Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

API Token Scopes for Bitbucket

Neil Walsh
Neil Walsh
March 31, 2026

When creating a Bitbucket API Token for use with Sourcetree, what specific scopes are required for the full functionality of the app.

I keep guessing and finding that I'm missing another scope (latest was create remote repo from local). I need to write some documentation for all our users to migrate from app passwords to api tokens and I'm reluctant to just say select "select all scopes" as this feels overly permissive.

Does anyone have an authoritative list?

Thanks!

Neil

Answer
Watch
Like Be the first to like this
34 views

1 answer

0 votes
Tomislav Tobijas
Tomislav Tobijas
Community Champion
March 31, 2026

Hi @Neil Walsh ,

I guess the minimum would be something like (note: needs to be checked/tested):

  • read:account
  • read:me
  • read:pullrequests:bitbucket
  • read:repository:bitbucket
  • read:workspace:bitbucket
  • write:repository:bitbucket
  • write:pullrequests:bitbucket
  • admin:repository:bitbucket

Basically, scope type = Classic, and you can filter out scope actions for read and write

Again, it would depend on your requirements, but these are, I'd say, standard ones 👀

Note that I've always just selected all of them, but I'm mainly testing something, so that info might not be that relevant.

Cheers,
Tobi

View More Comments
Neil Walsh
Neil Walsh
March 31, 2026

Thanks Tomislav. I guess you maybe don't use bitbucket pipelines?

This was my issue really. I'm trying to understand what I need to use the full feature set of Sourcetree.

I'm at this at the moment (which seems to work) but I'm sure there's a couple in there I don't need and I wonder if I've missed some. 

Admin

  • admin:workspace:bitbucket
  • admin:repository:bitbucket
  • admin:project:bitbucket
  • admin:pipeline:bitbucket

Read

  • read:workspace:bitbucket
  • read:user:bitbucket
  • read:runner:bitbucket
  • read:repository:bitbucket
  • read:project:bitbucket
  • read:package:bitbucket
  • read:permission:bitbucket
  • read:pipeline:bitbucket

Write

  • write:user:bitbucket
  • write:repository:bitbucket

 

Like Tomislav Tobijas likes this
Tomislav Tobijas
Tomislav Tobijas
Community Champion
March 31, 2026

Yeah, I didn't use pipelines, so that's why they are missing. 

If you've got Rovo (so basically any paid cloud subscription), it will most likely give you a correct list based on your requirements. It did a really good job for me in a couple of similar situations. Or, Claude will also provide decent replies if you give it the full list of permissions (all that exist) and give it a context of what you actually use within your team/org.

I mean, permissions/scopes are relatively intuitive based on their labels, but in the end, it comes to performing a couple of tests just to be clear if everything is working as expected.

Potentially, someone will chime in here if they use this kind of authorization extensively, but again, pretty much any AI should give you a decent enough list that's like MVP based on your scenario and usage. 👀 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Sourcetree
Sourcetree
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security