Attachment dowload authentication

I do have this option:

I've done some research and the endpoint you are using is found in some older Connect APIs, but it's not found in the official Confluence REST API documentation: https://developer.atlassian.com/cloud/confluence/rest/v2/intro/#about

Maybe this is why, when using a Scoped API, you don't have the necessary permissions available for it.

Also, as a sidenote, I suggest you switch to the endpoints used by the official REST API documentation, since Connect will be shut down in the near future: https://www.atlassian.com/blog/developer/announcing-connect-end-of-support-timeline-and-next-steps

I do not quite understand why the Connect stuff should matter here. I am using the official API to list the pages attachments:
The Confluence Cloud REST API

and then getting the link in "_links/download" and then appending it to the base url. 

As for authentication the docs also state that basic auth with the API token shall be supported:
https://developer.atlassian.com/cloud/confluence/security-overview/#scripts-and-other-rest-api-clients

Hi @blatzfab ! Sorry for the late reply.

Yes, you are using the official REST API only to list the pages attachments. Then, you should be using the "Get attachment by id" endpoint, instead of using the link found in "_links/download"

There is no documentation that goes to a such in-depth level, but my strong suspicion is that there is no granular permission for that "/download" endpoint, so this is why your implementation is not working with the granular API token.

Hey @Tudor Tofan ,

when I add logging to the requests library and inspecting the headers - yes they are base64 encoded. This is also completely reproducible with curl:

curl -s -o /tmp/FFF -L -w "%{http_code}\n" -u "MY-EMAIL:MY-SCOPED-TOKEN" \
"https://api.atlassian.com/ex/confluence/MY_CLOUD_ID/wiki/download/attachments/625121497/some_document.docx?version=1&modificationDate=1761906726977&cacheVersion=1&api=v2"

Scoped token does not work, classic token works.

Hi @blatzfab , please see my other comment. You are using a Confluence end point and Scoped API tokens do not have a Confluence option, per my screenshot above.

I am having the same issue as @blatzfab -- what I want to do is programmatically download the contents of the attachments. Your suggestion to use the "Get attachment by id" endpoint does not solve this. 

What I am experiencing is that I can use my credentials to use the Confluence endpoints just fine. I can get the content via page_id, get the list of attachments, etc. However, when attempting to programmatically download using the download links, I get a 401 error. 

This only started yesterday for me. Two days ago, it was fine. The same code allowed me to download the attachments. I'm using the same session with the same auth to do all of the calls. 

@Jensen Buck I get the utility of doing this programmatically.

Bulk actions is often why using the API. Earlier this year we release Attachment Manager. Without any programing or CQL knowledge you can bulk download, delete or move.

Thanks, but this doesn't help for my particular use case. 
Why did it stop working?
Why do I no longer see Confluence as an app to select when trying to create a scoped API token? (same as @Tudor Tofan )

@Jensen Buck @Stavros_Rougas_EasyApps @Tudor Tofan I solved it, forgot to send it though.

By using this endpoint:
<BASE_URL>/rest/api/content/<PAGE_ID>/child/attachment/<ATTACHMENT_ID>/download

it works now.