diff --git a/crmAttachment.go b/crmAttachment.go
new file mode 100644
index 0000000..cc95148
--- /dev/null
+++ b/crmAttachment.go
@@ -0,0 +1,82 @@
+package main
+
+import (
+	"encoding/json"
+	"log"
+)
+
+type attachmentID struct {
+	ID string `json:"attachmentId"`
+}
+
+func crmAttachFile(path string) (fileID string) {
+	//http post
+	r, _ := crmPostAttach(path)
+	attach := attachmentID{}
+	json.Unmarshal([]byte(r), &attach)
+	return attach.ID
+}
+
+func crmPostAttachmentURL() string {
+	return "https://c.hitxy.org.au/api/v1/Attachment/action/upload"
+}
+
+func crmAuthHeader() string {
+	return "Basic cGF0cmljazpiNjFmYWRlMTM5OWYwY2ZjNmZjZjcxNTU0OTljNTNkOQ=="
+	//return "Basic cGF0cmljazp3b3JraGFyZA=="
+}
+
+func crmFileDataString(path string) string {
+	//read file
+	//encode it
+	return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAXIAAAFyAQMAAADS6sNKAAAABlBMVEX///8AAABVwtN+AAABsklEQVR4nO2aS47EIAxEkXKAHClX7yPlAJHcwR8MgZnljCqqWrjzefQG29iQUiiKoiiK+h+J67Krcqg566s93n3I4/J2s1/1apP7shq9vU2PkMfk67TrO/UCN5s9M0ch/wq+uoI6hYjFO/k38Yaa0eHkX8GXYe6b0Wc9Qh6Sz3rssz/Msh4jD8X3I9t6raX2miKPxasr3F1UjfJTl+rN0HCFbfIf8kC8zn033NBTmyqx9oo8Ml97J98Faeu1ds7aVE31GHk43k1U3mHkfJRi5CF58V3MLrN7U+WJ4OEP5JF4i2grxYLPreq5MiOPxQdweWYvLZWrPxxT0JOH4rPKHraq16UbeTg+UrlEAWYOEPX2yn/IY/GezyVLbc/nl/8beVw+HucBRFULf0XI4/IZ1j73w8liWYg8Eh+ldoT1ERsgnWeQx+X7kZnA9xz03O8iD8X7tEeXXErpv9eyQeSBebsJIJtm94cpP5AH43cP8OinfKk2zeeP5GH56KfSFeZDCfKovNjOtcjYSv3oD+QxeP1prbL1U/m91llGkQfjXddQb9t54u/1G3kEnqIoiqKov9QXf1Q2La7tzOYAAAAASUVORK5CYII="
+}
+
+func crmPostAttach(path string) (resp string, err error) {
+	headers := map[string]string{}
+	headers["Authorization"] = crmAuthHeader()
+	headers["Accept"] = "application/json, text/javascript, */*; q=0.01"
+	data := []byte(crmFileDataString(path))
+	URL := crmPostAttachmentURL()
+	resp, err = postRAW(data, URL, headers)
+	return
+}
+
+type attachmentInfo struct {
+	ID              string `json:"id"`              //"id": "591e55398345683ee",
+	Name            string `json:"name"`            //"name": "static_qr_code_without_logo.png",
+	Deleted         bool   `json:"deleted"`         //"deleted": false,
+	Type            string `json:"type"`            // "type": "image\/png",
+	Size            int    `json:"size"`            //"size": 509,
+	SourceID        string `json:"sourceId"`        //"sourceId": null,
+	CreateAT        string `json:"createAt"`        //"createdAt": "2017-05-19 02:15:21",
+	Role            string `json:"role"`            //"role": "Attachment",
+	Storage         string `json:"storage"`         //"storage": null,
+	StorageFielPath string `json:"storageFilePath"` //"storageFilePath": null,
+	Global          bool   `json:"global"`          // "global": false,
+	ParentID        string `json:"parentId"`        // "parentId": null,
+	ParentType      string `json:"parentType"`      // "parentType": null,
+	RelatedID       string `json:"relatedId"`       // "relatedId": null,
+	RelatedType     string `json:"relatedType"`     // "relatedType": null,
+	CreatedByID     string `json:"createdById"`     // "createdById": "1",
+	CreatedbyName   string `json:"createdByName"`   // "createdByName": "Admin"
+}
+
+func crmPatchAttachmentInfo(id string) (j string) {
+	info := map[string]interface{}{}
+	//{"name":"static_qr_code_without_logo.png","type":"image/png","role":"Attachment","size":509}
+	info["name"] = "static_qr_code_without_logo.png"
+	info["type"] = "image/png"
+	info["role"] = "Attachment"
+	info["size"] = 509
+	url := "https://c.hitxy.org.au/api/v1/Attachment/591e5f7b9463d7147"
+
+	headers := map[string]string{}
+	headers["Authorization"] = crmAuthHeader()
+	headers["Content-Type"] = "application/json"
+
+	jb, _ := json.Marshal(info)
+	log.Println(string(jb))
+	j, _ = putRAW(jb, url, headers)
+	return
+}
diff --git a/crmAttachment_test.go b/crmAttachment_test.go
new file mode 100644
index 0000000..c57285c
--- /dev/null
+++ b/crmAttachment_test.go
@@ -0,0 +1,26 @@
+package main
+
+import "testing"
+import "log"
+import "encoding/json"
+
+func TestCRMAttachFile(t *testing.T) {
+	id := crmAttachFile("media_for_test/200x200.png")
+	log.Println(id)
+
+}
+
+func TestPatchAttachmentInfo(t *testing.T) {
+	crmPatchAttachmentInfo("591e5f7b9463d7147")
+}
+
+func TestDecodeJsonResponse(t *testing.T) {
+	msg := `
+{"id":"591e55398345683ee","name":"static_qr_code_without_logo.png","deleted":false,"type":"image\/png"
+,"size":509,"sourceId":null,"createdAt":"2017-05-19 02:15:21","role":"Attachment","storage":null,"storageFilePath"
+:null,"global":false,"parentId":null,"parentType":null,"relatedId":null,"relatedType":null,"createdById"
+:"1","createdByName":"Admin"}	`
+	info := attachmentInfo{}
+	err := json.Unmarshal([]byte(msg), &info)
+	AssertEqual(t, err, nil, "json decode shold be correct")
+}
diff --git a/sample_data/patch_crm_attachment.json b/sample_data/patch_crm_attachment.json
new file mode 100644
index 0000000..ae7ce8b
--- /dev/null
+++ b/sample_data/patch_crm_attachment.json
@@ -0,0 +1,19 @@
+{
+    "id": "591e55398345683ee",
+    "name": "static_qr_code_without_logo.png",
+    "deleted": false,
+    "type": "image\/png",
+    "size": 509,
+    "sourceId": null,
+    "createdAt": "2017-05-19 02:15:21",
+    "role": "Attachment",
+    "storage": null,
+    "storageFilePath": null,
+    "global": false,
+    "parentId": null,
+    "parentType": null,
+    "relatedId": null,
+    "relatedType": null,
+    "createdById": "1",
+    "createdByName": "Admin"
+}
\ No newline at end of file
diff --git a/upload.go b/upload.go
index 8d6378f..e36d30c 100644
--- a/upload.go
+++ b/upload.go
@@ -8,6 +8,7 @@ import (
 	"log"
 	"mime/multipart"
 	"net/http"
+	"net/http/httputil"
 	"os"
 )
 
@@ -55,18 +56,46 @@ func postFileForm(filename string, targetURL string, formFieldName string) (strJ
 }
 
 func postJSON(jsonB []byte, targetURL string) (resp string, err error) {
-	req, err := http.NewRequest("POST", targetURL, bytes.NewBuffer(jsonB))
+	return postRAW(jsonB, targetURL, nil)
+}
+
+func postRAW(data []byte, targetURL string, headers map[string]string) (resp string, err error) {
+	return httpRaw("POST", targetURL, data, headers)
+}
+
+func putRAW(data []byte, targetURL string, headers map[string]string) (resp string, err error) {
+	return httpRaw("PUT", targetURL, data, headers)
+}
+
+func httpRaw(httpMethod, targetURL string, data []byte, headers map[string]string) (resp string, err error) {
+	req, err := http.NewRequest(httpMethod, targetURL, bytes.NewBuffer(data))
 	if err != nil {
 		return
 	}
+
+	if headers != nil {
+		for k, v := range headers {
+			req.Header.Set(k, v)
+		}
+	}
+
 	client := &http.Client{}
 	r, err := client.Do(req)
 	if err != nil {
 		return
 	}
 	defer r.Body.Close()
+
+	dump, err := httputil.DumpResponse(r, true)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("dump : %q", dump)
+
 	b, _ := ioutil.ReadAll(r.Body)
 	resp = string(b)
 	log.Println(resp)
+
 	return
+
 }