I followed the instructions on this page
I am running SourceTree version 3.4.31 on Windows.
One discrepancy is that at the point of pasting the Token. Rather than a field, I see a button "Refresh API Token" When I click that I have to paste the token into the password field.
After I do that, I see a "Authentication OK" status.
However when I then try to push some changes, it fails with a message that use of passwords is deprecated.
If I wait for a while, things work, but then days later it fails again.
Hi @HenryRawas ,
There seems to be an issue with what you're experiencing. People have discussed it here https://community.atlassian.com/forums/Sourcetree-questions/app-password-warnings-after-updating-Bitbucket-account-in/qaq-p/3252148 but I'm not sure if there's any 'smart solution' 🫤
I know people are still trying to find a decent solution, but I guess we'll see... 👀
Cheers,
Tobi
The intermittent part is the giveaway. Bitbucket Cloud app passwords are in their deprecation brownout right now — Atlassian shuts them off in escalating windows through 27 July, then kills them entirely on 28 July 2026. Your push works between windows and fails inside them, and the deprecation warning confirms SourceTree is still sending an app password, not the API token.
So the token isn't in play yet. On 3.4.31 the version is fine, API Token auth landed back in the 3.4.x line, so the account is just still wired to the old credential. Viswanathan's first step is the one that matters here — clear the bitbucket.org entries from Windows Credential Manager (Control Panel > Credential Manager > Windows Credentials) so the stale app password stops being resent.
Then re-add the Bitbucket account in SourceTree and set the Auth Type to API Token. Pasting the token into the password field of a Basic account is what kept you on the old path. Generate the token at id.atlassian.com with the read:repository:bitbucket and write:repository:bitbucket scopes. Once the account is on the token path and the old credential is gone, the brownout windows stop affecting you.
If SourceTree still shows Refresh API Token instead of a token field, remove the account entirely and add it fresh — editing an existing app-password account tends to keep the old auth type.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the detailed steps.
I cleared out the bitbucket entries from Windows Credential Manager.
I went into SourceTree Options / Authentication and removed all the entries - Accounts, Saved passwords, etc.
From there I chose to Add Account.
In the Credentials popup I select API Token, but I still see the "Refresh API Token" button.
Based on other posts I then closed SourceTree, went into the Atlassian files and deleted the passwords file and user hosts file.
I then uninstalled SourceTree, and then did a new install.
When I went to add the account again, I select API Token, but I still see the Refresh button. So something is still not right.
One difference now, is if I do a pull, I get a pop-up "Login required for: bitbucket.org" asking for username and password
This should not be that hard. Why can't SourceTree have a button to clear out all the old stuff it is caching?
Any ideas what else to try?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi @HenryRawas
Could you confirm:
Also, if could run these and share the details (please mask if required)
git --version
git remote -v
git config --show-origin --get-all credential.helper
git config --list --show-origin | findstr credential
My suspicion
It’s more likely one of these:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
All repositories
All the time.
It is so long since I used git command line, I don't know how to do it anymore.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I uninstalled SourceTree again.
I cleaned up the credential manager again.
This time I deleted the entire SourceTree folder under AppData/Local/Atlassian
Installed SourceTree again.
Re-added the repositories.
I still see the Refresh API Token button, but I am able to do a Push
Is there a way to tell if it is actually using the Token?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@HenryRawas HenryRawas - no - I am in exactly the same position as you. Hey Atlassian - just turn it off. How much time have you wasted on this Henry? I'm thinking of sending Atlassian an invoice!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm sorry @HenryRawas I understand how tiring and frustrating it is. If you're on supported plan, I recommend you to reach out to https://support.atlassian.com
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi @HenryRawas
If it helps see similar thread - https://community.atlassian.com/forums/Sourcetree-questions/app-password-warnings-after-updating-Bitbucket-account-in/qaq-p/3252148
Let me know, if you have found a solution, spread the word :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.