> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tetherai.ca/llms.txt
> Use this file to discover all available pages before exploring further.

# Download an attachment with forced Content-Disposition

> Generates a short-lived signed URL with `Content-Disposition: attachment` so the browser downloads the file, and 302-redirects to it. No auth middleware is applied — access control is enforced by the unguessable storage key plus the signed URL TTL (3600s).



## OpenAPI

````yaml /api-reference/openapi.yaml get /api/messages/download
openapi: 3.0.3
info:
  title: Tether Relay and Tether API
  version: 1.0.0
  description: >-
    Route-derived OpenAPI contract generated from tether-relay backend sources.
    Regenerate with scripts/sync-openapi-from-backend.mjs.
servers:
  - url: https://your-instance.example.com
    description: Production
  - url: http://localhost:2212
    description: Local API service
security: []
tags:
  - name: AI
  - name: Applications
  - name: Approval
  - name: Auth
  - name: Automations
  - name: Calls
  - name: Campaigns
  - name: Contact Analytics
  - name: Contact Metrics
  - name: Contact Notes
  - name: Contacts
  - name: Conversation Monitor
  - name: Conversations
  - name: Departments
  - name: Email
  - name: Escalation Dashboard
  - name: Event Logs
  - name: Google Sheets
  - name: Marketplace
  - name: Messages
  - name: Notification Sounds
  - name: Notifications
  - name: Org Snapshots
  - name: Organizations
  - name: Outreach
  - name: Outreach Metrics
  - name: Outreach Sources
  - name: Pipelines
  - name: Processes
  - name: Prompts
  - name: Reminders
  - name: Sms
  - name: Templates
  - name: Traces
  - name: Training
  - name: Upload
  - name: User Snapshots
  - name: Users
  - name: Vertical
  - name: Webchats
  - name: Webhook
paths:
  /api/messages/download:
    get:
      tags:
        - Messages
      summary: Download an attachment with forced Content-Disposition
      description: >-
        Generates a short-lived signed URL with `Content-Disposition:
        attachment` so the browser downloads the file, and 302-redirects to it.
        No auth middleware is applied — access control is enforced by the
        unguessable storage key plus the signed URL TTL (3600s).
      operationId: get_messages_download
      parameters:
        - in: query
          name: key
          required: true
          schema:
            type: string
          description: Full R2 storage key
        - in: query
          name: fileName
          required: false
          schema:
            type: string
            default: download
          description: Filename to suggest in the Content-Disposition header
      responses:
        '302':
          description: Redirect to signed R2 URL with download disposition
          headers:
            Location:
              description: Signed download URL
              schema:
                type: string
        '400':
          description: Storage key is required
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MessagesDownloadErrorResponse'
        '500':
          description: Failed to generate download URL
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MessagesDownloadErrorResponse'
components:
  schemas:
    MessagesDownloadErrorResponse:
      type: object
      properties:
        success:
          type: boolean
          enum:
            - false
        message:
          type: string
        error:
          type: string
      additionalProperties: true
      example:
        success: false
        message: Storage key is required
        error: BAD_REQUEST

````