Image 403 Error

[jacksonzamorano]

Hello,

I am trying to use your API to get messages from a channel. However, once I get those messages when I try and download attachments using the URL specified I get a 403 error even with the X-User-Id and X-Auth-Token.

[jacksonzamorano]

Hi, could I get some help with this?

[MarcosSpessatto]

@hobbsome Can you provide more informations? Like what endpoint and how can we simulate this error, please?

[tandeson]

I think I'm having the same issue:

I use the REST API to get a message, which contains a URL to the message:
environment.RocketChatServer + message.attachments[0].image_url
( my server name such as 'https://rocketchat.foo.com' and the image_url, such as ''/file-upload/MzAKsqhn54sEJt5eS/20180504145314_3918475292411152406.jpg"

If I try to fetch the file using a http get, I get a 403 error.

If I log into into RocketChat's web interface in another tab - I can get get the file. It seems that it's using cookies ( rc_uid and rc_token ) to allow access. However, if I set the same tokens in my code, using the response from the user authentication ( e.g. the same ones for X-User-Id and X-Auth-Token. ) it doesn't appear to work, When I've logged out of the Rocketchat web interface - I can no longer get the file from my Angular 5 code.

It would be nice if I could get the file by using the parameters X-User-Id and X-Auth-Token, instead of having to get a cookie setup ( assuming that is the authorization check being used).

I think we're running version 0.62 or 0.64, I'll confirm with our admin.

[tandeson]

Follow up - this can be done with cookies, I had a bug where I was setting rc_id, when I needed to set rc_uid.

However, the feature request / comment still stands - as a user of the REST interface, I'd like to be able to use a http get with X-User-Id and X-Auth-Token instead of creating a cookie.

[tandeson]

Thank you!

[jacksonzamorano]

Thanks!

[PrajvalRaval]

@tandeson @hobbsome Can you send me an example usage code of getting image using this headers, probably in nodejs ? We are working on RC Alexa Skill and this error has been an issue for quite a while.

[SardorbekR]

@PrajvalRaval have you found a solution? Although I am sending a request to download link with headers mentioned above, I am still getting 403

[zakrush]

Hi.
I also getting 403:

curl "https://rchat.domain.com/api/v1/rooms.upload/sec_automation" \
    -F file=test.txt \
    -F "msg=This is a message with a file" \
    -F "description=Simple text file" \
    -H "X-Auth-Token: token" \
    -H "X-User-Id: bjhaEud8AfpnCqboa"

If i do it from gui it's working fine for me.

I use token, that was created into account settings.
Version is 4.5.2