cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

PAT can only access _apis/resources/Containers with Full Access, not a custom scope

Allen_Johnson
New Contributor

‎Feb 03 2023 10:57 AM - edited ‎Feb 03 2023 11:43 AM

‎Feb 03 2023 10:57 AM - edited ‎Feb 03 2023 11:43 AM

PAT can only access _apis/resources/Containers with Full Access, not a custom scope

I am trying to download a specific file from a build pipeline artifact using the following API call, where I retrieved the ArtifactId from a previous call:

https://dev.azure.com/$($companyname)/$($project)/_apis/resources/Containers/$($ArtifactId)?itmPath=...

So, trying to receive FileNameIWant.zip from inside MyArtifactName.

It works from a shell script using my Personal Access Token, only if that PAT has Full Access.

But if I set the PAT scope to Custom Defined, even if I turn on all the permissions as I can find, I always get a (401) Unauthorized error.

This seems like a bug or missing functionality to me. Does anyone know how to make this work with only a custom access scope?

 

Using a PAT with only Read access to Build and Release I can retrieve the entire artifact using _apis/build/builds/$($BuildId)/artifacts?artifactName=MyArtifactName 

 

 

267 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by Allen_Johnson (New Contributor)
Robina

‎Feb 04 2023 09:45 PM

‎Feb 04 2023 09:45 PM

Solution

Re: PAT can only access _apis/resources/Containers with Full Access, not a custom scope

To resolve the 401 unauthorized error with a custom access scope PAT, you can try giving the PAT access to the specific API endpoint that you are trying to access. The API endpoint for downloading a specific file from a build pipeline artifact is "/_apis/resources/Containers/$($ArtifactId)". To grant access to this API endpoint, you can go to Azure DevOps, navigate to your project settings, select "Security", and then add the scope for this API endpoint under the "Permissions" section. Make sure the PAT has at least read access to the API endpoint and try again.
0 Likes
Reply
Allen_Johnson

‎Feb 06 2023 06:52 AM

‎Feb 06 2023 06:52 AM

Re: PAT can only access _apis/resources/Containers with Full Access, not a custom scope

Thanks @Robina , I will check with our project administrator if this is still needed.

 

The problem resolved itself over the weekend, it's working now even though I didn't change any permissions on my PAT.

1 Like
Reply
Robina

‎Feb 06 2023 07:09 AM

‎Feb 06 2023 07:09 AM

Re: PAT can only access _apis/resources/Containers with Full Access, not a custom scope

@Allen_Johnson Thanks for the response.Glad to hear your issue resolve

0 Likes
Reply