryInsured`, `submissionBoundDate`,
            `submissionQuotes`) which are read-only and system-managed.
        createdAt:
          type: string
          format: date-time
          description: When the submission was created
        createdBy:
          type: string
          nullable: true
          description: User ID who created the submission
        updatedAt:
          type: string
          format: date-time
          nullable: true
          description: When the submission was last updated
        updatedBy:
          type: string
          nullable: true
          description: User ID who last updated the submission
    ErrorResponse:
      type: object
      description: Standard error response for all external API endpoints
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
              description: Machine-readable error code
              example: VALIDATION_ERROR
            message:
              type: string
              description: Human-readable error message
              example: 'submissionId: Required field is missing'
            details:
              type: array
              description: Additional details for validation errors (field-level errors)
              items:
                type: object
                properties:
                  field:
                    type: string
                    description: The field that caused the error
                    example: submissionId
                  message:
                    type: string
                    description: Description of the field error
                    example: Required field is missing
  responses:
    Unauthorized:
      description: Unauthorized - Invalid or missing API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            missingApiKey:
              summary: Missing API key
              value:
                error:
                  code: UNAUTHORIZED
                  message: Authorization header is required
            bearerTokenNotAllowed:
              summary: Bearer token used instead of API key
              value:
                error:
                  code: UNAUTHORIZED
                  message: External API endpoints require API key authentication
    Forbidden:
      description: Forbidden - Insufficient permissions
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            insufficientPermissions:
              summary: Insufficient permissions
              value:
                error:
                  code: FORBIDDEN
                  message: Insufficient permissions to perform this action
    InternalServerError:
      description: Internal Server Error - Unexpected error occurred
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            internalError:
              summary: Unexpected server error
              value:
                error:
                  code: INTERNAL_ERROR
                  message: An unexpected error occurred. Please try again later.
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        API key authentication. Include your API key in the Authorization
        header.

````