Batch request bug with attachment download

bill2 · December 8, 2023, 8:15am

Making a batch request to get the download links for attachments returns a 200 response with the expected links, however every link except the last one in the batch gives this error:

SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your key and signing method.

This is the Javascript code I am using. A workaround would be to not use batching, but as it uses 10x fewer requests, it would be good if it worked for this

await fetch(`https://api.trello.com/1/batch?urls=/cards/${cardId}/attachments/${attachmentId}/download/${fileName},/cards/...`, {
			method: "GET",
			headers: {
				"Authorization": `OAuth oauth_consumer_key="${getEnv('TRELLO_KEY')}", oauth_token="${getEnv('TRELLO_TOKEN')}"`
			}
		})

sunnyape · December 10, 2023, 10:28pm

Hello @bill2

Do you still get the same problem when you put the KEY and TOKEN directly into the request URL instead of the header, as per the documentation:

fetch('https://api.trello.com/1/batch?urls={urls}&key=APIKey&token=APIToken', {
  method: 'GET'
})

This method might associate a KEY + TOKEN with every single request in the batch, whereas your current method associates a KEY + TOKEN with the request to submit the batch.

bill2 · December 11, 2023, 12:29am

Hey @sunnyape, I did have the same problem with the url auth instead of headers. The problem is not the trello auth, as the batch gives me a 200 for all of the urls in the request object. It is a problem with Trello’s S3 authorisation I believe.

By the way, this blog post explains why we should use the “Authorization” header instead of url authentication.