Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket Issue Attachments API [GET] Question

alexwonguhuru
alexwonguhuru
Contributor
March 24, 2019

I am trying to use the Attachments API from 

 

https://developer.atlassian.com/bitbucket/api/2/reference/resource/repositories/%7Busername%7D/%7Brepo_slug%7D/issues/%7Bissue_id%7D/attachments#get

 

I am able to POST an attachment successfully.

 

When I try to GET it, I get the metadata for attachments of the issue I selected.

Inside the metadata, there's a URL to the image at `links.self.href[0]` but when I try to access it, I get a 403 Forbidden. 

 

The description of the GET request says, `This returns the files' meta data. This does not return the files' actual contents.` 

 

Is this suppose to be part of the spec, only access to metadata?

 

Thanks

 

Answer
Watch
Like Be the first to like this
845 views

2 answers

0 votes
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 28, 2019

Hello Alex,

Thank you for attempting the endpoint to access your data along with the additional context around what you’re attempting to accomplish.

For testing purposes, I would confirm first that you’re able to access the attachment without going through another location or application first. Meaning, please attempt to access the endpoint directly using cURL to see if we get a proper response (looking for a 200). From there we can progress to the next steps.

If you do run into a CORS issue with Bitbucket, I would suggest reviewing the CORS documentation which will show the options that need to be included within your API calls. You may find this documentation at Cors and hypermedia.

I look forward to your response so we can confirm access as the next step.

Regards,
Stephen Sifers

View More Comments
alexwonguhuru
alexwonguhuru
Contributor
April 1, 2019

Hello Stephen,

 

I apologize for the late reply. cURL works fine.

I couldn't bypass the CORS issue, when making the request from the browser side (client).

I ended up creating a proxy to my own server to make the request there instead and hacked it in a way so that the s3 url is returned instead of the image buffer. When doing it from the browser, I couldn't skip the preflight request check.

 

I think the API would be a lot easier to use if instead of returning the image data, it just returns the s3 URL I could use temporarily so I can directly use it in the `<img src>` without going through extra steps, but that's just me. :)

 

Thanks for your help.

Like
Reply
0 votes
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 26, 2019

Hello Alex,

Thank you for providing the reference you’re using along with context around what you’re wanting to accomplish. To ensure I am answering correctly, I understand you’re wanting to upload an attachment to a Bitbucket issue, then be able to access said attachment after uploading.

From reviewing the API, and as you have clarified, you can use the following endpoint to upload an image to an issue: /2.0/repositories/{username}/{repo_slug}/issues/{issue_id}/attachments. This endpoint, however, does not allow you to access the actual data of the attachment, as you have also clarified.

If you’re wanting to access the actual attachment then we would suggest using the following endpoint: /2.0/repositories/{username}/{repo_slug}/issues/{issue_id}/attachments/{path}. This endpoint will allow you to complete the following:

Returns the contents of the specified file attachment.

Note that this endpoint does not return a JSON response, but instead returns a redirect pointing to the actual file that in turn will return the raw contents.

The redirect URL contains a one-time token that has a limited lifetime. As a result, the link should not be persisted, stored, or shared.

I hope this proves helpful and you’re able to gain access to your uploaded attachments.

Regards,
Stephen Sifers

View More Comments
alexwonguhuru
alexwonguhuru
Contributor
March 27, 2019

Hi Stephen,

Thank you for the reply. The endpoint you shared turns out to be the same endpoint provided by the `links.self.href[0]` provided by /2.0/repositories/{username}/{repo_slug}/issues/{issue_id}/attachments

 

I have tried using the endpoint you provided and I am running into a CORS error.

I am currently using `Implicit Grant` auth to access Bitbucket REST APIs.

In the frontend I am using the `axios` module to GET from the API. In the request I have already included the Bearer token provided by the `Implicit Grant`

I get 2 OPTION Requests of 302 that then goes to a 3rd OPTION Request that gives me a 403 Forbidden per attachment requested. After the redirect my origin becomes null. I have tested this on localhost and on a deployed heroku app and get the same problem.

If I click on the link that says `bitbucket-assetroot.s3.amazonraws...` I am able to download the attachment without fail. 

If you can point me to where I'm doing something wrong, that'll be great. One thing I can think of is returning the presigned S3 URL in a JSON format, so I can just pass the URLs to my `img src` tag.

 

Screen Shot 2019-03-28 at 10.10.52 AM.png

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.