Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Card attachments *now* inherit board privacy settings?

Bryan Buchanan
Bryan Buchanan August 18, 2021

It used to be that attachments on private boards were publicly-accessible, as mentioned in previous threads like this one: https://community.atlassian.com/t5/Trello-questions/Attachments-in-Trello-are-public-or-private/qaq-p/990831

Our business built an app on top of the API that relies on these attachments (images, specifically) being publicly-accessible.

But now, it looks like these attachments now require the same permissions the boards themselves require. And, I've so far been unable to find anything in the API that would allow me to at least make these images accessibly via a proxy or any other means.

Does anyone know if this was intentional, if they plan on adding API access to attachments, or if there's any other way we can make attachments on private boards publicly-accessible?

Answer
Watch
Like Be the first to like this
1293 views

3 answers

1 accepted

3 votes
Answer accepted
Bryan Buchanan
Bryan Buchanan August 18, 2021

After doing some digging on the developer community board, I see that requiring auth for private board attachments has been a planned change: https://trello.com/c/tnX5dhiI/87-updated-authenticated-access-to-s3?menu=filter&filter=s3

The solution is to add auth headers to your get request, like:

Authorization: OAuth oauth_consumer_key="<KEY>", oauth_token="<TOKEN>"

Because I don't want to expose my API credentials, I had to create an intermediate proxy service that attaches the auth headers and streams the results back.

View More Comments
milynnus
milynnus
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 18, 2021

@Bryan Buchanan 

I worked on the same yesterday. I create a file and make it accessible as a download which is the recommendation. You mention “stream” in your post, can you share how you did it? How would you handle the different media types and file types? Is the a generic binary object type I should use?

Like
Bryan Buchanan
Bryan Buchanan August 19, 2021

@milynnus By no means do I claim this is good or correct, but this is the method I'm using for now. It's not actually streaming, but that isn't a huge deal for my particular application.

Like
milynnus
milynnus
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 19, 2021

@Bryan Buchanan 

Thanks for sharing. I found out that there is type=stream for large files. Got it to work and I am able to get files downloaded. Will try with a pdf to see it will work.

I think the goal is to provide a url and and a zipfile of all the contents is made available. That seems to be the ease of sharing that is need. Best it can be provided as a service from Trello board.

Like
Reply
0 votes
Alejandro Chung
Alejandro Chung August 23, 2021

Hello,

I am trying to access a card's attachment vía API, but the following error shows "unauthorized permission requested".

I did all the instruction that is showed in this announcement: https://trello.com/c/tnX5dhiI/87-updated-authenticated-access-to-s3?menu=filter&filter=s3

The following URL is of the attachment I want to preview and where I put queries with API Key and Token access code.

https://api.trello.com/1/cards/611feb7fe7b0075ce99ec8f5/attachments/6123ddf2808b24542cac8154/download/imagen.jpeg?key=*******&token=*******

I do not think the query parameters are wrong because I used it with the following HTTPS call to get card's attachments links and it worked:

https://api.trello.com/1/cards/611feb7fe7b0075ce99ec8f5/attachments?key=*******&token=*******

¿What can be the problem?

Best regards

View More Comments
Bryan Buchanan
Bryan Buchanan August 23, 2021

I believe the key and token need to be added to the request's headers, not just appended as a query string, as they are in your example. It does indeed behave a bit different than the existing API calls.

Like
Alejandro Chung
Alejandro Chung August 23, 2021
I tried with OAuth too, but maybe I am doing something wrong. ¿Can you check please?

Consumer Key={Here I put API KEY}
Consumer Secret={Here I put OAuth Secret provided in https://trello.com/app-key}
Access Token={Here I put API Token}
Token Secret={Nothing}
Like
Bryan Buchanan
Bryan Buchanan August 23, 2021

What are you using to make the request? The link I posted earlier in another reply has an example for adding the headers to a request made from Node.

Like
Alejandro Chung
Alejandro Chung August 24, 2021

I fixed it. 

I was using an Zapper-like webapp where I had to put that data. I needed to append Key and Token as Oauth and not just as query string.

Thanks!

Like
Reply
0 votes
Martin Purmensky
Martin Purmensky
Contributor
August 19, 2021

I am also desperately looking for a way to regain this feature.  This new sharing seriously affects our workflow making Trello less convenient. 

View More Comments
Bryan Buchanan
Bryan Buchanan August 19, 2021

Check out my previous answer

It’s not too difficult, I was just having a tough time finding info about the change.

Add the appropriate auth headers to the GET request, and you have your file. 

If you need to hide your key/token, make the request server-side, then serve/stream the file back as the response.

Update: Here's a quick example written for NodeJS. I'm sure there are better ways of serving or streaming the file back to the viewer, but this at least illustrates the process: https://gist.github.com/bryanbuchanan/a14cf11853322a5d4219e98b044ea853

Like
Martin Purmensky
Martin Purmensky
Contributor
August 20, 2021

Sorry, this is beyond my skills.  I have no idea what to do with the code or where to upload it.  I am a user that needs to share attachments from a private board, and preview files as it was 2 months ago. 

Like
milynnus
milynnus
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 20, 2021

@Martin Purmensky 

I am also trying to figure out how to deploy something like this.

Currently the best I can do is to send an url via email to the user (it a fake url so it will not work)

https://user2:jXd5s^2z%6qA@63105.wayscript.io/attach_zip/?card_id=51146f45df741c3bd7ef635e

It works welcome with Chrome but Safari does not support the basic authentication.

Hidden behind the endpoint will be a server program that will gather all the attachments from a card and the user will be able to download them. Because it tricks a download it cannot be activated from Butler.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Trello
Trello
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.