If an email contains an attachment this must be uploaded before the email is sent. This method accepts the upload of one file at a time. It will return its temporary path which can be used as the attachment path in the email JSON data. The name of the file form field is not taken into concern (can be whatever). The important rule is that only one file will be uploaded at a time and that you are sending the Content-Type: multipart/form-data header instead of application/json.


POST https://gambio-shop.de/shop1/api.php/v2/attachments

Form parameters

Parameter name Value Description Additional
upload_attachment file

The attachment to upload

filename string

The final filename



In order to provide the authentication, you must insert the Basic Auth inside the HTTP header. The Basic Auth is an encrypted base64 string that holds the following content: admin@shop.de:12345 where the structure is as follows: username:password.

An example header would look as follows:

Authorization: Basic YWRtaW5Ac2hvcC5kZToxMjM0NQ==

This request requires the use of one of following authorisation methods: BASIC .


The following HTTP status codes may be returned, optionally with a response resource.

Status code Description Resource
201 Created

Upon success, returns the default success response with the attachment path

400 Bad Request

(No attachment file was provided)


Example Snippets

Here are some example implementations for this operation.

curl --request POST \ --url https://gambio-shop.de/shop1/api.php/v2/attachments \ --header 'accept: multipart/form-data' \ --header 'authorization: Basic REPLACE_BASIC_AUTH' \ --header 'content-type: application/json'
wget --quiet \ --method POST \ --header 'accept: multipart/form-data' \ --header 'content-type: application/json' \ --header 'authorization: Basic REPLACE_BASIC_AUTH' \ --output-document

http POST https://gambio-shop.de/shop1/api.php/v2/attachments \ accept:multipart/form-data \ authorization:'Basic REPLACE_BASIC_AUTH' \ content-type:application/json
HttpResponse response = Unirest.post("https://gambio-shop.de/shop1/api.php/v2/attachments") .header("accept", "multipart/form-data") .header("content-type", "application/json") .header("authorization", "Basic REPLACE_BASIC_AUTH") .asString();
OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder() .url("https://gambio-shop.de/shop1/api.php/v2/attachments") .post(null) .addHeader("accept", "multipart/form-data") .addHeader("content-type", "application/json") .addHeader("authorization", "Basic REPLACE_BASIC_AUTH") .build();

Response response = client.newCall(request).execute();

var client = new RestClient("https://gambio-shop.de/shop1/api.php/v2/attachments"); var request = new RestRequest(Method.POST); request.AddHeader("accept", "multipart/form-data"); request.AddHeader("content-type", "application/json"); request.AddHeader("authorization", "Basic REPLACE_BASIC_AUTH"); IRestResponse response = client.Execute(request);
var http = require("https");

var options = { "method": "POST", "hostname": "gambio-shop.de", "port": null, "path": "/shop1/api.php/v2/attachments", "headers": {

"accept": "multipart/form-data",
"content-type": "application/json",
"authorization": "Basic REPLACE_BASIC_AUTH"

} };

var req = http.request(options, function (res) { var chunks = [];

res.on("data", function (chunk) {



res.on("end", function () {

var body = Buffer.concat(chunks);

}); });


var request = require("request");

var options = { method: 'POST', url: 'https://gambio-shop.de/shop1/api.php/v2/attachments', headers: {

accept: 'multipart/form-data',
'content-type': 'application/json',
authorization: 'Basic REPLACE_BASIC_AUTH'

} };

request(options, function (error, response, body) { if (error) throw new Error(error);

console.log(body); });

var unirest = require("unirest");

var req = unirest("POST", "https://gambio-shop.de/shop1/api.php/v2/attachments");

req.headers({ "accept": "multipart/form-data", "content-type": "application/json", "authorization": "Basic REPLACE_BASIC_AUTH" });

req.end(function (res) { if (res.error) throw new Error(res.error);

console.log(res.body); });

var data = null;

var xhr = new XMLHttpRequest(); xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) {


} });

xhr.open("POST", "https://gambio-shop.de/shop1/api.php/v2/attachments"); xhr.setRequestHeader("accept", "multipart/form-data"); xhr.setRequestHeader("content-type", "application/json"); xhr.setRequestHeader("authorization", "Basic REPLACE_BASIC_AUTH");


var settings = { "async": true, "crossDomain": true, "url": "https://gambio-shop.de/shop1/api.php/v2/attachments", "method": "POST", "headers": {

"accept": "multipart/form-data",
"content-type": "application/json",
"authorization": "Basic REPLACE_BASIC_AUTH"

} }

$.ajax(settings).done(function (response) { console.log(response); });


$curl = curl_init();

curl_setopt_array($curl, array( CURLOPT_URL => "https://gambio-shop.de/shop1/api.php/v2/attachments", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_HTTPHEADER => array(

"accept: multipart/form-data",
"authorization: Basic REPLACE_BASIC_AUTH",
"content-type: application/json"

), ));

$response = curl_exec($curl); $err = curl_error($curl);


if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }


$request = new HttpRequest(); $request->setUrl('https://gambio-shop.de/shop1/api.php/v2/attachments'); $request->setMethod(HTTP_METH_POST);

$request->setHeaders(array( 'accept' => 'multipart/form-data', 'content-type' => 'application/json', 'authorization' => 'Basic REPLACE_BASIC_AUTH' ));

try { $response = $request->send();

echo $response->getBody(); } catch (HttpException $ex) { echo $ex; }


$client = new http\Client; $request = new http\Client\Request;

$request->setRequestUrl('https://gambio-shop.de/shop1/api.php/v2/attachments'); $request->setRequestMethod('POST'); $request->setHeaders(array( 'accept' => 'multipart/form-data', 'content-type' => 'application/json', 'authorization' => 'Basic REPLACE_BASIC_AUTH' ));

$client->enqueue($request)->send(); $response = $client->getResponse();

echo $response->getBody();

import http.client

conn = http.client.HTTPSConnection("gambio-shop.de")

headers = {

'accept': "multipart/form-data",
'content-type': "application/json",
'authorization': "Basic REPLACE_BASIC_AUTH"

conn.request("POST", "/shop1/api.php/v2/attachments", headers=headers)

res = conn.getresponse() data = res.read()


import requests

url = "https://gambio-shop.de/shop1/api.php/v2/attachments"

headers = {

'accept': "multipart/form-data",
'content-type': "application/json",
'authorization': "Basic REPLACE_BASIC_AUTH"

response = requests.request("POST", url, headers=headers)


require 'uri' require 'net/http' require 'openssl'

url = URI("https://gambio-shop.de/shop1/api.php/v2/attachments")

http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url) request["accept"] = 'multipart/form-data' request["content-type"] = 'application/json' request["authorization"] = 'Basic REPLACE_BASIC_AUTH'

response = http.request(request) puts response.read_body

CURL *hnd = curl_easy_init();

curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://gambio-shop.de/shop1/api.php/v2/attachments");

struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "accept: multipart/form-data"); headers = curl_slist_append(headers, "content-type: application/json"); headers = curl_slist_append(headers, "authorization: Basic REPLACE_BASIC_AUTH"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);

CURLcode ret = curl_easy_perform(hnd);

package main

import (



func main() {

url := "https://gambio-shop.de/shop1/api.php/v2/attachments"

req, _ := http.NewRequest("POST", url, nil)

req.Header.Add("accept", "multipart/form-data")
req.Header.Add("content-type", "application/json")
req.Header.Add("authorization", "Basic REPLACE_BASIC_AUTH")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)




NSDictionary *headers = @{ @"accept": @"multipart/form-data",

                       @"content-type": @"application/json",
                       @"authorization": @"Basic REPLACE_BASIC_AUTH" };

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://gambio-shop.de/shop1/api.php/v2/attachments"]


[request setHTTPMethod:@"POST"]; [request setAllHTTPHeaderFields:headers];

NSURLSession *session = [NSURLSession sharedSession]; NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request

                                        completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                            if (error) {
                                                NSLog(@"%@", error);
                                            } else {
                                                NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                NSLog(@"%@", httpResponse);

[dataTask resume];

import Foundation

let headers = [ "accept": "multipart/form-data", "content-type": "application/json", "authorization": "Basic REPLACE_BASIC_AUTH" ]

let request = NSMutableURLRequest(url: NSURL(string: "https://gambio-shop.de/shop1/api.php/v2/attachments")! as URL,

                                    cachePolicy: .useProtocolCachePolicy,
                                timeoutInterval: 10.0)

request.httpMethod = "POST" request.allHTTPHeaderFields = headers

let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) {


} else {

let httpResponse = response as? HTTPURLResponse

} })


open Cohttp_lwt_unix open Cohttp open Lwt

let uri = Uri.of_string "https://gambio-shop.de/shop1/api.php/v2/attachments" in let headers = Header.add_list (Header.init ()) [ ("accept", "multipart/form-data"); ("content-type", "application/json"); ("authorization", "Basic REPLACE_BASIC_AUTH"); ] in

Client.call ~headers `POST uri

= fun (res, body_stream) -> (* Do stuff with the result *)