Share via

How fix 401 unauthorized error while adding attachmentot azure work item using azure peline

Nayna Morekar 0 Reputation points
2026-01-20T13:07:37.6933333+00:00

Hello,

I am trying to add an attachment to the work item using Azure pipeline I am using REST api PATCH to add the attachment. I am getting HTTP ERROR: The remote server returned an error: (401) Unauthorized.

Azure API Management
Azure API Management

An Azure service that provides a hybrid, multi-cloud management platform for APIs.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siddhesh Desai 7,480 Reputation points Microsoft External Staff Moderator
    2026-01-20T13:17:12.1166667+00:00

    Hi @Nayna Morekar Thank you for reaching out to Microsoft Q&A.

    I have reproduced your issue and was able to attach the Attachment in the workitem:

    To attach any attachment in work item, You need to use two API's

    1. https://learn.microsoft.com/en-us/rest/api/azure/devops/wit/attachments/create?view=azure-devops-rest-7.1&tabs=HTTP#upload-a-text-file
    2. https://learn.microsoft.com/en-us/rest/api/azure/devops/wit/work-items/update?view=azure-devops-rest-7.1&tabs=HTTP#add-an-attachment

    Make sure you have Read, Write and Manage permission assigned to the PAT token.

    I have used below Powershell code to call both the API's and was able to attach the attachment successfully, I am adding the txt file content in the code itself and creating an attachment then updating it to work item:

    
# ----------------------------
# Inputs
# ----------------------------
$org        = "xxxxxxx"
$project    = "xxxxxxxx"   # has a space -> must be URL-encoded
$pat        = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"  
$apiVersion = "7.1"
$fileName     = "xxxxxxxttachment.txt"
$textToUpload = "Uxxxxxxx xxxxx xxxx"
# ----------------------------
# Helpers
# ----------------------------
$projectEncoded = [uri]::EscapeDataString($project)
$basicAuth = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$pat"))
$headers = @{
  Authorization = "Basic $basicAuth"
}
# ----------------------------
# 1) Upload attachment (POST)
# ----------------------------
$uploadUrl = "https://dev.azure.com/$org/$projectEncoded/_apis/wit/attachments?fileName=$fileName&api-version=$apiVersion"
Write-Host "UPLOAD URL => $uploadUrl"
# Send as octet-stream bytes
$bytes = [Text.Encoding]::UTF8.GetBytes($textToUpload)
$uploadResp = Invoke-RestMethod `
  -Uri $uploadUrl `
  -Method Post `
  -Headers $headers `
  -ContentType "application/octet-stream" `
  -Body $bytes
$attachmentUrl = $uploadResp.url
Write-Host "Attachment uploaded. URL => $attachmentUrl"
# ----------------------------
# 2) Attach to work item (PATCH)
# IMPORTANT: Use a literal JSON Patch array string to avoid PowerShell JSON quirks.
# 4 below is the workitemID
$patchUrl = "https://dev.azure.com/$org/$projectEncoded/_apis/wit/workitems/4?api-version=$apiVersion"
Write-Host "PATCH URL  => $patchUrl"
$patchBody = @"
[
  {
    "op": "add",
    "path": "/relations/-",
    "value": {
      "rel": "AttachedFile",
      "url": "$attachmentUrl",
      "attributes": {
        "comment": "Spec for the work"
      }
    }
  }
]
"@
$patchResp = Invoke-RestMethod `
  -Uri $patchUrl `
  -Method Patch `
  -Headers $headers `
  -ContentType "application/json-patch+json" `
  -Body $patchBody
Write-Host "Done. Work item updated. New rev => $($patchResp.rev)"

    Output:

    User's image

    User's image

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-01-20T13:07:46.8466667+00:00

    To resolve the HTTP 401 Unauthorized error while adding an attachment to an Azure work item using the Azure pipeline, you should check the following:

    1. Authentication: Ensure that you are providing a valid access token in your request. The token should be generated for the correct audience and issuer as defined in your Azure configuration.
    2. Permissions: Verify that the access token has the necessary permissions to perform the operation of adding an attachment to the work item. If the token does not have the required permissions, you will receive a 401 error.
    3. Correct API Endpoint: Make sure you are using the correct REST API endpoint for adding attachments to work items. The endpoint must be properly formatted and include the necessary headers, including the authorization header with the bearer token.
    4. Subscription Key: If you are using Azure API Management, ensure that you are including a valid subscription key in the request header. This is typically done using the Ocp-Apim-Subscription-Key header.
    5. Token Expiration: Check if the access token has expired. If it has, you will need to obtain a new token and retry the request.

    By addressing these points, you should be able to resolve the 401 Unauthorized error and successfully add the attachment to your Azure work item.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.