API token benefits?

Hi Ben,

Thanks for quick answer.

I understand your company's point of view on security, but as I said reasons you said is not benefit for me, I see it just as more job to do. At the end, I don't understand trend to "keep users safe" if the users find this not beneficial but annoying. However, thanks on explanation on this.

About the Sourcetree, I don't understand what you wrote me at all. If I want to create an account it asks for Basic or OAuth authentication, username and password and protocol. It is as simple as that. With my current username and app password it works, if I change app password with api token it does not. My token has all permissions. So, because your change it means I can not use Sourcetree any more starting from June next year.

Greetings,
Stojan

Hi Stojan,

My apologies - I should have clarified. Can you attempt to perform a clone outside of Sourcetree in a terminal window using one of the URL's I provided above? This will allow us to test if the token scope is correct, and if there is an issue with Sourcetree specifically or not:

git clone https://username:APIToken@bitbucket.org/workspaceID/reposlug.git

If the clone succeeds - there may be a problem with the Sourcetree configuration or the platform in general. The authentication type configured should be basic, and the credentials should be your username and APIToken.

Cheers!

- Ben (Bitbucket Cloud Support)

Hi Ben,

I set up API token instead of app password in my mac key chain and working with git from command line is working fine.

Greetings,
Stojan

Hi @Stojan Cveticanin 

I am also able to use my API Token to clone/push/pull against my GIT repository in a terminal window.

I've attempted to configure API Token in the latest version of Sourcetree for Mac (v4.2.13) and it does not accept the API Token in the configuration settings (requires email, which is not correct) and Basic auth does not authenticate. It seems that this is a platform-specific issue.

I have raised a bug ticket on your behalf accordingly, please Watch this to receive future updates related to it:

• https://jira.atlassian.com/browse/SRCTREE-8218

For now - I'd suggest continuing to use AppPassword, or authenticating your account with OAuth until this is fixed.

Thank you for raising this to our attention.

Cheers!

- Ben (Bitbucket Cloud Support)

Thanks a lot.

Greetings, 
Stojan

Hellow, I was also struggling with similar problem.

Similarly, the API token cannot be used as a login in Sourcetree for Windows too, so please fix this in this environment as well.
(I was able to create an API token and authenticate with Sourcetree.)
https://jira.atlassian.com/browse/SRCTREE-8218

Read the answer I posted bellow, it might help you.

The crucial thing is that your Bitbucket must be of version (at least) 4.2.13 295. Even if you have just a minor one before, you don't have option to choose API token.

Hi @hid3 @Stojan Cveticanin 

I'm still confirming with the Sourcetree team the exact steps needed to both connect to Sourcetree and also clone new/maintain existing GIT repositories with API token.

I've been able to successfully authenticate/clone based on my testing, but I'm waiting for confirmation before posting here and putting a request in to update our documentation.

I did post some steps before - but they did not include troubleshooting connections to existing repositories/performing clones so I removed this post as it was incomplete. I'm happy to hear that these steps were helpful, however :) 

Thank you for your patience.

Cheers!

- Ben (Bitbucket Cloud Support)

I am copying answer here, to be in this thread.

In Sourcetree, you'll need to perform the following steps:

1. Make sure you're on the latest version of Sourcetree at the time of writing this (v4.2.13 295) by clicking Check for Updates and installing any. This version fully supports API tokens and you may encounter issues with older versions
2. Confirm you're on the latest version by clicking About Sourcetree
3. Once confirmed, access Settings > Accounts tab
4. Click the Add button
5. Select Bitbucket as the host 
6. Select API Token as the Auth Type
7. Enter the user email tied to your Bitbucket Cloud user account
8. Paste your API token from above
9. Click Save

Yes, I checked my current Sourcetree version and it was version 3.4.24 (the latest version for Windows).
So, on the Sourcetree authentication settings screen, there was a select box for the API token, and I was able to select it and complete the authentication.

However, when I then performed a test fetch using Sourcetree, a popup login form appeared.
I entered my email address as the form ID and my API token as the password, but an error message appeared and I was unable to perform the fetch action.
(As a test, I tried fetching from an existing repository instead of creating a new one.)

This is my current operating situation, so I'll share it with you.

Hi @Stojan Cveticanin @HidekiShomura 

Thank you for your patience. After a long discussion with our Sourcetree development team, they have advised that they will be providing further updates to the software to ensure that the process for adding an API token is more streamlined.

One thing to note - AppPassword is cached with your configured remote URL's. This means it's technically using AppPassword until these remote URL's are removed and re-added (if you check the remote URL in the UI you can verify this):