Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Bitbucket is rejecting my API token

lsfinn
July 9, 2026

A bit more than a week ago (Jun 28) I moved over to API tokens. All went well and I was able to use Sourcetree with the new token to make commits to an active repository. Fast-forward to today and I'm now getting the error message

remote: CHANGE-3222 - Functionality has been deprecated
remote: App passwords are deprecated and must be replaced with API tokens.

I've verified that sourcetree is working with my API token. (Sourcetree no longer has anything but the app-specific API token.) I've also verified that the token's expiration date is well into the future. 

Thoughts/suggestions?

1 answer

1 accepted

3 votes
Answer accepted
Gabriela
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 9, 2026

That error means Bitbucket is still getting an app password, not your token. CHANGE-3222 only fires on an app-password request, so despite switching the token over, something is still sending the old credential. The token isn't in play yet.

It's a cached credential. Git and the OS hold the old app password and keep resending it — Windows Credential Manager (the bitbucket.org entry), macOS Keychain, or your git credential helper. Clear the bitbucket.org entry there so the stale password stops going out.

Then check the username paired with the token, because the prefix depends on the token type. An Atlassian API token uses x-bitbucket-api-token-auth; a repository or workspace Access Token uses x-token-auth; an app password used your Bitbucket username. Get that wrong and the request falls back or fails. The token also needs read:repository:bitbucket, plus write:repository:bitbucket if you push.

If you're going through SourceTree or another client rather than the command line, same thing — remove the account and re-add it on the API Token auth type so it stops carrying the old credential.

lsfinn
July 9, 2026

Thanks!

Cleared all my bitbucket cached credentials from keychain and keychan access and all is now good!

Ulrich Kuhnhardt _IzymesCo_
Atlassian Partner
July 13, 2026

Keep in mind the API token expiry date, too. I think the default is only one week when you create it.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events