Hey @kuntaykunt,
Sure things, it comes from Privacy Rules.
The solution to allow access from backend action is to append at the end of the URL ?api_token=xxxxx
The API token may be either a user token or a system token generated from your app’s settings.
See Send private file through API connector - #8 by akoziol
Keep in mind that back-end actions are subject to file size limits.
To overcome this limitation, you may also be interested in Cloud2Cloud File Transfer Plugin | Bubble