Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

midnightcipher's avatar

Getting attachment from mailgun

Unsure if this is the right place to ask but I'm trying to setup inbound emails. I've got it so my application accepts emails via a webhook and now I'm trying to use the Guzzle client to request the file and store it into my local storage folder.

    {
        
        $files = collect(json_decode($request->input('attachments'), true))
            ->filter(function ($file) {
                return $file['content-type'] == 'application/pdf';
            });

        if ($files->count() === 0) {
            return response()->json([
                'status' => 'error',
                'message' => 'Missing expected PDF attachment'
            ], 406);
        }

        foreach($files as $file){
            $response = (new Client())->get($file['url'], [
                'auth' => ['api', config('services.mailgun.secret')],
            ]);
           $pdf = $response->getBody();

            Storage::put($file['name'], $pdf);
        }

        return response()->json(['status' => 'ok'], 200);
    }

This is the code that is not working:

$response = (new Client())->get($file['url'], [
                'auth' => ['api', config('services.mailgun.secret')],
            ]);

Example of what is stored in $file['url']

https://se.api.mailgun.net/v3/domains/sandboxf0ce04dxxxxxxxxxxxxxxx.mailgun.org/messages/eyJwIjpmYWxzZSwiayI6ImZxxxxxxxxxxxxNDYxZi1iNTQ1LWUwOWM2NTQ3NjA0MyIsInMiOiIxYWFiMWI1MTQ3IiwiYyI6InRhbmtiIn0=/attachments/0

Error:

[2019-01-05 03:36:50] local.ERROR: Client error: `GET https://se.api.mailgun.net/v3/domains/sandboxf0ce04d10b4b4c1287962dda52b3e7a6.mailgun.org/messages/eyJwIjpmYWxzZSwiayI6ImZhNjI5NTY1LTMwYjUtNDYxZi1iNTQ1LWUwOWM2NTQ3NjA0MyIsInMiOiIxYWFiMWI1MTQ3IiwiYyI6InRhbmtiIn0=/attachments/0` resulted in a `401 UNAUTHORIZED` response: Forbidden

Now I understand that for some reason it's not authenticating correctly but unsure why when I'm passing through the correct Application Secret Key. I've read on the internet it may just be a sandbox issue but wanted some insight before attempting live.

0 likes
7 replies
midnightcipher's avatar

@AURAWINDSURFING - Yep. That's the tutorial I'm using to create this. Still cannot get it working. I think it may be a mailgun issue but have yet to reach out to support. Thought someone here would of hit the same problem as me.

aurawindsurfing's avatar

Can you send email with this mailgun? The naming of secrets and kays is kind of funny there. Try playing round with it.

midnightcipher's avatar

@AURAWINDSURFING - Yup, I just blanked out my keys and domain with x's haha. But yeah I get the email perfectly fine but when I try and use guzzle client to download the file from the file URL I get a 401 forbidden. I'm passing the correct key through so not sure why it's not authenticating.

Snapey's avatar

As you are getting the key from config, check that you don't have an old key cached.

open tinker and enter config('services.mailgun.secret') and check that the API key is as you expected,

1 like
midnightcipher's avatar

@SNAPEY - Sadly it’s not that. I tried hard coding the secret and still no luck. It must be a mailgun issue at play here! :/

Snapey's avatar

If this is an attachment to a mail you are recieving, is it the correct key?

Please or to participate in this conversation.