Download artifacts from a public repo requires authentication token

The docs say otherwise:

“Anyone with read access to the repository can use this endpoint.”
However this fails:
curl -v -L -o “

Is this a problem with the doc or with permissions on artifacts?


According to my tests, the authentication token seems is required when downloading an artifact from a public repository.

  • When I tried to download an artifact from a public repository via the commands below, it returned the 403 error, and generated an invalid “” in the working directory.
# download without authentication token
curl -v -L -o \

error message:

< HTTP/1.1 403 Forbidden
< date: Wed, 01 Jul 2020 05:46:28 GMT
< content-type: application/json; charset=utf-8
< server:
< status: 403 Forbidden
  • When I tried to download the artifact with the authentication token via the commands below, the artifact can be downloaded successfully.
# download with authentication token
curl -v -L -u BrightRan:$token -o \

I’m not sure if we have misunderstood the description in the docs.
If the token is not required, I think there may be an issue causes the 403 error.
If the token is required, I think the description in the docs is somewhat ambiguous, and it is easy to mislead the readers.

I have reported this question to the appropriate engineering team for further investigation and evaluation. If they have any progress, I will notify you in time, and sometimes the appropriate engineers may directly reply you here.