It used to be that attachments on private boards were publicly-accessible, as mentioned in previous threads like this one: https://community.atlassian.com/t5/Trello-questions/Attachments-in-Trello-are-public-or-private/qaq-p/990831
Our business built an app on top of the API that relies on these attachments (images, specifically) being publicly-accessible.
But now, it looks like these attachments now require the same permissions the boards themselves require. And, I've so far been unable to find anything in the API that would allow me to at least make these images accessibly via a proxy or any other means.
Does anyone know if this was intentional, if they plan on adding API access to attachments, or if there's any other way we can make attachments on private boards publicly-accessible?
After doing some digging on the developer community board, I see that requiring auth for private board attachments has been a planned change: https://trello.com/c/tnX5dhiI/87-updated-authenticated-access-to-s3?menu=filter&filter=s3
The solution is to add auth headers to your get request, like:
Authorization: OAuth oauth_consumer_key="<KEY>", oauth_token="<TOKEN>"
Because I don't want to expose my API credentials, I had to create an intermediate proxy service that attaches the auth headers and streams the results back.
I worked on the same yesterday. I create a file and make it accessible as a download which is the recommendation. You mention “stream” in your post, can you share how you did it? How would you handle the different media types and file types? Is the a generic binary object type I should use?
Thanks for sharing. I found out that there is type=stream for large files. Got it to work and I am able to get files downloaded. Will try with a pdf to see it will work.
I think the goal is to provide a url and and a zipfile of all the contents is made available. That seems to be the ease of sharing that is need. Best it can be provided as a service from Trello board.
I am trying to access a card's attachment vía API, but the following error shows "unauthorized permission requested".
I did all the instruction that is showed in this announcement: https://trello.com/c/tnX5dhiI/87-updated-authenticated-access-to-s3?menu=filter&filter=s3
The following URL is of the attachment I want to preview and where I put queries with API Key and Token access code.
I do not think the query parameters are wrong because I used it with the following HTTPS call to get card's attachments links and it worked:
¿What can be the problem?
Check out my previous answer
It’s not too difficult, I was just having a tough time finding info about the change.
Add the appropriate auth headers to the GET request, and you have your file.
If you need to hide your key/token, make the request server-side, then serve/stream the file back as the response.
Update: Here's a quick example written for NodeJS. I'm sure there are better ways of serving or streaming the file back to the viewer, but this at least illustrates the process: https://gist.github.com/bryanbuchanan/a14cf11853322a5d4219e98b044ea853
I am also trying to figure out how to deploy something like this.
Currently the best I can do is to send an url via email to the user (it a fake url so it will not work)
It works welcome with Chrome but Safari does not support the basic authentication.
Hidden behind the endpoint will be a server program that will gather all the attachments from a card and the user will be able to download them. Because it tricks a download it cannot be activated from Butler.
Congratulations to @Laura Holton , our latest winner of Taco Tuesday! And thanks to @Kristján Geir Mathiesen for sharing the picture of Taco having fun with his new friend B...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events