> ## Documentation Index
> Fetch the complete documentation index at: https://docs.incentives.leap.energy/llms.txt
> Use this file to discover all available pages before exploring further.

# Download Attachment

> Get a signed download URL for an attachment. The URL is valid for 1 hour.

## Overview

Get a signed download URL for an attachment.

<Tip>
  The signed URL is valid for 1 hour. The response includes three fields (`downloadUrl`, `url`, `file_url`) all containing the same URL for compatibility.
</Tip>

For more information, see the [Attachments Workflow section](/api-reference/guides/api-guide#attachments-workflow) in the API Guide.


## OpenAPI

````yaml GET /applications/attachments/{id}/download
openapi: 3.0.3
info:
  title: Leap Energy API
  description: >-
    The Leap Energy API provides a unified interface for managing rebate
    incentives and applications.


    ## Incentives API

    Search for and calculate incentive amounts across multiple utility programs.
    Given a customer

    address and building type, the API identifies applicable utility programs
    and calculates potential

    incentive amounts for various device and tier combinations. When your
    organization has a webhook URL

    configured (Webhook Config API), each successful lookup triggers a POST to
    your URL with the response

    and optional custom fields (`webhook_custom_fields`).


    ## Applications API

    Manage rebate applications on behalf of customers. Applications represent a
    customer's request

    for a rebate under a specific utility program, including customer
    information, device details,

    and application metadata.
  version: 2.0.0
  contact:
    name: Leap Energy
    url: https://leap.energy
servers:
  - url: https://api.incentives.leap.energy/alpha
    description: Production API
security:
  - ApiKeyAuth: []
  - BearerAuth: []
paths:
  /applications/attachments/{id}/download:
    get:
      summary: Download attachment
      description: >-
        Get a signed download URL for an attachment. The URL is valid for 1
        hour.


        **Authentication:**

        Requires API key authentication via `x-api-key` header. The application
        must belong to your organization.


        The signed URL is valid for 1 hour. The response includes three fields
        (`downloadUrl`, `url`, `file_url`) all containing the same URL for
        compatibility.
      operationId: downloadAttachment
      parameters:
        - name: id
          in: path
          description: Attachment ID
          required: true
          schema:
            type: integer
          example: 456
        - name: application_id
          in: query
          description: Application ID that the attachment belongs to.
          required: false
          schema:
            type: integer
          example: 123
      responses:
        '200':
          description: Successfully retrieved download URL
          content:
            application/json:
              schema:
                type: object
                properties:
                  downloadUrl:
                    type: string
                    format: uri
                    description: Signed download URL (valid for 1 hour)
                    example: >-
                      https://your-project.supabase.co/storage/v1/object/sign/attachments/app-123/uuid-invoice.pdf?token=...
                  url:
                    type: string
                    format: uri
                    description: >-
                      Signed download URL (same as downloadUrl, for
                      compatibility)
                    example: >-
                      https://your-project.supabase.co/storage/v1/object/sign/attachments/app-123/uuid-invoice.pdf?token=...
                  file_url:
                    type: string
                    format: uri
                    description: >-
                      Signed download URL (same as downloadUrl, for
                      compatibility)
                    example: >-
                      https://your-project.supabase.co/storage/v1/object/sign/attachments/app-123/uuid-invoice.pdf?token=...
        '400':
          description: Invalid request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          description: Attachment not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  schemas:
    Error:
      type: object
      required:
        - code
        - message
        - requestId
      properties:
        code:
          type: string
          description: Error code identifying the type of error
          example: not_found
        message:
          type: string
          description: Human-readable error message
          example: Application 123 not found
        details:
          description: Additional error details (optional)
          example: Additional context about the error
        requestId:
          type: string
          description: Unique request identifier for tracking and debugging
          example: 550e8400-e29b-41d4-a716-446655440000
  responses:
    UnauthorizedError:
      description: API key is missing or invalid
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    ForbiddenError:
      description: >-
        Access forbidden - resource does not belong to your organization or
        insufficient permissions
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalServerError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key
      description: >
        API key for authentication. Include your Leap API key in the `x-api-key`
        header: `x-api-key: leap_live_...`
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: Clerk JWT token for portal authentication

````