# Upload a file for a debit memo Note: This operation is only available if you have Invoice Settlement enabled. The Invoice Settlement feature is generally available as of Zuora Billing Release 296 (March 2021). This feature includes Unapplied Payments, Credit and Debit Memo, and Invoice Item Settlement. If you want to enable Invoice Settlement, see Invoice Settlement Enablement and Checklist Guide for more information. Uploads an externally generated PDF file for a debit memo that is in Draft or Posted status. To use this operation, you must enable the Modify Debit Memo permission. See Billing Permissions for more information. This operation has the following restrictions: - Only the PDF file format is supported. - The maximum size of the PDF file to upload is 4 MB. - A maximum of 50 PDF files can be uploaded for one debit memo. Endpoint: POST /v1/debit-memos/{debitMemoKey}/files Version: 2026-02-20 Security: bearerAuth ## Header parameters: - `Idempotency-Key` (string) Specify a unique idempotency key if you want to perform an idempotent POST or PATCH request. Do not use this header in other request types. With this header specified, the Zuora server can identify subsequent retries of the same request using this value, which prevents the same operation from being performed multiple times by accident. - `Accept-Encoding` (string) Include the Accept-Encoding: gzip header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a Content-Encoding header with the compression algorithm so that your client can decompress it. - `Content-Encoding` (string) Include the Content-Encoding: gzip header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload. - `Zuora-Entity-Ids` (string) An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you should not set this header. - `Zuora-Org-Ids` (string) Comma separated IDs. If you have Zuora Multi-Org enabled, you can use this header to specify which orgs to perform the operation in. If you do not have Zuora Multi-Org enabled, you should not set this header. The IDs must be a sub-set of the user's accessible orgs. If you specify an org that the user does not have access to, the operation fails. This header is important in Multi-Org (MO) setups because it defines the organization context under which the API should operate—mainly used for read access or data visibility filtering. If the header is not set, the operation is performed in scope of the user's accessible orgs. - `Zuora-Track-Id` (string) A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue. The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (:), semicolon (;), double quote ("), and quote ('). - `Zuora-Version` (string) The minor API version. For a list of available minor versions, see API upgrades. ## Path parameters: - `debitMemoKey` (string, required) The ID or number of the debit memo that you want to upload a PDF file for. For example, 402890555a87d7f5015a8919e4fe002e or DM00000001. ## Request fields (multipart/form-data): - `file` (string) The PDF file to upload for the debit memo. ## Response 200 fields (application/json): - `fileId` (string) The unique ID of the uploaded PDF file. - `success` (boolean) Indicates whether the call succeeded. ## Response 500 fields (application/json): - `reasons` (array) Example: [{"code":"ObjectNotFound","message":"Notification definition with id 6e569e1e05f040eda51a927b140c0ac1 does not exist"}] - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response ## Response 4XX fields (application/json): - `processId` (string) The ID of the process that handles the operation. - `reasons` (array) The container of the error code and message. This field is available only if the success field is false. - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response - `requestId` (string) Unique identifier of the request. - `success` (boolean) Indicates whether the call succeeded.