Aws public link with response-content-disposition=attachment

Dear Monday Community,

In one of our many cases where we use monday, we are using the monday api for retrieving item’s assets public links, which come from amazon web services. The goal here is just to display embed a pdf inside an iframe element in order to display it. I noticed the generated links to this pdfs have always the following shape:

the problem here being the url query paramenter response-content-disposition=attachment, which makes the browser download the file automatically, instead of being displayed.

I have tried setting response-content-disposition=inline, or removing the parameter completely, but then I get: SignatureDoesNotMatch The request signature we calculated does not match the signature you provided. Check your key and signing method.

does anyone have any suggestions? we are really looking forward to continue using the monday api in many different ways.

@juan1 Are you able to use the url field instead of the public_url field of the asset? This shouldn’t have any of the query parameters in the url

thank you @mitchell.hudson, there is one problem with this approach, the link given by the url field is only reachable when you are logged in on monday, they usually look like this:,

trying to reach this url without a monday session redirects to the login page.

Hey @juan1,

I believe this wouldn’t be possible at the moment as modifying the AWS public URL will cause the signature not to match (hence the error you’re seeing). The public_url Mitchell recommend would probably be the best way to go - but moreso for accessing the file than embedding the file.

Could you shed some light on how you’re trying to use this in your workflow? Perhaps we can find some kind of workaround.


heyo @dsilva, thank you for your answer,

we are using a monday table to generate documentation for an intern application.

The documentation is composed of many documents, each one is represented by an Item inside a table. Each Item has a column which defines its type (e.g. pdf, template, etc).

In the case where the Item is of type pdf, there is also a column which we have a uploaded pdf file, which is accessible through the API.

We fetch all the boards items from the main group, and sometimes from other groups, and then we build our html from this information. In the case of an item with a type of pdf, we want to actually be able to show the pdf inside the browser, so that we dont interrupt the document flow.

Hey @juan1 - understood!

To be completely honest this wouldn’t be something we can support at the moment - though I will pass the feedback along to the team internally.

One possible workaround I could think of would be to invite these users as guests to your Monday account, with access only to specific boards. From there you would have two alternatives:

  • Have one board with all the onboarding information that these guests would have view access to.
  • Create one master onboarding board as a board template, and create a board for each user you are onboarding.

Another (admittedly not great work around) would also be to download the files to your server, but this would involve keeping two copies of these files.


Hi @dsilva Can you Please help me to know one query

We plan to implement a chatbot on our platform and we would like for all those leads coming through the chatbot to be added to our sales module automatically.

Can this integration would be possible?

Can you please help me with this? Please help

Hi @Vani - welcome to the community!

Could you expand a bit more on what you are trying to achieve with the chatbot, and what issues you are facing? If needed we can move this to it’s own separate thread to further discuss there.


is there a reason why you guys have CORS enabled for the public_url? I am trying to use javascript fetch on the public url, it is getting rejected by CORS policy, clicking on the link is not a problem…

Hey @juan1 - let me check in with the team on this one for some more info.


@dsilva have you heard anything back? ^^

Hey @juan1 - I don’t have more info just yet (the team was still looking into this the last time I checked). Let me follow up with them and we should have something for you early next week.


@juan1 - sorry for the delay on this. It looks like there might be an issue with the way CORS is set up on that particular portion of the application. We’re looking further into it on our end, I’ll let you know as soon as I know more.


Hi @juan1
Can you please elaborate more on the use case that you are trying to implement?

Public URL, that we are providing for attachments, is not meant to be fetched from 3rd party domains and being injected into other pages.
This is a temporary downloadable URL for sharing the attachment with users outside of your account.
If the attachment is an image, you can use the public_url as the “src” attribute in the tag. is not a file-sharing platform, this is why we want to understand the use case better because opening CORS (returning Access-Control-Allow-Origin: * header) for all files hosted on the platform has it’s security concerns.


Hello dsilva,

Thanks for your response. How could I connect with you separately?
Please do let me know. I have something to discuss with you.

Hey @Vani - you can email our support address or DM me your email address and I’ll open up a ticket with you on Zendesk.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.