Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Using APP PASSWORD to downlod zip of repo results in 403 telling me to log in

Alan Holden
Alan Holden November 9, 2021

Until recently, we had a CFML script which would pull down a complete zip file of our branch and parse it out to the server. The <cfhttp> tag attribute would look like this:

url="https://bitbucket.org/[account]/[project]/get/[branch].zip"

An Atlassian username and password was used, and everything worked fine. Obviously, we want to move to an APP PASSWORD account with reduced permissions - because our current method of using user credentials is going to be deprecated, right?

So, after playing around with permissions enough to get any response at all, we finally got this (the "contents" of the .zip file) from our latest attempt:

403 Forbidden
Your account is currently inactive. Because it's been a while since you logged in, you'll need to log in at https://bitbucket.org to get back in to your account.

I doubt that there's any way for an APP PASSWORD to actually "log in" at the bitbucket.org web site. This message seems like a red herring.

So I'm stumped. What is the server actually trying to tell us, what exactly are the permissions needed on an APP PASSWORD for our current endpoint above to continue working?

(We've tried Workplace=Read, Projects=Read, Repositories=Read, Pull requests=Read)

Thanks all,
Al

Answer
Watch
Like Be the first to like this
566 views

2 answers

1 accepted

0 votes
Answer accepted
Alan Holden
Alan Holden November 10, 2021

The 403 message is a red herring, and seems to avoid saying that the Label should not be substituted for the [account] name (see url above) when an app password is used.

IOW, every APP PASSWORD you create continues to employ [account] as the username.

I would suggest an Enhancement Request to add some hint wording to this effect - where App Passwords are created, perhaps a tooltip (?) next to the "Label" column header, or a faux "Username" header which just repeats the correct value on each row.
I suspect this would reduce the volume of support traffic from idiots like me.

View More Comments
Alan Holden
Alan Holden November 10, 2021

FYI It looks like the only permission needed was “Read” under “Pull requests”. 

Like
Reply
0 votes
Bharat Barot
Bharat Barot
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 6, 2022

kutumb aap downlod

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.