> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medisync.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Delete Medical Document

> Delete a document by its document ID

## Overview

Permanently deletes a document. The `id` in the path is the **document ID** (`Document._id`), not an appointment ID. The document must be owned by the authenticated doctor; a document that does not exist or is owned by someone else returns `404`.

<Warning>
  This action is irreversible. The file is removed from storage and the record is removed from the database.
</Warning>

<Info>
  This endpoint is plan-gated by the `documents.attach_additional` feature. Accounts whose plan does not include it receive `403 FEATURE_NOT_AVAILABLE`.
</Info>

## Authentication

<ParamField header="Authorization" type="string" required>
  Bearer token for authenticated access. The doctor's ID is extracted from the JWT token and used to scope ownership.

  ```
  Authorization: Bearer your_jwt_token_here
  ```
</ParamField>

## Path Parameters

<ParamField path="id" type="string" required>
  The document ID (`Document._id`, ObjectId) to delete. Must be owned by the authenticated doctor, otherwise a `404` is returned.
</ParamField>

## Response

<ResponseField name="success" type="boolean">
  Whether the deletion was successful
</ResponseField>

<ResponseField name="data" type="object">
  Empty object (`{}`) on successful deletion
</ResponseField>

<ResponseField name="error" type="string">
  Error message (only present when `success` is `false`)
</ResponseField>

## Example Request

<RequestExample>
  ```bash cURL theme={null}
  curl -X DELETE \
    'https://app.medisync.me/api/documents/66a3f1c2b8e4d21f9c0a7b31' \
    -H 'Authorization: Bearer your_jwt_token_here'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch(
    'https://app.medisync.me/api/documents/66a3f1c2b8e4d21f9c0a7b31',
    {
      method: 'DELETE',
      headers: { Authorization: 'Bearer your_jwt_token_here' },
    }
  );

  const result = await response.json();
  ```

  ```python Python theme={null}
  import requests

  response = requests.delete(
      'https://app.medisync.me/api/documents/66a3f1c2b8e4d21f9c0a7b31',
      headers={'Authorization': 'Bearer your_jwt_token_here'},
  )

  result = response.json()
  ```
</RequestExample>

## Example Response

<ResponseExample>
  ```json Success theme={null}
  {
    "success": true,
    "data": {}
  }
  ```
</ResponseExample>

## Error Responses

<ResponseExample>
  ```json 404 Document not found / not owned theme={null}
  {
    "success": false,
    "error": "Document not found for deletion"
  }
  ```

  ```json 400 Storage deletion failed theme={null}
  {
    "success": false,
    "error": "Error deleting document from storage"
  }
  ```

  ```json 400 Database deletion failed theme={null}
  {
    "success": false,
    "error": "Error deleting document from database"
  }
  ```

  ```json 403 Feature not in plan theme={null}
  {
    "success": false,
    "code": "FEATURE_NOT_AVAILABLE",
    "feature": "documents.attach_additional",
    "message": "This feature is not included in your current plan."
  }
  ```

  ```json 401 Unauthorized theme={null}
  {
    "success": false,
    "message": "Unauthorized"
  }
  ```
</ResponseExample>

## Behavior

* **Two-phase deletion**: the file is deleted from storage first, then the database record. If storage deletion fails, the database record is **not** removed and a `400` is returned.
