Since access tokens (project / workspace / repository) require bearer authentication, it would be helpful if we could easily differentiate an access token from an app password / API token.
Other Git providers (GitHub, GitLab) clearly document their token prefixes which can be used for the purpose of identifying token types.
Can BitBucket please share with us their token prefixes and / or if they consider them to be stable or not (unlikely to be updated to a new prefix)?
From some experimentation, all 3 access token types appear to always have the header 'ATCTT3xFfGN0'where-as API tokens (scoped and non-scoped) start with 'ATATT3xFfGF0' and app passwords tokens have the prefix 'ATBB'.
Can you confirm that this is accurate and it is OK to rely on the prefix for access token identification?
