Community resources
Community resources
Community resources
x401 Error while uploading the code
Hello everyone,
I’m running into an issue with Bitbucket Cloud authentication that I haven’t been able to resolve even after following the official API token documentation.
❗ Problem Summary
I have an automation agent (Python) that uploads Terraform files into a Bitbucket Cloud repository using the REST API endpoint:
POST https://api.bitbucket.org/2.0/repositories/<workspace>/<repo>/src
This upload used to work in a previous Bitbucket workspace using a Bitbucket App Password with Basic Auth (username:app-password).
However, in a new workspace/repository, all authentication attempts now fail with HTTP 401 Unauthorized, even though the same code and same method still work elsewhere.
🧪 What I have tested
1. Basic Auth with Bitbucket username + App Password
curl -u "myuser:my_app_password" https://api.bitbucket.org/2.0/user
Result → 401 Unauthorized
(Same command succeeds in my older workspace)
2. Basic Auth with Atlassian email + App Password or API token
curl --user "myemail@company.com:my_token" \ https://api.bitbucket.org/2.0/repositories/<workspace>/<repo>/commits
Result → 401 Unauthorized
3. Bearer token
curl -H "Authorization: Bearer <token>" https://api.bitbucket.org/2.0/user
Result → 401 Unauthorized
4. Token types tested
Bitbucket App Password
Bitbucket API Token
Both behave the same.
5. Token scopes
Tokens were created with:
Repository: Read
Repository: Write
Account Read
6. Environment confirms variables are loaded correctly
Printing environment variables inside the agent shows correct username/token.
7. Repo/workspace name verified (case-sensitive)
Despite this, every authentication attempt in this specific workspace returns 401.
📌 Observed Behavior
Bitbucket responds with:
HTTP/2 401 www-authenticate: BitbucketCustom realm=Bitbucket.org HTTP
or for OAuth-style tokens:
"Token is invalid, expired, or not supported for this endpoint." Even though the token(s) were freshly regenerated.
What makes this odd
Using the same credentials locally works for Git clone.
Using the same pattern of API call works for another workspace.
Only the REST API authentication fails in the new workspace.
What I’m trying to confirm
Are App Passwords or API Tokens still supported for uploading files via:
POST /2.0/repositories/{workspace}/{repo}/srcin all workspaces?
Is there a workspace/org setting that could silently block token-based REST authentication?
Is there a way to debug why Bitbucket rejects the token (e.g., audit logs, access logs)?
Is this known behavior when Atlassian Access or SSO is enabled?
Request for help
If anyone has encountered App Password / API Token 401 failures only for REST API calls, especially with:
Workspace-level security
Atlassian Access
SSO restrictions
Specific repo permission models
Thanks in advance!