Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to Access Jira Attachment URLs Without Being Logged In

siddhesh B Lad
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 6, 2025

Hello Community,

I'm currently working on an application where I upload attachments to Jira issues using the Jira REST API. After the upload, I retrieve the issue details via the API, which includes the attachment URLs (e.g., https://your-domain.atlassian.net/secure/attachment/{id}/filename.pdf).

The issue I'm facing is:

  • When I try to access these attachment URLs directly via browser (or from a frontend app like Angular), I get a "Permission Denied" (403) error — unless I'm already logged in to Jira in that browser session.

  • This behavior occurs even though the attachments are correctly uploaded, and I have the correct URL returned from the Jira API.

My backend is built in ASP.NET Core Web API (C#), and the frontend is in Angular. I understand this is due to Jira's authentication mechanism, but I would like to know the recommended and secure way to access or expose these attachments to users via a web application.

💡 My Questions:

  1. Is there a best practice or officially recommended way to expose these attachments to frontend users who are not logged in to Jira?

  2. Is it acceptable to proxy the file through my backend (authenticated with API token), and serve it to the frontend?

  3. Is there a way to generate public or time-limited links to Jira attachments?

Any advice, architectural recommendations, or security best practices would be greatly appreciated.

Thank you!

1 answer

0 votes
Thorsten Letschert _Decadis AG_
Community Champion
August 7, 2025

Hey @siddhesh B Lad,

The only thing I'm aware of is using the recently introduced Attachment security options to enable anonymous downloading of attachments in customer notifications—see https://support.atlassian.com/jira-service-management-cloud/docs/set-up-how-your-customers-access-attachments/.

However, those links are generated notification-wise, and this feature is limited to paid Jira Service Management plans (Standard and above).

Regards,
Thorsten

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events