Download artifacts from a public repo requires authentication token

The docs say otherwise:


“Anyone with read access to the repository can use this endpoint.”
However this fails:
curl -v -L -o artifact.zip “https://api.github.com/repos/irinabov/confluent-kafka-dotnet/actions/artifacts/9908862/zip

Is this a problem with the doc or with permissions on artifacts?

@irinabov,

According to my tests, the authentication token seems is required when downloading an artifact from a public repository.

  • When I tried to download an artifact from a public repository via the commands below, it returned the 403 error, and generated an invalid “artifact.zip” in the working directory.
# download without authentication token
curl -v -L -o artifact.zip \
"https://api.github.com/repos/:owner/:repo/actions/artifacts/:artifact_id/zip"

error message:

< HTTP/1.1 403 Forbidden
< date: Wed, 01 Jul 2020 05:46:28 GMT
< content-type: application/json; charset=utf-8
< server: GitHub.com
< status: 403 Forbidden
  • When I tried to download the artifact with the authentication token via the commands below, the artifact can be downloaded successfully.
# download with authentication token
token='token'
curl -v -L -u BrightRan:$token -o artifact.zip \
"https://api.github.com/repos/:owner/:repo/actions/artifacts/:artifact_id/zip"

I’m not sure if we have misunderstood the description in the docs.
If the token is not required, I think there may be an issue causes the 403 error.
If the token is required, I think the description in the docs is somewhat ambiguous, and it is easy to mislead the readers.

I have reported this question to the appropriate engineering team for further investigation and evaluation. If they have any progress, I will notify you in time, and sometimes the appropriate engineers may directly reply you here.