Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

App passwords are deprecated and must be replaced with API tokens

Neil manoj
July 3, 2026

Hi Team,

We are getting intermittent issues while connecting to bitbucket as we are using app pwds. To migrate to API token approach, we would require approval from the bank which will take more than 6 weeks from today. As this change was  not communicated to stakeholders, we would need some workaround to enable connectivity via app pwds post 28th July. Can you please let us know any workaround to still work with app pwds until approval .


2 answers

0 votes
Viswanathan Ramachandran
Contributor
July 3, 2026

hi @Neil manoj 

I would recommend you to raise support ticket with Atlassian and state your problem in detail. Ask whether they can:

  • exclude your workspace from the brownouts,
  • provide a temporary extension beyond 28 July,
  • or offer any other supported workaround.

Involve leadership team if you like to for emergency attention and fast forward process. 

Based on Atlassian’s published guidance https://community.atlassian.com/forums/Bitbucket-articles/Deprecation-notice-Bitbucket-Cloud-app-password-brownout/ba-p/3237429  I would not expect an extension, but it is still worth asking given the business impact.

I understand regulated industries takes time and process involved, so start now

preparing an interim technical solution:

  • create API tokens (if your organisation’s policies permit),
  • update the affected integrations,
  • document the change as an emergency/interim measure,
  • and complete the formal approval retrospectively if your change management process allows.

Whether you can do this depends entirely on your bank’s governance rules. Many financial institutions do not allow production authentication changes before formal approval.

Reduce the blast radius:
Identify every integration using App Passwords (CI/CD, scripts, Jira integration, deployment pipelines, automation, etc.) and prepare a migration plan so that once approval is received, the switch can happen quickly.

 

0 votes
Arkadiusz Wroblewski
Community Champion
July 3, 2026

Hi  @Neil manoj 

I wouldn't rely on app passwords continuing to work. We are already in the brownout phase, meaning they will actively fail with HTTP 401 (for APIs) or HTTP 410 (for Git-over-HTTPS) during Atlassian's scheduled testing windows.

With the final removal date locked in for July 28, 2026, we have less than four weeks left. If your internal approval process typically takes longer than that, I highly recommend treating this as an emergency change or a fast-tracked risk item, as there is no workaround to extend app passwords past the deadline.

If you have more Questions, probably best to contact Atlassian Support directly. support.atlassian.com 

Best,

Arek🤠

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events