Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket API

Łukasz Błocki
Łukasz Błocki
February 19, 2026

Hello,
Bitbucket disabled the option for "app passwords".
I'm not able to list repositories by API requests.

I based on https://support.atlassian.com/bitbucket-cloud/docs/using-api-tokens/
And generete API token with no limited access on the page: https://id.atlassian.com/manage-profile/security/api-tokens

I tried to use those API calls:
curl --request POST \
--url 'https://api.bitbucket.org/2.0/repositories/{workspace}' \
--user '{atlassian_account_email}:{api_token}' \
--header 'Accept: application/json'

I do not receive any output.

I also tried:

curl --request POST \
--url 'https://api.bitbucket.org/2.0/repositories/{workspace}' \
--header 'Authorization: Bearer {api_token}' \
--header 'Accept: application/json'

But then I have output:
{"type": "error", "error": {"message": "Token is invalid, expired, or not supported for this endpoint."}}

But the token is invalid, or is not authorised. (On the page with api tokens, I see it was used.
How can I currently list all repositories using the Bitbucket API?

Additionally, in the next step, how should I use that token to run git clone successfully?
Because when I execute:
git clone https://{api_token}@bitbucket.org/{workspace}/somerepo.git
Then I'm asked for the password for the user {api_token}

Answer
Watch
Like Be the first to like this
133 views

1 answer

0 votes
Evgenii
Evgenii
Community Champion
February 19, 2026

Hi, @Łukasz Błocki 

Bitbucket moved away from app passwords in phases, and since September 2025 new app passwords can't be created at all. The API tokens from id.atlassian.com work as a replacement, but there are two things to check here.

First, the endpoint for listing repositories requires a GET request, not POST.
https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-get

So the curl call should look like this:

curl --request GET --url 'https://api.bitbucket.org/2.0/repositories/{workspace}' --user 'your_email@example.com:your_api_token' --header 'Accept: application/json'

Second thing worth checking - the API token scopes. When generating the token at id.atlassian.com, make sure it has at least read:repository:bitbucket permission. Without the right scope the API just returns a 403 or empty result, which looks confusing.

View More Comments
Łukasz Błocki
Łukasz Błocki
February 19, 2026

Hello,

I also tried with GET, and with:

--user 'your_email@example.com:your_api_token

But it does not change anything.

My API Token does not have any scope.

I also generated a second token with scoped privileges, granting all read permissions. But here it also does not work.

 

So if that modification doesn't change anything, what else can I do to get the repository list via the API?

From the Bitbucket site, I see all repositories without any issue, so my account has the required privileges to view them.

Like
Łukasz Błocki
Łukasz Błocki
February 19, 2026

And a more important thing, in the detailed response code I see always "401", so it looks like I'm not authorised, or have some typo in credentials, but I verified that multiple times.

Like
Evgenii
Evgenii
Community Champion
February 19, 2026

Strange. Checked on my test project, everything works.
I created token with scopes, used basic auth and token as password. I received list of repos

chrome_190226_1164.pngPostman_190226_1163.png

Like
Łukasz Błocki
Łukasz Błocki
February 19, 2026

I try the same, but I do not have equal results, I still receive 401:

 

image.png

image.png

 

 

image.png

image.png

 

What else I can validate?

Like
Evgenii
Evgenii
Community Champion
February 19, 2026

Not "Bearer". Use Basic Auth
Very fast oneliner to check:

curl -u "your_email@gmail.com:API_Token" "https://api.bitbucket.org/2.0/repositories/your_workspace"

Dunno, why same request is not working for you.

Like
Łukasz Błocki
Łukasz Błocki
February 19, 2026

I tested both basic, and Bearer, you can see it on both different screens.

But it does not work.

But now  I know I use correct requests, 

Question: Where should I go now to validate why it's not working for my organisation?

Like
Evgenii
Evgenii
Community Champion
February 19, 2026

Can't find cause, why request don't work with correctly set token of account, with all permissions. 
In this case I can recommend to ask Atlassian support for help, to check reason of such behaviour. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security