Using API Tokens To Download Attachments
If you disable Basic Authentication with passwords in the System-Wide settings, you also can't authenticate on non REST endpoints with API Tokens directly.
This is because of technical reasons and required for security, to make sure nobody can cheat their way around (getting a session with a password on a non-REST endpoint and using that on the REST API and evade token scope - or other restrictions).
So if you need to download attachments, which are not served on REST endpoints, get a session from a REST endpoint first and use that to download.
In order to download attachments, one needs to authenticate against a REST endpoint first and use the session cookie for the subsequent request to retrieve the attachment via the non-REST endpoint.
Below are some Curl examples for Jira and Confluence.
Jira
Python
Please use version 1.8.1 if you want to use the Python Jira library
The Jira Python library provides some convenient methods to retrieve Jira content. Please see https://pypi.org/project/jira/ for installation instructions.
The following snippet shows how to authenticate with a user and API token and how to download attachments from an issue.
- from jira import JIRA
-
- username = "someuser"
- apitoken = "sometoken"
- download_folder = "/path/to/download/folder/"
- server = "https://<jira-base-url/"
-
- jira = JIRA(basic_auth=(username, apitoken), options={'server': server})
- issue = jira.issue(<issue-key>, fields='summary,comment,attachment')
-
- for attachment in issue.fields.attachment:
- with open(download_folder + '%s' % (attachment.filename), 'wb') as file:
- file.write(attachment.get())
Curl
Jira provides details about issue attachments on the following endpoint. The response JSON can be parsed to get the download URL.
- https://<jira-url>/rest/api/2/issue/<issueIdOrKey>?fields=attachment
List attachments, get session from API Token authentication at the same time
The following call lists all attachment details for a given issue in Jira and saves the session cookie. You need to parse the JSON output to get the attachment download URL.
- curl -c /path/to/some/folder/cookie-jar.txt -u username:apitoken "https://<jira-url>/rest/api/2/issue/<issueIdOrKey>?fields=attachment"
Use that session cookie for download or any subsequent calls
The below call shows how to use the session cookie again to download the file, using the download URL retrieved after parsing the response with the call before.
- curl -b /path/to/some/folder/cookie-jar.txt "https://<jira-url>/secure/attachment/10100/portallog.jpg" --output /path/to/some/folder/portallog.jpg
Confluence
Curl
Confluence provides details about page attachments on the following endpoint. The response JSON can be parsed to get the download URL.
- https://confluence-url/rest/api/content/<page-id>/child/attachment
List attachments for a page, get session from API Token authentication at the same time
The following call lists all attachment details for a given page id in Confluence and saves the session cookie. You need to parse the JSON output to get the attachment download URL.
- curl -c /path/to/some/folder/cookie-jar.txt -u username https://confluence-url/rest/api/content/<page-id>/child/attachment
Use that session cookie for download or any subsequent calls
The below call shows how to use the session cookie again to download the file
- curl -b /path/to/some/folder/cookie-jar.txt "https://confluence-url/download/attachments/1212445/sample.xlsx" --output /path/to/some/folder/sample.xlsx