Bitbucket api key

Bitbucket api key DEFAULT

Bitbucket Keys

Not available for now.

Details for #

  • Category: Version control platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.24

  • Prefixed: False

  • PreValidators:


Details for #

  • Category: Version control platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.06

  • Prefixed: False

  • PreValidators:



Bitbucket Support

Personal access tokens can be used in Bitbucket Data Center and Server in place of passwords for Git over HTTPS, or to authenticate when using the Bitbucket REST API.

On this page:

Related pages:

Creating personal access tokens

To create a personal access token:

  1. Go to Profile picture > Manage account > Personal access tokens.
  2. Select Create token. 
  3. Set the token name, permissions, and expiry.


Permissions restrict what a token can do. As tokens are like passwords, your token’s permissions will be set at your current level of access by default. We recommend, however, restricting your token’s permissions to only the level it will need.

Here are the permission combinations you can assign to a token:

Repo permissions are inherited from the project permissions

A token’s repository permission must be as high as its project permission.

If you give a token project write permission, you cannot give it only repository read permissions (it must be write-level or higher).

Project readProject writeProject admin
Repository read(tick) Pull and clone repositories(error) Combination not possible(error) Combination not possible
Repository write

(tick)Perform pull request actions

(tick) Push, pull, and clone repositories

(tick)Perform pull request actions

(tick) Push, pull, and clone repositories

(error) Combination not possibl
Repository admin(tick) Perform pull request actions

(tick)Update repository settings and permissions

(tick)Push, pull, and clone repositories

(tick) Perform pull request actions

(tick)Update repository settings and permissions

(tick)Push, pull, and clone repositories

(tick) Perform pull request actions

(tick) Update repository settings and permissions

(tick) Update project settings and permissions

(tick) Push, pull, clone, and fork repositories

(tick) Create repositories

You can modify a token’s permissions, or revoke a token, by going to Profile picture > Manage account > Personal access tokens.


For added security, when you’re creating a token you can also set it to automatically expire. This is optional, but if your administrator has made this a requirement you’ll need to choose an expiry date that’s within the limits they’ve set.

Once a token has been created, its expiry date cannot be changed. You can see the expiry dates for all your tokens by going toProfile picture > Manage account > Personal access tokens.

Using personal access tokens

Map one token per integration

Personal access tokens are a secure way to use scripts and to integrate external applications with Bitbucket. We recommend only mapping one token per integration. This way, if the system is compromised, you can simply revoke the token and not affect other integrations.

For Git operations, you can use your personal access token as a substitute for your password. For example, to clone using a personal access token you can enter:

Or using Basic Auth:

In addition, for REST operations you can use Basic Auth:

Or you can use Bearer Auth without your username:

  1. Firewood processor reviews
  2. Macbook air resolution
  3. Pi crypto value
  4. Hola mi amor

How to create a personal access token for DevOps Integrations

We use cookies to deliver the best user experience on our website.
To learn more, visit our Privacy Policy. By continuing to use our site, you agree to our use of cookies

GitLab integration

For GitLab Integration a personal access token must include an 'api' scope.

How to create personal access token in GitLab.

GitHub Integration

Go to Settings -> Developer settings -> Personal access tokens and generate personal access token with the following scopes:

  • Repo: repo:status, repo:deployment, public_repo, repo:invite, security_events
  • Admin:repo_hook: write:repo_hook, read:repo_hook
  • User: read:user, user:email

How to create access token in GitHub.

 Azure DevOps

  1. Go to User Settings > Security > Personal Access Tokens

({your organization}/_usersSettings/tokens)

2. Create the token with the following scopes:

  • Build - Read
  • Code - Full ('Full' is required, to post comment to Pull Request with back link to Targetprocess. Also for other automations like create branch from Targetprocess via repo custom fields. If you don't need these additions, then 'Read' access to code will be enough)
  • Graph - Read

How to create access token in Azure DevOps

 Bitbucket Cloud

  1. Go to Bitbucket Settings / OAuth. Click Add new consumer.
  2. Copy the URL from the field below that would be automatically generated for you after you add Bitbucket team URL in Step 1. The URL would look like:
  • {your_host}/svc/devops-service/profiles/{your_devOps_profile_id}/auth/callback
  1. Select the following consumer permissions:
  • Account - Write
  • Repositories - Admin
  • Pull Requests - Write
  • Webhooks - Read and Write
  • Pipelines - Write
  1. Under OAuth consumers find your newly created one, expand it, copy values from Key and Secret and paste them to corresponding fields on Targetprocess Bitbucket profile page

Bitbucket Server

  1. Go to User Settings > Manage account > Personal access tokens and generate a new token with the following permissions:
  • Projects - Admin
  • Repositories - Admin (inherited)


  1. Go to Settings -> Conduit API Token (link is https://{your_instance}{username_in_Phabricator}/page/apitokens ) and generate a new API token

Still have a question?

We're here to help! Just contact our friendly support team

Email us

The more details you can give us the better

Live chat

Prefer instant messaging? Try our live chat

Service Desk

Add tickets, comments and track status in our Helpdesk

Slack Community

Shape the future direction of Targetprocess

Find out more about our APIs, Plugins, Mashups and custom extensions. Join our community of passionate users and even discuss directly with our developers.

Get a live
product demo

Let one of our product specialists create your account
and shape Targetprocess for your company needs.

Setting up Bitbucket for free with SSH connection to your machine - unlimited private repositories

How to authenticate a request in Bitbucket REST API

I am trying to use the bitbucket API for getting details of my repositories, issue, etc., but I am not able to find a clear way of authenticating the API request.

I would like to have a simple way of authenticating the endpoints like

Here I obtained the access token from the app password section of my account.

I am getting an error on doing so like

{"type": "error", "error": {"message": "Access token expired. Use your >refresh token to obtain a new access token."}}

I tried using consumer key creation but I am not sure where to plug those values in the request and with the OAuth it asks for client_id which I am pretty sure not giving in the docs where to get them.

How would I basically do a simple access_token request just like github API without any OAuth?

asked May 15 '19 at 3:30


6522 silver badges88 bronze badges


Api key bitbucket

New app! API Token Authentication for Bitbucket

Introducing API Token Authentication for Bitbucket

But I thought that Bitbucket already had personal access tokens!

personal access tokens for bitbucket

Yes, indeed. Bitbucket ships with personal access tokens so that users can leverage secure access to the Bitbucket REST API.

If you’re used to Bitbucket’s personal access tokens, jumping onto API Token Auth will be quite transparent, because there are important similarities.

Similarities between Bitbucket personal access tokens and resolution’s API tokens for Bitbucket

Similarity 1: Tokens can do what the user can do

For starters, a token will have the same permissions of the user who creates it.

For example, if Mary Smith can fork a repository in project A but not in project B, Mary’s token can be used to fork a repository in project A, but not in project B.

Similarity 2: Token scopes

On top of the user permissions, you can restrict what a token can do even further.

Here’s where the approach differs a bit.

  • With resolution’s API Token Authenticator for Bitbucket, you can two types of scopes:
    • Read only permits GET, HEAD and OPTIONS requests
    • Read & write also permits PUT, POST, DELETE
API Token authentication: screen to create a token

Differences between Bitbucket personal tokens and resolution’s tokens for Bitbucket

Beyond the similarities, there are some major differences that can improve the security of Bitbucket and give administrators more options to control who has the rights to connect to the API, and for doing what.

Difference 1: permissions to use and create tokens (also for other users)

In Bitbucket, every user can create an API token for himself, and admins can revoke tokens. Period.

With the API Token Auth permissions, on top of the same base functionality you can decide which groups get to:

  • Use tokens
  • Create tokens
  • Create tokens on behalf of other users (and revoke other user’s tokens).
API Token authentication permissions

Bonus Trick: You can also restrict who gets to create read&write tokens with the options above.

create a read only token for the Bitbucket API

Difference 2: Advanced system settings

As with the above, the older brothers of API Token Authenticator for Bitbucket already contained interesting restrictions that give additional security:

  • Restrict API Tokens so they are only accepted if coming from specific IP addresses and ranges. This can be used to whitelist connections from authorized cloud vendors like Salesforce and from your own servers.
    • when running Bitbucket behind a reverse proxy, admins can adjust the app config so that the client IP address making a request with an API Token is read from a different header. This makes it possible for IP address restrictions to work as intended also in that setting.
  • Disable password authentication. If you want your users to stop using their passwords to access the API, this is an interesting option!

What’s coming next?

With this launch, API Token Authentication for Bitbucket has a complete set of functionality that we won’t expand in the short term.

But this can change, we’re always listening to our customers requirements.

What other features would you like to see?

We are highly responsive to the feature requests of our customers. Starting with SAML SSO, those feature requests have been the foundation to build our enterprise user management apps into the market leaders they currently are.

Start your evaluation

Keep reading

Bitbucket Cloud API - Get User Details via Bitbucket API


Similar news:


1195 1196 1197 1198 1199