API Attachments Error

Hi,
I’m created a Power Automate flow to get the attachments from an Asana task, then display as a clickable URL within an email body. However, upon clicking the link, I receive the below message:

AccessDenied

Request has expired

1800

2024-05-15T12:24:37Z

2024-05-16T08:44:08Z

FVWV745YKJEV0BB8

tpiOKJFYH+h+9QUVrzOo6XTr2i/3Ju0lzJXr+HE2JLTGVCS61hS2FHYC/lDPMgCIjBOVcnvvMnw=

My output for my clickable URL is:
@{body(‘HTTP_-_Attachment_Item’)?[‘data’]?[‘name’]}

It all shows correctly; however, displays the error.

Any help would be appreciated.

Thanks,
Jamie

Hi @Jamie_Livingston,

What property are you getting the attachment URL from? I’m guessing its download_url? That link is only valid for two minutes; see the docs. I think you need to use permanent_url.

See Question about attachment url fields for more discussion. @Frederic_Malenfant may have more input here as well.

1 Like

The download url generated when you query an attachment, is set to expire by AWS S3, and is not permanent, to keep it secure.

It is valid for about 2 minutes, as described here:

So, when you need to download a file, you need to query the attachment to get its new download_url, and redirect to it.

You can’t get a download_url to set it on a web page, as it will be expired when the user click on it.

And @Frederic_Malenfant is it then true that you can’t use permanent_url at all? Do you know what it’s for?

Permanent_url is a url that is related to the Asana UI, and looks like

"https://app.asana.com/app/asana/-/get_asset?asset_id=xxx"

If you are logged into your account, and use that url in your browser, it should work.
The asana UI will redirect you to the “download_url”.

But, if you are in a scripting environment without browser, not connected to app.asana.com, the download_url is the one to use, but you should use these 2 query:

  1. GET /attachments/xxx
  2. GET /response_from_1.download_url (valid for a few seconds)

download_url is set to the private AWS S3 bucket that Asana uses, and it built with a temporary hash signature that expires.
It starts with:

"https://asana-user-private-us-east-1.s3.amazonaws.com/assets/..."

1 Like

Thanks for that additional info, @Frederic_Malenfant!

Hey guys, looks like AWS is now requesting an access code which is not included in Asana attachments data. Have you had the same issue? Any recommandation to resolve this?

BR,

Hi Phil, how do you mean, I’m a real person with a real issue.
Thanks

Thanks, Frederic.

I am using “download_url” and didn’t realise the 2 minute expiration, so thanks for this.

Regarding using “permanent_url”, this works; however, the user must have an Asana licence to view and not all my users have one; therefore, I can’t use this.

Does “view_url” have the same timeout as the download? If not, does the user require a licence to view?

My users are clicking the link from an email; therefore, this could be clicked any time upon creation.

Any help is appreciated.

Thanks,
Jamie

Hi @Jamie_Livingston,

I was referring to another GPT-generated post made in reply to yours; but moderators deleted that post so my comment was confusing! I removed it. It was definitely not aimed at your valid issue! :slight_smile:

No problem :slight_smile:

Hi,
I’ve just tried and the “view_url” also has the two minute expiration (you don’t need a licence from when I tested).

Maybe it’s not possible.