How to let API user access uploaded files?

[hongquan]

We have a web application where we leverage Zulip to build chat feature. We created a chat box in our web application and calling Zulip API to receive and send chat messages. The problem is that when one user sends a file, other users in the same stream cannot access the file, getting "You are not authorized to view this file" error, if view from our front-end.

How can I make the files accessible?

[cmprmsd]

See this bug here: #22285

To make an uploaded file available to other users you must send the link in a chat message to them or the stream and this has to be in the format:

[](/path/after/domain/file.ext)

Zulip will recognize the file and update the permissions accordingly. That's at least what I noticed. :)

[alya]

@hongquan does the above address your question?

[hongquan]

@alya @cmprmsd Not address my case.
In my case, the URL I acquired via Zulip message API is relative URL (without https://domain), I have build absolute URL from it, so there is no case of duplicate "/".

[hongquan]

Note that, in my case, file is uploaded in Zulip web UI (https://utar.chat.fairwiz.com), and on our website (https://some-other-domain.com), we call Zulip API to get message and display to user. Before displaying to user, we have to rewrite the URLs in the message content, converting them from relative to absolute. The rewriting must be made so that browser doesn't think the files are in the https://some-other-domain.com domain.

[cmprmsd]

After the file has been uploaded, do you share it with Zulip in the chat stream?
It seems you are trying to access the file anonymously. Not sure if this will work in any case.

[hongquan]

@cmprmsd I don't understand this question:

After the file has been uploaded, do you share it with Zulip in the chat stream

Because as I descibed, we attach the file with the chat in Zulip web UI. There is no explicit "share" button/ action.

It seems you are trying to access the file anonymously

Yes, and the problem is that I don't know how to authenticate user to access the file, because the message is retrieved via Zulip API. We have the email addess + API key to call API. But with that credentials, Zulip doesn't mark the session as "authenticated" to let me access the file.

[cmprmsd]

Has the bot been joined to the channel/stream where you post the file?
This was a mistake I did on my first try, too 😁

[hongquan]

@cmprmsd Yes. I did let the bot/user subscribe to the stream, and I can get new chat message in real-time.

[lgsandy]

We have a web application where we leverage Zulip to build chat feature. We created a chat box in our web application and calling Zulip API to receive and send chat messages.The problem is that when i view from our front-end it is showing 403.

[zulipbot]

Hello @zulip/server-api, @zulip/server-bots, @zulip/server-misc members, this issue was labeled with the "area: uploads", "area: api", "area: bots" labels, so you may want to check it out!