Jump to content

How do I retrieve an attachment using the API

Recommended Posts

I am writing a powershell script to automate one particular ticket type that can be raised by our users.  I've been able to create a report that lists all open tickets of the relevant type, and I'm able to retrieve the report using the techniques described at 

However, each ticket includes an attachment that needs to be passed to the automation.  I can use smGetAttachments to retrieve information about the attachment, but I'm stuck how to retrieve the attachment itself from powershell.

smGetAttachments returns fields like the below:

h_pk_id           : 16271
h_request_id      : SR00040620
h_contentlocation : /cafs_raw/fs_entity/8d0703328b4819440d1676c463783216de5b3605.data
h_filename        : xxxxxxxx mail merge- yyyyyy letters.doc
h_size            : 1566208
h_timestamp       : 2020-08-06 10:38:27Z
h_visibility      : trustedGuest

I'd expect to take the h_contentlocation field and concatenate this to my instance URL plus some intermediate folder  to download the actual attachment using system.net.webclient, much as per the referenced topic.  However, I'm unable to discover what to put between the instance URL and the h_contentlocation.

Or is some entirely different technique required?



Link to post
Share on other sites

Hi @BillP,

Your intuition is quite right, you would just need to concatenate it to your instance URL - the intermediate folder you are looking for is "dav". In the full URL, "/dav/" would replace the "/xmlmc/" bit.

You will still need to pass the Authorization on via the header in your GET request.

Link to post
Share on other sites

Thanks, @SamS

That's got me further, and I now get a 401 error.  I'm using the same API key as I use a few lines earlier when pulling down the report, so I'm guessing that permissions or roles might need to be added for the account?

Link to post
Share on other sites

I did a little investigation and I tried an invalid API key, which gave a 403 (Forbidden) error, whereas my real API key gave a 401 (Unauthorized) error, from which I deduce that the API KEY is being checked, i.e. passing the Authentication (identity is valid) but is failing Authorization (identity is not allowed to do the thing).  The 401 accords with https://tools.ietf.org/html/rfc7235#page-6 (when credentials are supplied) though I'm not sure that the 403 is right for the other case.  I may be being over-picky.

Link to post
Share on other sites

@VictorCan you clarify that, please?

https://eurapi.hornbill.com/myorg/dav/reports/109/Documotive Requests_5008.csv


fails (401)

in both cases the calling code is based on the referenced article above, and is (in the second case):

        $url = $baseEndpoint + "/dav" + $attachmentDetails.h_contentlocation
        Try {
            $wc = New-Object System.Net.WebClient
            $key = $HornbillAPIKey
           # $key = "abcdef1234567890abcdef1234567890"
            $wc.Headers.Add("Authorization","ESP-APIKEY " + $key)
#        return -1
        Catch {
            Write-Error $_.Exception.Message
            exit 0
            #echo("hey ho pip and dandy")
            #return $apiResponse

you will observe the fake API KEY (currently commented out).

My deduction - possibly wrong - is that the api key's account has group rights to access dav/reports but does not have group rights to dav/cafs_raw , hence my framing my question in terms of permissions or roles that might need to be applied to the account.  Have I misinterpreted the symptoms?  Is there a different way I should be downloading from dav/cafs_raw ?

Thank you for your continuing patience...

Link to post
Share on other sites

Hi @BillP,

GET requests to dav/cafs_raw/... do indeed work with API keys, and you're 100% correct that the 401 means that the account that is associated to the API doesn't have access, as only a super user has access to that endpoint... 

BUT! You can send a GET request to the following to programatically download attachments from requests, as long as the user who is associated to the API key has access to the request:


Where YOURINSTANCEID is the ID of your Hornbill instance, IN00012345 is the request reference, and attachmentname.pdf is the name of the file attachment on the request. Make sure you send the API key in the headers as usual, and it should just work.

Let me know how you get on with this.



  • Like 2
Link to post
Share on other sites

Hi @Steve G

I'm happy to confirm that your alternative works.  So we now have an end-to-end mechanism for extracting a specific class of problems from Hornbill and delivering them - with their associated artifacts - to a powershell automation.  Now to automate resolving of the ticket!

Thank you, and your colleagues for your assistance.



  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...