Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Will API Token support REST API's where as APP Password supports REST API's?

vinoth_vinothkumaar_accenture August 1, 2025

Currently we have around 50-60 repos being managed with these 3 types of modules (proxy, sharedflow and config).
In order to ease the process we have created a Centralized Repo (apigee-devops-pipeline) and managing the devops configuration, Repository variables and the bitbucket-pipeline.yml for the individual repos (50-60). Currently we have done this setup for 1 per each module, almost we are at the end of the centralized pipeline setup now. With App Password by using REST API i could get the result but if i use API Token i am getting 401 error.

Scenario:
When a developer pushes the code and raises a PR from from feature to develop branch sonar check should happen in centralized pipeline once the PR is raised in the individual repo and need to provide its Pass/fail result to Individual repo.

Result:
We tried to create Bitbucket APP password which is going to be deprecated soon and used that in the centralized pipeline. By using the REST API's i could get the Sonar scan status under the checks in the individual PR request screen. So when the developer merge the changes if the sonar is success then it will allow to merge and if it fails then developer needs to fix it and then merge.

              curl -v -f -X POST \
                [REDACTED]
                -u "$BITBUCKET_USERNAME:$BITBUCKET_APP_PASSWORD_WRITE" \
                -H "Content-Type: application/json" \
                --data-binary @"$PAYLOAD_FILE"

100 1910 100 1655 100 255 4057 625 --:--:-- --:--:-- --:--:-- 4692
* Connection #0 to host api.bitbucket.org left intact
2025-08-01T19:37:25.741820045Z stdout P {"key": "sonar-pr-feature/check", "type": "build", "state": "FAILED", "name": "Sonar Scan", "refname": null, "commit": {"hash": "b323157158021b9fde92a32fa4ae847756f82a32", "links": {"self": {"href": " [REDACTED]"}, "html": {"href": [REDACTED]}}, "type": "commit"}, "url": [REDACTED], "repository": {"type": "repository", "full_name": " [REDACTED]", "links": {"self": {"href": [REDACTED]}, "html": {"href": " [REDACTED]"}, "avatar": {"href": "https://bytebucket.org/ravatar/%7B28af68b8-7690-4d7d-8313-3902bb6335c0%7D?ts=default"}}, "name": "sharedflow-templatesharedflow", "uuid": " [REDACTED]"}, "description": "Sonar Scan failed. Check pipeline logs and SonarCloud report.", "created_on": "2025-08-01T19:37:25.582119+00:00", "updated_on": "2025-08-01T19:37:25.582134+00:00", "links": {"self": {"href": " [REDACTED]"}, "commit": {"href": " [REDACTED]}}}


 
Similarly we tried to create bitbucket API Token for the same scenario and from the centralized pipeline i could not get the sonar scan status under the checks in the individual PR Request Screen. I am getting 401 error when trying to do with the REST API,

              curl -v -f -X POST \           " [REDACTED]" \
                -u "x-token-auth:$BITBUCKET_API_TOKEN_WRITE" \
                -H "Content-Type: application/json" \
                --data-binary @"$PAYLOAD_FILE"



* The requested URL returned error: 401
100 280 0 0 100 280 0 1566 --:--:-- --:--:-- --:--:-- 1573
* Connection #0 to host api.bitbucket.org left intact
curl: (22) The requested URL returned error: 401
Build teardown

2 answers

1 accepted

0 votes
Answer accepted
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 4, 2025

Hi @vinoth_vinothkumaar_accenture and welcome to the community!

API tokens can be used with Bitbucket Cloud APIs. However, you need to use the Atlassian account email address for the user you generated the API token for. Static usernames, like x-token-auth, cannot be used for authentication in Bitbucket Cloud APIs with an API token.

So, instead of

-u "x-token-auth:$BITBUCKET_API_TOKEN_WRITE"

you will need to use

-u "$ATLASSIAN_ACCOUNT_EMAIL:$BITBUCKET_API_TOKEN_WRITE"

where ATLASSIAN_ACCOUNT_EMAIL is a variable you need to create, with value the Atlassian account email of the user.

Please also keep in mind that you will need to generate an API with scopes. For this specific endpoint you are using, the necessary scope is read:repository:bitbucket.

If you select a specific API endpoint from the left sidebar in the APIs documentation, you will see Forge app and API Token scopes required: so that you know what scope you need for each endpoint.

Another option would to be to generate an access token for $TRIGGER_REPO, so that you don't expose user credentials. Then, instead of

-u "$ATLASSIAN_ACCOUNT_EMAIL:$BITBUCKET_API_TOKEN_WRITE"

you could use

--header "Authorization: Bearer $ACCESS_TOKEN"

Please feel free to reach out if you have any questions!

Kind regards,
Theodora

vinoth_vinothkumaar_accenture August 7, 2025

Ok Thanks For the Suggestion, let me check it out and let you know.

vinoth_vinothkumaar_accenture August 8, 2025

With the Atlassian Account Email i could notice that the scenario is working fine. Thanks for the suggestion.

0 votes
Jin Cho
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 1, 2025

Hi @vinoth_vinothkumaar_accenture 

First of all, welcome to the Atlassian Community!

It looks like you're facing a similar issue to what I encountered when switching from an App password to an API token. If I'm understanding correctly, it seems like the header name  might not be supported. Could you try following this guide and see if that helps? Also, make sure that the necessary scope is included when you create the API token. Give it a try and let me know how it goes!

Jin

Using API Tokens

 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events