Deleting job artifacts

Hello,

I’m trying to delete a build artifact which is no longer needed at the end of a pipeline (used to share some files between steps), however I’ve not been able to get it to work.

This is the command step I’ve added to the end of the pipeline:

for artifact in $(buildkite-agent artifact search ... --format "%j:%i")
do
	job_uuid="$(cut -d: -f1 <<< "$artifact")"
	artifact_uuid="$(cut -d: -f2 <<< "$artifact")"

	curl -LX DELETE -H "Authorization: Bearer ${BUILDKITE_AGENT_ACCESS_TOKEN}" "https://api.buildkite.com/v2/organizations/${BUILDKITE_ORGANIZATION_SLUG}/pipelines/${BUILDKITE_PIPELINE_SLUG}/builds/${BUILDKITE_BUILD_NUMBER}/jobs/${job_uuid}/artifacts/${artifact_uuid}"
done

The API returns an error response with the following message:

“Authentication required. Please supply a valid API Access Token: REST API overview | Buildkite Documentation

I’ve seen conflicting examples/documentation for how the token should be provided to the DELETE endpoint - either using the Authorization header, or an access_token query parameter, but I get the same error with either.

The documentation states that BUILDKITE_AGENT_ACCESS_TOKEN contains a token valid for the lifetime of the job which is used internally by (e.g.) buildkite-agent artifact, so I’m assuming I can use it for REST API calls too.

What do I need to do to resolve this?

Thanks

Hey @solemnwarning :wave:

Welcome to the buildkite community!

BUILDKITE_AGENT_ACCESS_TOKEN is used by the agent as a session token for the duration of the job. To delete artifacts using the REST API, you will need to provide an API token associated with the user.
Could you create API access token with required scope for the right organisation and try deleting the artifact?

Cheers,
Priya

Hello Priya,

Thanks for the response, using an API token with the read/write package scopes instead of BUILDKITE_AGENT_ACCESS_TOKEN solved the issue, using just the Authorization header as in the above snippet.