Question about authed attachments

I try to do curl call on:

curl -H "Authorization: OAuth oauth_consumer_key="MY_API_KEY", oauth_token="MY_USER_TOKEN"" https://trello.com/1/cards/SOME_HASH/attachments/SOME_HASH/download/about.pdf

and I get unauthorized permission requested, token and api key is correct 100% but it just doesn’t work.

Could somebody help please?

1 Like

@bentley could you please take a look? I’m already blocked for days because of this problem.

Are you confident you’re accessing the attachment with the same account that owns the board the card is on?

1 Like

Do you get the same error if you use the api. subdomain, as well?

https://api.trello.com/1/

:point_up: This is what should be used for the API, generally.

1 Like

I get same error. Is it somehow related to authentication? I have only scope “read” and the “token” expires never. With same token I can get all boards and all other data like comments, checklists, labels etc…

Just to confirm, when you can get all board and all other data like comments, checklists, labels, etc. are you doing that via the api. subdomain?

Can you share the full request you are making with the token removed?

It is always .api and if I call attachment url in browser then it will be offered to download. But when I try to get it via guzzlehttp then it returns just this html.

My PHP code is:

$params_arr = [
            'headers' => [
                'Authorization' => 'OAuth oauth_consumer_key="' . $api_key . '", oauth_token="' . $token_key . '"'
            ]
        ];
        $request = $this->request($attachment_url, 'GET', $params_arr);
        return $request->getBody()->getContents();

Is there maybe something wrong with parameters?