A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

x401 Error while uploading the code

Rahul
Rahul
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 19, 2025

 

Hello everyone,

I’m running into an issue with Bitbucket Cloud authentication that I haven’t been able to resolve even after following the official API token documentation.

❗ Problem Summary

I have an automation agent (Python) that uploads Terraform files into a Bitbucket Cloud repository using the REST API endpoint:

 

 

 

This upload used to work in a previous Bitbucket workspace using a Bitbucket App Password with Basic Auth (username:app-password).

However, in a new workspace/repository, all authentication attempts now fail with HTTP 401 Unauthorized, even though the same code and same method still work elsewhere.

🧪 What I have tested

1. Basic Auth with Bitbucket username + App Password

 

curl -u "myuser:my_app_password" https://api.bitbucket.org/2.0/user

 

 

Result → 401 Unauthorized
(Same command succeeds in my older workspace)

2. Basic Auth with Atlassian email + App Password or API token

 

curl --user "myemail@company.com:my_token" \ https://api.bitbucket.org/2.0/repositories/<workspace>/<repo>/commits

 

 

Result → 401 Unauthorized

3. Bearer token

 

curl -H "Authorization: Bearer <token>" https://api.bitbucket.org/2.0/user

 

 

Result → 401 Unauthorized

4. Token types tested

  • Bitbucket App Password

  • Bitbucket API Token
    Both behave the same.

5. Token scopes

Tokens were created with:

  • Repository: Read

  • Repository: Write

  • Account Read

6. Environment confirms variables are loaded correctly

Printing environment variables inside the agent shows correct username/token.

7. Repo/workspace name verified (case-sensitive)

Despite this, every authentication attempt in this specific workspace returns 401.

📌 Observed Behavior

Bitbucket responds with:

 

HTTP/2 401 www-authenticate: BitbucketCustom realm=Bitbucket.org HTTP

 

 

or for OAuth-style tokens:

 

"Token is invalid, expired, or not supported for this endpoint." 
 

Even though the token(s) were freshly regenerated.

What makes this odd

  • Using the same credentials locally works for Git clone.

  • Using the same pattern of API call works for another workspace.

  • Only the REST API authentication fails in the new workspace.

What I’m trying to confirm

  • Are App Passwords or API Tokens still supported for uploading files via:

    POST /2.0/repositories/{workspace}/{repo}/src

    in all workspaces?

  • Is there a workspace/org setting that could silently block token-based REST authentication?

  • Is there a way to debug why Bitbucket rejects the token (e.g., audit logs, access logs)?

  • Is this known behavior when Atlassian Access or SSO is enabled?

Request for help

If anyone has encountered App Password / API Token 401 failures only for REST API calls, especially with:

  • Workspace-level security

  • Atlassian Access

  • SSO restrictions

  • Specific repo permission models

Thanks in advance!

Answer
Watch
Like Alexander Nilsson likes this
224 views

1 answer

1 accepted

0 votes
Answer accepted
Alexander Nilsson
Alexander Nilsson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
November 23, 2025

Hi Rahul,

 

Thanks for the detailed description — that’s very helpful.

To confirm, Bitbucket Cloud still supports App Passwords for REST API authentication, including file uploads using:

 

POST /2.0/repositories/{workspace}/{repo}/src

 

However, a 401 Unauthorized specific to a new workspace usually points to one of the following causes:

 

1. Workspace and Repository Permissions

 

App Passwords only carry the permissions of the user who created them. Please verify that the account has write or admin access to the target repository. You can check this with:

 

curl -u "username:app_password" https://api.bitbucket.org/2.0/user/permissions/repositories

 

2. SSO or Atlassian Access Enforcement

 

If the new workspace belongs to an organization where SSO is enforced through Atlassian Access, App Passwords (and API tokens) are disabled for managed accounts. In this case, only OAuth 2.0 authentication via an OAuth consumer or Connect app will work.

You can review authentication policies at admin.atlassian.com → Security → Authentication policies.

 

3. Username vs. Email

 

When using App Passwords, authentication must use your Bitbucket username, not your Atlassian email address.

You can confirm your username here: https://bitbucket.org/account/settings/.

 

4. API Token Limitation

 

Bitbucket Cloud does not support Atlassian API tokens for REST API access — only App Passwords. Using an API token will always return 401 Unauthorized.

 

Recommended Steps

 

  • Confirm SSO enforcement status for the workspace.
  • Regenerate a new App Password under an account with repository write access.
  • Authenticate using username:app_password (not email).
  • If SSO is required, migrate to OAuth 2.0 authentication.

If none of these apply, please raise a ticket with Atlassian Support so they can verify workspace-level authentication behavior directly:

https://support.atlassian.com/contact

Greetings,

Alex

View More Comments
Rahul
Rahul
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 23, 2025

Thanks Alex,

It works.!!! I'm now using the full email address instead of username for authentication bitbucket using api-token keys.


Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security