netbox icon indicating copy to clipboard operation
netbox copied to clipboard
verified publisher icon netbox-community

Media assets not reachable anymore through api requests since media requires

Open 33Fraise33 opened this issue 7 months ago • 3 comments

Deployment Type

Self-hosted

NetBox Version

since 4.1.7

Python Version

3.12

Steps to Reproduce

  1. Use the api to retrieve image attachments
  2. Try to retrieve the attachment by the url provided with the api key
  3. this gives a failure when LOGIN_REQUIRED is set to true - related to https://github.com/netbox-community/netbox/pull/17990

Expected Behavior

Allow a way to retrieve an image by url with an API key.

Observed Behavior

an error occurs because the request is not authenticated.

33Fraise33 avatar Jun 06 '25 15:06 33Fraise33

Please extend your post above to include the exact API request(s) you're making for reference.

jeremystretch avatar Jun 06 '25 16:06 jeremystretch

There is currently no API endpoint that returns the binary image data. The standard endpoint only provides metadata, including a URL to the image itself:

GET /api/extras/image-attachments/{id}/
{
  "id": 0,
  "url": "string",
  "display": "string",
  "object_type": "string",
  "object_id": 9223372036854776000,
  "parent": "string",
  "name": "string",
  "image": "string",
  "image_height": 0,
  "image_width": 0,
  "created": "2025-06-10T15:19:01.816Z",
  "last_updated": "2025-06-10T15:19:01.816Z"
}

Ref: API Documentation

If you are writing an application that needs to retrieve the images, you used to be able to use this url directly:

media/image-attachments/your_image_name.jpg

This worked because image attachments were available without authentication. This was fixed with https://github.com/netbox-community/netbox/issues/17972 in Netbox 4.1.7

Programmatic scripts and API clients authenticate using a bearer token in the Authorization header. This token is not accepted at the /media/ URL, leading to a redirect to the login page.

Impact

This makes it very difficult for any external application or script to retrieve images from NetBox.

Additionally, the EXEMPT_VIEW_PERMISSIONS setting does not seem to apply to this protected media view, preventing a potential workaround for instances where public access to certain images might be acceptable.

Proposed solution

A possible solution could be to create a dedicated API endpoint for downloading the image, which would respect the Authorization header. For example:

GET /api/extras/image-attachments/{id}/download/

cedricverhaeghe avatar Jun 10 '25 16:06 cedricverhaeghe

Thanks @cedricverhaeghe for providing the context, @jeremystretch do you require more info or is this sufficient?

33Fraise33 avatar Jun 10 '25 16:06 33Fraise33