Atlassian Jira Attachment API
The Atlassian Jira Attachment API enables managing file attachments on Jira issues including upload, retrieval, and metadata.
OpenAPI Specification
components:
schemas:
StreamingResponseBody:
additionalProperties: false
type: object
AttachmentSettings:
additionalProperties: false
description: Details of the instance's attachment settings.
properties:
enabled:
description: Whether the ability to add attachments is enabled.
readOnly: true
type: boolean
uploadLimit:
description: The maximum size of attachments permitted, in bytes.
format: int64
readOnly: true
type: integer
type: object
AttachmentMetadata:
additionalProperties: false
description: Metadata for an issue attachment.
properties:
author:
allOf:
- $ref: '#/components/schemas/User'
description: Details of the user who attached the file.
readOnly: true
content:
description: The URL of the attachment.
readOnly: true
type: string
created:
description: The datetime the attachment was created.
format: date-time
readOnly: true
type: string
filename:
description: The name of the attachment file.
readOnly: true
type: string
id:
description: The ID of the attachment.
format: int64
readOnly: true
type: integer
mimeType:
description: The MIME type of the attachment.
readOnly: true
type: string
properties:
additionalProperties:
readOnly: true
description: Additional properties of the attachment.
readOnly: true
type: object
self:
description: The URL of the attachment metadata details.
format: uri
readOnly: true
type: string
size:
description: The size of the attachment.
format: int64
readOnly: true
type: integer
thumbnail:
description: The URL of a thumbnail representing the attachment.
readOnly: true
type: string
type: object
xml:
name: attachment
AttachmentArchiveMetadataReadable:
additionalProperties: false
description: Metadata for an archive (for example a zip) and its contents.
properties:
entries:
description: The list of the items included in the archive.
items:
$ref: '#/components/schemas/AttachmentArchiveItemReadable'
readOnly: true
type: array
id:
description: The ID of the attachment.
format: int64
readOnly: true
type: integer
mediaType:
description: The MIME type of the attachment.
readOnly: true
type: string
name:
description: The name of the archive file.
readOnly: true
type: string
totalEntryCount:
description: The number of items included in the archive.
format: int64
readOnly: true
type: integer
type: object
AttachmentArchiveImpl:
additionalProperties: false
properties:
entries:
description: The list of the items included in the archive.
items:
$ref: '#/components/schemas/AttachmentArchiveEntry'
type: array
totalEntryCount:
description: The number of items in the archive.
format: int32
type: integer
type: object
externalDocs:
description: Find out more about Atlassian products and services.
url: http://www.atlassian.com
info:
contact:
email: [email protected]
description: Needs description.
license:
name: Apache 2.0
url: http://www.apache.org/licenses/LICENSE-2.0.html
termsOfService: http://atlassian.com/terms/
title: 'Atlassian rest/api/3/attachment/'
version: 1001.0.0-SNAPSHOT-67b5c6e5f3598d7ec1649016d026468ab2838a77
openapi: 3.0.1
paths:
/rest/api/3/attachment/content/{id}:
get:
deprecated: false
description: >-
Returns the contents of an attachment. A `Range` header can be set to
define a range of bytes within the attachment to download. See the [HTTP
Range header
standard](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Range)
for details.<br><br>To return a thumbnail of the attachment, use [Get
attachment
thumbnail](#api-rest-api-3-attachment-thumbnail-id-get).<br><br>This
operation can be accessed
anonymously.<br><br>**[Permissions](#permissions) required:** For the
issue containing the attachment:<br><br> * *Browse projects* [project
permission](https://confluence.atlassian.com/x/yodKLg) for the project
that the issue is in.<br> * If [issue-level
security](https://confluence.atlassian.com/x/J4lKLg) is configured,
issue-level security permission to view the issue.
operationId: atlassianGetattachmentcontent
parameters:
- description: The ID of the attachment.
in: path
name: id
required: true
schema:
type: string
- description: >-
Whether a redirect is provided for the attachment download. Clients
that do not automatically follow redirects can set this to `false`
to avoid making multiple requests to download the attachment.
in: query
name: redirect
schema:
default: true
type: boolean
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StreamingResponseBody'
description: >-
Returned if the request is successful when `redirect` is set to
`false`.
'206':
description: >-
Returned if the request is successful when a `Range` header is
provided and `redirect` is set to `false`.
'303':
description: >-
Returned if the request is successful. See the `Location` header for
the download URL.
'400':
description: Returned if the range supplied in the `Range` header is malformed.
'401':
description: Returned if the authentication credentials are incorrect.
'403':
description: The user does not have the necessary permission.
'404':
description: |-
Returned if:
* the attachment is not found.
* attachments are disabled in the Jira settings.
'416':
description: >-
Returned if the server is unable to satisfy the range of bytes
provided.
security:
- basicAuth: []
- OAuth2:
- read:jira-work
- {}
summary: Atlassian Get Attachment Content
tags:
- Issue Attachments
x-atlassian-data-security-policy:
- app-access-rule-exempt: false
x-atlassian-oauth2-scopes:
- scheme: OAuth2
scopes:
- read:jira-work
state: Current
- scheme: OAuth2
scopes:
- read:attachment:jira
state: Beta
x-atlassian-connect-scope: READ
/rest/api/3/attachment/meta:
get:
deprecated: false
description: >-
Returns the attachment settings, that is, whether attachments are
enabled and the maximum attachment size allowed.<br><br>Note that there
are also [project
permissions](https://confluence.atlassian.com/x/yodKLg) that restrict
whether users can create and delete attachments.<br><br>This operation
can be accessed anonymously.<br><br>**[Permissions](#permissions)
required:** None.
operationId: atlassianGetattachmentmeta
parameters: []
responses:
'200':
content:
application/json:
example: '{"enabled":true,"uploadLimit":1000000}'
schema:
$ref: '#/components/schemas/AttachmentSettings'
description: Returned if the request is successful.
'401':
description: Returned if the authentication credentials are incorrect or missing.
security:
- basicAuth: []
- OAuth2:
- read:jira-work
- {}
summary: Atlassian Get Jira Attachment Settings
tags:
- Issue Attachments
x-atlassian-data-security-policy:
- app-access-rule-exempt: true
x-atlassian-oauth2-scopes:
- scheme: OAuth2
scopes:
- read:jira-work
state: Current
- scheme: OAuth2
scopes:
- read:instance-configuration:jira
state: Beta
x-atlassian-connect-scope: READ
/rest/api/3/attachment/thumbnail/{id}:
get:
deprecated: false
description: >-
Returns the thumbnail of an attachment.<br><br>To return the attachment
contents, use [Get attachment
content](#api-rest-api-3-attachment-content-id-get).<br><br>This
operation can be accessed
anonymously.<br><br>**[Permissions](#permissions) required:** For the
issue containing the attachment:<br><br> * *Browse projects* [project
permission](https://confluence.atlassian.com/x/yodKLg) for the project
that the issue is in.<br> * If [issue-level
security](https://confluence.atlassian.com/x/J4lKLg) is configured,
issue-level security permission to view the issue.
operationId: atlassianGetattachmentthumbnail
parameters:
- description: The ID of the attachment.
in: path
name: id
required: true
schema:
type: string
- description: >-
Whether a redirect is provided for the attachment download. Clients
that do not automatically follow redirects can set this to `false`
to avoid making multiple requests to download the attachment.
in: query
name: redirect
schema:
default: true
type: boolean
- description: >-
Whether a default thumbnail is returned when the requested thumbnail
is not found.
in: query
name: fallbackToDefault
schema:
default: true
type: boolean
- description: The maximum width to scale the thumbnail to.
in: query
name: width
schema:
format: int32
type: integer
- description: The maximum height to scale the thumbnail to.
in: query
name: height
schema:
format: int32
type: integer
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StreamingResponseBody'
description: >-
Returned if the request is successful when `redirect` is set to
`false`.
'303':
description: >-
Returned if the request is successful. See the `Location` header for
the download URL.
'400':
description: Returned if the request is invalid.
'401':
description: Returned if the authentication credentials are incorrect.
'403':
description: The user does not have the necessary permission.
'404':
description: |-
Returned if:
* the attachment is not found.
* attachments are disabled in the Jira settings.
* `fallbackToDefault` is `false` and the request thumbnail cannot be downloaded.
security:
- basicAuth: []
- OAuth2:
- read:jira-work
- {}
summary: Atlassian Get Attachment Thumbnail
tags:
- Issue Attachments
x-atlassian-data-security-policy:
- app-access-rule-exempt: false
x-atlassian-oauth2-scopes:
- scheme: OAuth2
scopes:
- read:jira-work
state: Current
- scheme: OAuth2
scopes:
- read:attachment:jira
state: Beta
x-atlassian-connect-scope: READ
/rest/api/3/attachment/{id}:
delete:
deprecated: false
description: >-
Deletes an attachment from an issue.<br><br>This operation can be
accessed anonymously.<br><br>**[Permissions](#permissions) required:**
For the project holding the issue containing the attachment:<br><br> * *Delete own attachments* [project
permission](https://confluence.atlassian.com/x/yodKLg) to delete an
attachment created by the calling user.<br> * *Delete all attachments*
[project permission](https://confluence.atlassian.com/x/yodKLg) to
delete an attachment created by any user.
operationId: atlassianRemoveattachment
parameters:
- description: The ID of the attachment.
in: path
name: id
required: true
schema:
type: string
responses:
'204':
description: Returned if the request is successful.
'403':
description: Returned if the user does not have the necessary permission.
'404':
description: |-
Returned if:
* the attachment is not found.
* attachments are disabled in the Jira settings.
security:
- basicAuth: []
- OAuth2:
- write:jira-work
- {}
summary: Atlassian Delete Attachment
tags:
- Issue Attachments
x-atlassian-data-security-policy:
- app-access-rule-exempt: false
x-atlassian-oauth2-scopes:
- scheme: OAuth2
scopes:
- write:jira-work
state: Current
- scheme: OAuth2
scopes:
- delete:attachment:jira
state: Beta
x-atlassian-connect-scope: DELETE
get:
deprecated: false
description: >-
Returns the metadata for an attachment. Note that the attachment itself
is not returned.<br><br>This operation can be accessed
anonymously.<br><br>**[Permissions](#permissions) required:**<br><br> * *Browse projects* [project
permission](https://confluence.atlassian.com/x/yodKLg) for the project
that the issue is in.<br> * If [issue-level
security](https://confluence.atlassian.com/x/J4lKLg) is configured,
issue-level security permission to view the issue.
operationId: atlassianGetattachment
parameters:
- description: The ID of the attachment.
in: path
name: id
required: true
schema:
type: string
responses:
'200':
content:
application/json:
example: >-
{"author":{"accountId":"5b10a2844c20165700ede21g","accountType":"atlassian","active":false,"avatarUrls":{"16x16":"https://avatar-management--avatars.server-location.prod.public.atl-paas.net/initials/MK-5.png?size=16&s=16","24x24":"https://avatar-management--avatars.server-location.prod.public.atl-paas.net/initials/MK-5.png?size=24&s=24","32x32":"https://avatar-management--avatars.server-location.prod.public.atl-paas.net/initials/MK-5.png?size=32&s=32","48x48":"https://avatar-management--avatars.server-location.prod.public.atl-paas.net/initials/MK-5.png?size=48&s=48"},"displayName":"Mia
Krystof","key":"","name":"","self":"https://your-domain.atlassian.net/rest/api/3/user?accountId=5b10a2844c20165700ede21g"},"content":"https://your-domain.atlassian.net/jira/rest/api/3/attachment/content/10000","created":"2022-10-06T07:32:47.000+0000","filename":"picture.jpg","id":10000,"mimeType":"image/jpeg","self":"https://your-domain.atlassian.net/rest/api/3/attachments/10000","size":23123,"thumbnail":"https://your-domain.atlassian.net/jira/rest/api/3/attachment/thumbnail/10000"}
schema:
$ref: '#/components/schemas/AttachmentMetadata'
description: Returned if the request is successful.
'401':
description: Returned if the authentication credentials are incorrect or missing.
'403':
description: Returned if the user does not have the necessary permission.
'404':
description: |-
Returned if:
* the attachment is not found.
* attachments are disabled in the Jira settings.
security:
- basicAuth: []
- OAuth2:
- read:jira-work
- {}
summary: Atlassian Get Attachment Metadata
tags:
- Issue Attachments
x-atlassian-data-security-policy:
- app-access-rule-exempt: false
x-atlassian-oauth2-scopes:
- scheme: OAuth2
scopes:
- read:jira-work
state: Current
- scheme: OAuth2
scopes:
- read:attachment:jira
- read:user:jira
- read:application-role:jira
- read:avatar:jira
- read:group:jira
state: Beta
x-atlassian-connect-scope: READ
/rest/api/3/attachment/{id}/expand/human:
get:
deprecated: false
description: >-
Returns the metadata for the contents of an attachment, if it is an
archive, and metadata for the attachment itself. For example, if the
attachment is a ZIP archive, then information about the files in the
archive is returned and metadata for the ZIP archive. Currently, only
the ZIP archive format is supported.<br><br>Use this operation to
retrieve data that is presented to the user, as this operation returns
the metadata for the attachment itself, such as the attachment's ID and
name. Otherwise, use [ Get contents metadata for an expanded
attachment](#api-rest-api-3-attachment-id-expand-raw-get), which only
returns the metadata for the attachment's contents.<br><br>This
operation can be accessed
anonymously.<br><br>**[Permissions](#permissions) required:** For the
issue containing the attachment:<br><br> * *Browse projects* [project
permission](https://confluence.atlassian.com/x/yodKLg) for the project
that the issue is in.<br> * If [issue-level
security](https://confluence.atlassian.com/x/J4lKLg) is configured,
issue-level security permission to view the issue.
operationId: atlassianExpandattachmentforhumans
parameters:
- description: The ID of the attachment.
in: path
name: id
required: true
schema:
type: string
responses:
'200':
content:
application/json:
example: >-
{"entries":[{"index":0,"label":"MG00N067.JPG","mediaType":"image/jpeg","path":"MG00N067.JPG","size":"119
kB"},{"index":1,"label":"Allegro from Duet in C
Major.mp3","mediaType":"audio/mpeg","path":"Allegro from Duet in
C Major.mp3","size":"1.36
MB"},{"index":2,"label":"long/path/thanks/to/.../reach/the/leaf.txt","mediaType":"text/plain","path":"long/path/thanks/to/lots/of/subdirectories/inside/making/it/quite/hard/to/reach/the/leaf.txt","size":"0.0
k"}],"id":7237823,"mediaType":"application/zip","name":"images.zip","totalEntryCount":39}
schema:
$ref: '#/components/schemas/AttachmentArchiveMetadataReadable'
description: >-
Returned if the request is successful. If an empty list is returned
in the response, the attachment is empty, corrupt, or not an
archive.
'401':
description: Returned if the authentication credentials are incorrect or missing.
'403':
description: The user does not have the necessary permission.
'404':
description: |-
Returned if:
* the attachment is not found.
* attachments are disabled in the Jira settings.
'409':
description: >-
Returned if the attachment is an archive, but not a supported
archive format.
security:
- basicAuth: []
- OAuth2:
- read:jira-work
- {}
summary: Atlassian Get All Metadata For An Expanded Attachment
tags:
- Issue Attachments
x-atlassian-data-security-policy:
- app-access-rule-exempt: false
x-atlassian-oauth2-scopes:
- scheme: OAuth2
scopes:
- read:jira-work
state: Current
- scheme: OAuth2
scopes:
- read:attachment:jira
state: Beta
x-experimental: true
x-atlassian-connect-scope: READ
/rest/api/3/attachment/{id}/expand/raw:
get:
deprecated: false
description: >-
Returns the metadata for the contents of an attachment, if it is an
archive. For example, if the attachment is a ZIP archive, then
information about the files in the archive is returned. Currently, only
the ZIP archive format is supported.<br><br>Use this operation if you
are processing the data without presenting it to the user, as this
operation only returns the metadata for the contents of the attachment.
Otherwise, to retrieve data to present to the user, use [ Get all
metadata for an expanded
attachment](#api-rest-api-3-attachment-id-expand-human-get) which also
returns the metadata for the attachment itself, such as the attachment's
ID and name.<br><br>This operation can be accessed
anonymously.<br><br>**[Permissions](#permissions) required:** For the
issue containing the attachment:<br><br> * *Browse projects* [project
permission](https://confluence.atlassian.com/x/yodKLg) for the project
that the issue is in.<br> * If [issue-level
security](https://confluence.atlassian.com/x/J4lKLg) is configured,
issue-level security permission to view the issue.
operationId: atlassianExpandattachmentformachines
parameters:
- description: The ID of the attachment.
in: path
name: id
required: true
schema:
type: string
responses:
'200':
content:
application/json:
example: >-
{"entries":[{"entryIndex":0,"mediaType":"audio/mpeg","name":"Allegro
from Duet in C
Major.mp3","size":1430174},{"entryIndex":1,"mediaType":"text/rtf","name":"lrm.rtf","size":331}],"totalEntryCount":24}
schema:
$ref: '#/components/schemas/AttachmentArchiveImpl'
description: >-
Returned if the request is successful. If an empty list is returned
in the response, the attachment is empty, corrupt, or not an
archive.
'401':
description: Returned if the authentication credentials are incorrect or missing.
'403':
description: The user does not have the necessary permission.
'404':
description: |-
Returned if:
* the attachment is not found.
* attachments are disabled in the Jira settings.
'409':
description: >-
Returned if the attachment is an archive, but not a supported
archive format.
security:
- basicAuth: []
- OAuth2:
- read:jira-work
- {}
summary: Atlassian Get Contents Metadata For An Expanded Attachment
tags:
- Issue Attachments
x-atlassian-data-security-policy:
- app-access-rule-exempt: false
x-atlassian-oauth2-scopes:
- scheme: OAuth2
scopes:
- read:jira-work
state: Current
- scheme: OAuth2
scopes:
- read:attachment:jira
state: Beta
x-experimental: true
x-atlassian-connect-scope: READ
servers:
- url: https://your-domain.atlassian.net
tags:
- name: Issue Attachments
x-atlassian-narrative:
documents:
- anchor: about
body: >-
The Jira REST API enables you to interact with Jira programmatically.
Use this API to
[build
apps](https://developer.atlassian.com/cloud/jira/platform/integrating-with-jira-cloud/),
script interactions with
Jira, or develop any other type of integration. This page documents the
REST resources available in Jira Cloud, including
the HTTP response codes and example requests and responses.
title: About
- anchor: version
body: >
This documentation is for **version 3** of the Jira Cloud platform REST
API, which is the latest version
but is in **beta**. [Version
2](https://developer.atlassian.com/cloud/jira/platform/rest/v2/) and
version 3 of the API offer the same collection of operations. However,
version 3 provides support for
the [Atlassian Document
Format](https://developer.atlassian.com/cloud/jira/platform/apis/document/structure/)
(ADF) in:
- `body` in comments, including where comments are used in issue, issue
link, and transition resources.
- `comment` in worklogs.
- `description` and `environment` fields in issues.
- `textarea` type custom fields (multi-line text fields) in issues.
Single line custom fields
(`textfield`) accept a string and don't handle Atlassian Document Format content.
However, these new features are under development and may change.
title: Version
- anchor: authentication
body: >
### Forge apps
For Forge apps, [REST API
scopes](https://developer.atlassian.com/cloud/jira/platform/scopes-for-oauth-2-3LO-and-forge-apps/)
are used when authenticating with Jira Cloud platform. See [Add scopes
to call an Atlassian REST
API](https://developer.atlassian.com/platform/forge/add-scopes-to-call-an-atlassian-rest-api/)
for more details.
The URIs for Forge app REST API calls have this structure:
`/rest/api/3/<resource-name>`
For example, `/rest/api/3/issue/DEMO-1`
### Connect apps
For Connect apps, authentication (JWT-based) is built into the Connect
libraries. Authorization is implemented using either
scopes (shown as _App scope required_ for operations on this page) or
user impersonation. See
[Security for Connect
apps](https://developer.atlassian.com/cloud/jira/platform/security-for-connect-apps/)
for details.
The URIs for Connect app REST API calls have this structure:
`https://<site-url>/rest/api/3/<resource-name>`
For example, `https://your-domain.atlassian.net/rest/api/3/issue/DEMO-1`
### Other integrations
For integrations that are not Forge or Connect apps, use OAuth 2.0
authorization code grants (3LO) for security
(3LO scopes are shown as for operations _OAuth scopes required_). See
[OAuth 2.0 (3LO)
apps](https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/)
for details.
The URIs for OAuth 2.0 (3LO) app REST API calls have this structure:
`https://api.atlassian.com/ex/jira/<cloudId>/rest/api/3/<resource-name>`
For example,
`https://api.atlassian.com/ex/jira/35273b54-3f06-40d2-880f-dd28cf8daafa/rest/api/3/issue/DEMO-1`
### Ad-hoc API calls
For personal scripts, bots, and ad-hoc execution of the REST APIs use
basic authentication. See [Basic auth for REST
APIs](https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/)
for details.
The URIs for basic authentication REST API calls have this structure:
`https://<site-url>/rest/api/3/<resource-name>`
For example, `https://your-domain.atlassian.net/rest/api/3/issue/DEMO-1`
title: Authentication and authorization
- anchor: permissions
body: >
### Operation permissions
Most operations in this API require permissions. The calling user must
have the required permissions for an operation to
use it. Note that for Connect apps, the app user must have the required
permissions for the operation and the app must
have scopes that permit the operation.
A permission can be granted to a group, project role, or issue role that
the user is a member of, or granted directly to a user.
See [Permissions overview](https://confluence.atlassian.com/x/FQiiLQ)
for details. The most common permissions are:
- **Administer the Cloud site**: Users in the _site-admins_ group have
this
permission. See [Manage
groups](https://confluence.atlassian.com/x/24xjL) for details.
- **Administer Jira**: Granted by the _Jira Administrators_ global
permission. There is a default group for this permission.
See [Manage groups](https://confluence.atlassian.com/x/24xjL) and
[Managing global permissions](https://confluence.atlassian.com/x/x4dKLg)
for details.
- **Administer a project in Jira**: Granted by the _Administer projects_
project permission for a project. This can be
granted to a user, a group, a project role, and more.
See [Managing project
permissions](https://confluence.atlassian.com/x/yodKLg) for details.
- **Access a project in Jira**: Granted by the _Browse projects_ project
permission for a project. This can be
granted to a user, a group, a project role, and more.
See [Managing project
permissions](https://confluence.atlassian.com/x/yodKLg) for details.
- **Access Jira**: Granted by the _Jira Users_ global permission. Users
in the default product access group (for example,
_jira-software-users-acmesite_) have this permission.
See [Manage groups](https://confluence.atlassian.com/x/24xjL) and
[Managing global permissions](https://confluence.atlassian.com/x/x4dKLg)
for details.
### Anonymous access
Some operations provide support for anonymous access. However, anonymous
access is only available if
the Jira permission needed to access the object or records returned by
the operation is granted to
the _Public_ group. See [Allowing anonymous access to your
project](https://confluence.atlassian.com/x/GDxxLg)
for details.
If an operation is called anonymously and anonymous access is not
available, the operation will return
an error. Note that not all operations that correspond to objects that
can be given public access
provide for anonymous access.
title: Permissions
- anchor: expansion
body: >+
### Expansion
The Jira REST API uses resource expansion, which means that some parts
of a resource are not returned unless specified
in the request. This simplifies responses and minimizes network traffic.
To expand part of a resource in a request, use the expand query
parameter and specify the object(s) to be expanded.
If you need to expand nested objects, use the `.` dot notation. If you
need to expand multiple objects, use a
comma-separated list.
For example, the following request expands the `names` and
`renderedFields` properties for the _JRACLOUD-34423_ issue:
`GET issue/JRACLOUD-34423?expand=names,renderedFields`
To discover which object can be expanded, refer to the `expand` property
in the object.
In the JSON example below, the resource declares `widgets` as
expandable.
```json
{
"expand": "widgets",
"self": "https://your-domain.atlassian.net/rest/api/3/resource/KEY-1",
"widgets": {
"widgets": [],
"size": 5
}
}
```
### Pagination
The Jira REST API uses pagination to improve performance. Pagination is
enforced for operat
# --- truncated at 32 KB (39 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/atlassian/refs/heads/main/openapi/atlassian-rest-api-3-attachment--openapi-original.yml