I am using a cUrl to post comments on the Pull Requests via api call.  I have updated to app passwords. I get a 200 but no comment shows up. I did verbose and it all looks good, but no comment. 

I get tried a get 
curl -v -u '<username>':'<app password>' -H "Content-Type: application/json" https://api.bitbucket.org/2.0/repositories/<workspace>/<repo>/pullrequests

Trying 18.205.93.8:443...
* Connected to api.bitbucket.org (18.205.93.8) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Atlassian, Inc.; OU=Bitbucket; CN=*.bitbucket.org
* start date: May 5 00:00:00 2020 GMT
* expire date: Jul 21 12:00:00 2022 GMT
* subjectAltName: host "api.bitbucket.org" matched cert's "*.bitbucket.org"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user 'HeidiRechek@newbalance.com'
* Using Stream ID: 1 (easy handle 0x2127c9e1e90)
> GET /2.0/repositories/newbalance/sfcc-sfra/pullrequests HTTP/2
> Host: api.bitbucket.org
> authorization: Basic  <token>
> user-agent: curl/7.78.0
> accept: */*
> content-type: application/json
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 200)!
< HTTP/2 401
< server: nginx
< vary: Origin
* Authentication problem. Ignoring this.
< www-authenticate: Basic realm="Bitbucket.org HTTP"
< content-type: text/plain
< x-b3-traceid: b12f8a75433cd724
< x-usage-output-ops: 0
< x-dc-location: Micros
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< date: Thu, 10 Mar 2022 18:42:08 GMT
< x-usage-user-time: 0.017713
< x-usage-system-time: 0.000435
< x-served-by: 335044ba0af3
< etag: "d41d8cd98f00b204e9800998ecf8427e"
< x-static-version: 4f3e3e6c02c1
< x-render-time: 0.0254499912262
< x-usage-input-ops: 0
< x-version: 4f3e3e6c02c1
< x-request-count: 1391
< x-frame-options: SAMEORIGIN
< content-length: 0
<
* Connection #0 to host api.bitbucket.org left intact