Trouble Authorizing API Request to Download Attachment

Rob Banning
Contributor
November 2, 2024

I have read a number of threads on downloading attachments using the API, including the "Update: Authenticated Access to S3," but have not been able to download an attachment successfully.

 

I am using Postman for my testing and the following URL to get the download:

https://api.trello.com/1/cards/{{trello_card_id}}/attachments/{{trello_attachment_id}}/download/{{trello_attachment_filename}}

I have added the following header:

Authorization: OAuth oauth_customer_key="{{trello_api_key}}", oauth_token="{{trello_api_token}}"

I am getting a 401 Unauthorized response with a text message of "invalid app key"

I have checked the console to verify that the request is accurately formatted (or at least looks ok)

GET https://api.trello.com/1/cards/5e9***a2c/attachments/672***79a/download/koala.png

Request Headers:
Authorization: OAuth oauth_customer_key="e5a***974", oauth_token="ATT***BEB"

I have confirmed that the {{trello_card_id}} and {{trello_attachment_id}} as well as {{trello_api_key}} and {{trello_api_token}} are accurate by successfully requesting...

https://api.trello.com/1/cards/{{trello_card_id}}/attachments/{{trello_attachment_id}}?key={{trello_api_key}}&token={{trello_api_token}}

 

NOTE: I am using a manually generated token.  I have tried creating a new API key and associated manual token, but with the same results.

I am sure I have a typo or missed something from the instructions.  Any suggestions/help is greatly appreciated!!!

Thank You.

ROB

 

 

 

2 answers

0 votes
Rasmus Wulff Jensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 2, 2024

If you are using C# This can be used without needing to write the API code yourself:

https://github.com/rwjdk/TrelloDotNet/wiki/DownloadAttachmentAsync

(NuGet: https://www.nuget.org/packages/TrelloDotNet)

0 votes
Rasmus Wulff Jensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 2, 2024

I've just tested and everything works fine for me (so at least it is not broken)... Here is a sanity screenshot

download.png

Could it be that you perhaps use a key/token that does not have access to the specific board

Test that by doing a GET Command with this URL:

https://api.trello.com/1/cards/{{cardid}}/attachments?key={{key}}&token={{token}} 

Which can also check the URL of the attachment is correct

 

Rob Banning
Contributor
November 2, 2024

Thank you for the screenshot.  It looks like I have the correct syntax for the Authorization header.

I did try various GET requests with the ?key={{trello_api_key}}&token={{trello_api_token}} query parameters and all responded with a 200 and the expected data.

I tried some alternate GETs of the download Authorization header:

  • Using an invalid key AND token results in 401 with an "unauthorized permission requested" message
  • Using an invalid key (valid token) results in 401 with an "invalid app key" message
  • Using an invalid token (valid key) results in 401 with an "unauthorized permission requested" message
  • Using a valid key AND token results in 401 with an "invalid app key" message

I have also tried the request without using Postman variables in the Authorization, as well as removing the space after the comma.  No luck.

 

Here is a screenshot of my auth header:

Screenshot 2024-11-02 173919.png

Rob Banning
Contributor
November 2, 2024

NOTE - I was working with a KEY and TOKEN from my ("free") test Trello account.  Just to be sure there wasn't something an issue associated with this test account, I tried everything with a KEY and TOKEN from my premium account (updating the card and attachment ids, too).  I got the same results:  The JSON requests with the KEY and TOKEN pass in the query params works fine.  The issue is with my Authorization header.

Rasmus Wulff Jensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 3, 2024

Hmm, running out of ideas here:

  • Could you try while logged into Trello with account that own the key, and try to go directly to the download url in the browser (you should be able to get it that way)
  • Try to generate a new api key/token (https://m.youtube.com/watch?v=ndLSAD3StH8) to check if they are somehow semi broken
  • Try another board with another card/attachment
  • Try the C# Lib mentioned (if you know C#)
  • Try alternative to Postman (if some odd config in postman cause this)

If all above fail I can also try to make a small addition to my https://trellotools.azurewebsites.net/ with an interface to test it out (been meaning to build a sandbox API test for a long time but never got around to do it)

Rob Banning
Contributor
November 3, 2024

Thank you for your ideas...  I tried your first three suggestions but could not get them to work.  (same errors)

I just finished building an ASP.NET Core Web API with your NuGet package and tested the following methods with three different KEY/TOKEN pairs (on two different accounts)

  1. GetBoardsCurrentTokenCanAccessAsync
  2. GetCardsOnBoardAsync
  3. GetCardAsync
  4. GetAttachmentsOnCardAsync
  5. GetAttachmentOnCardAsync
  6. DownloadAttachmentAsync

ALL WORKED !!! (esp. the Download)

I will try an alternative to Postman to see if that might have been the problem.  I will report back.

 

BTW - I really like your TrelloDotNet package.  I have something similar in one of my ASP.NET Core Web API services, but certainly not as exhaustive and elegant.  It's time to refactor my API service to incorporate your package.  THANK YOU.

 

ROB

Like Rasmus Wulff Jensen likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events