Downloading Basecamp To-Do's comment attachments (PDF) via API — always returns 404 or login page HTML

Questions
1

Hi Team,

I’m building a workflow that downloads PDF files attached to Basecamp Todo comments and sends them to an AI for review. After extensive troubleshooting, I’m stuck on the PDF download step.

My Setup:

  • n8n v2.8.3 (Self Hosted)

  • Basecamp OAuth2 authentication — working correctly

  • Access token successfully retrieved

The Problem: When a file is attached to a Basecamp Todo comment, it generates a storage blob URL like:

https://storage.3.basecamp.com/xxxxxxx/blobs/BLOB-ID/download/file.pdf

This URL always returns either:

  • 404 when Bearer token is sent in Authorization header

  • Login page HTML when no auth is sent

What I’ve tried:

  • Bearer token in Authorization header → 404

  • Token as query parameter → 404

  • /uploads/ID.json endpoint → 404

  • /attachments/ID.json endpoint → 404

  • Following redirects with followRedirects: true → returns login HTML

Root cause I found: Basecamp comment attachment URLs only work with browser session cookies. OAuth Bearer tokens are rejected by the storage CDN. Basecamp’s API doesn’t create an Upload resource for comment attachments.

Question: Is there any way to download Basecamp comment attachments in n8n using OAuth? Has anyone solved this?

Thanks!

1 Like
2

Hi @Sadhana Welcome to the community!
As far as i have used Basecamp you currently cannot download Basecamp comment attachment blob URLs with OAuth in n8n because those storage links are protected by browser session cookies (not API tokens), and Basecamp doesn’t expose comment attachments as, so the only practical solution i would say is that if this problem is enterprise level consider reaching out here:

3

Yeah this is a known limitation with Basecamp’s storage CDN, the blob URLs are session-authenticated and won’t accept OAuth tokens at all. You’d basically need to either use their official API to get attachment content (which doesn’t exist for comment attachments specifically) or go the browser automation route with something like Puppeteer to handle the session cookies. Might be worth filing a feature request with Basecamp directly since this is really on their end.