Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Issue with Adding Webhook via API - "Access Denied" Error Despite Correct Scopes

Vishal Singh
Vishal Singh October 16, 2024

Hello,

I am currently trying to add a webhook to a repository using the Bitbucket API, but I am encountering the following error message:
"Access denied. You must have write or admin access."

I am using an OAuth2 token with the following scopes: ['repository:admin', 'repository:write', 'webhook'].

Despite having these scopes, I am still unable to add the webhook. Here is a brief overview of my implementation:

Token Retrieval and Webhook Creation

async getAccessToken(code: string): Promise<Record<string, any>> { const params = { code, client_id: process.env.BITBUCKET_CLIENT_ID, client_secret: process.env.BITBUCKET_CLIENT_SECRET, grant_type: 'authorization_code', scope: ['repository:admin', 'repository:write', 'webhook'], redirect_uri: redirect_url }; const response = await axios.post( 'https://bitbucket.org/site/oauth2/access_token', qs.stringify(params), { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } } ); return { accessToken: response.data.access_token, refreshToken: response.data.refresh_token }; 
async createWebhook( repoSlug: string, webhookUrl: string, accessToken: string ): Promise { const webhookPayload = { description: 'Webhook for pull request created event', url: webhookUrl, active: true, events: ['repo:push', 'repo:updated'] }; const url = `${BB_API_BASE_URL}/repositories/${repoSlug}/hooks`; return firstValueFrom( this.httpService.post(url, webhookPayload, { headers: { Authorization: `Bearer ${accessToken}`, 'Content-Type': 'application/json' } }) ); }

 

Despite this, I receive the "Access denied" error when attempting to add the webhook.

I have ensured the following:

  1. The OAuth2 token includes the required scopes.
  2. The repository slug is correct.
  3. The repository is not archived or subject to additional restrictions.

Could you please help me understand why this error is occurring? Is there any additional permission or configuration required that I may have missed?

 

Answer
Watch
Like Be the first to like this
490 views

2 answers

0 votes
Vishal Singh
Vishal Singh October 18, 2024

Hello @Patrik S  ,

I am still experiencing this issue while trying to add a webhook to a repository using the Bitbucket API.
Despite having an OAuth2 token with the correct scopes, I keep encountering the following error message: "Access denied. You must have write or admin access."
1. I have followed the same steps using postman curl.
2. I got the access token with "scopes" :"repository:admin repository:write webhook"
3. But When i tried to create webhook using that token from postman curl still getting same error.
Used same curl on postman as you given with my token ,workspace and repo

curl --location 'https://api.bitbucket.org/2.0/repositories/WORKSPACE/REPOSITORY/hooks' \

--header 'Content-Type: application/json' \

--header 'Authorization: Bearer <ACCESS_TOKEN>' \

--data '{

"description": "Webhook for pull request created event",

"url": "webhookUrl.com",

"active": "true",

"events": [

"repo:push",

"repo:updated"

 ]

}'

 I would greatly appreciate your assistance in resolving this issue.

Reply
0 votes
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 17, 2024

Hello @Vishal Singh ,

and welcome to the Community!

I was able to successfully create a repository webhook utilizing an OAuth Access Token with the scopes repository:admin and webhook admin, so I think it may be something related to your particular implementation.

I'd recommend first trying to test the authentication/creation of the webhook outside of your code, using curl, and once that is tested, you can then make the changes to your source code to match.

Following are the steps I followed to test the webhook creation:

1. Exchange the authorization code by an Access token

curl -u CLIENT_ID:CLIENT_SECRET --location 'https://bitbucket.org/site/oauth2/access_token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=AUTHORIZATION_CODE'

The access token I used to test had the following scopes returned in the response:

"scopes": "repository:admin repository:write webhook"

2. Use the bearer access token from the previous step to create the webhook:

curl --location 'https://api.bitbucket.org/2.0/repositories/WORKSPACE/REPOSITORY/hooks' \

--header 'Content-Type: application/json' \

--header 'Authorization: Bearer <ACCESS_TOKEN>' \

--data '{

"description": "Webhook for pull request created event",

"url": "webhookUrl.com",

"active": "true",

"events": [

"repo:push",

"repo:updated"

 ]

}'

Could you try with those steps and let us know how it goes?

Should you have any questions, feel free to ask.

Thank you, @Vishal Singh !

Patrik S

 

View More Comments
Vishal Singh
Vishal Singh October 18, 2024

Hello @Patrik S  ,
I am still experiencing this issue while trying to add a webhook to a repository using the Bitbucket API.
Despite having an OAuth2 token with the correct scopes, I keep encountering the following error message: "Access denied. You must have write or admin access."
1. I have followed the same steps using postman curl.
2. I got the access token with "scopes" :"repository:admin repository:write webhook"
3. But When i tried to create webhook using that token from postman curl still getting same error.
Used same curl on postman as you given with my token ,workspace and repo

curl --location 'https://api.bitbucket.org/2.0/repositories/WORKSPACE/REPOSITORY/hooks' \

--header 'Content-Type: application/json' \

--header 'Authorization: Bearer <ACCESS_TOKEN>' \

--data '{

"description": "Webhook for pull request created event",

"url": "webhookUrl.com",

"active": "true",

"events": [

"repo:push",

"repo:updated"

 ]

}'

 

Like
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 21, 2024

Hello @Vishal Singh ,

Thanks for trying the suggestion.

Checking your bitbucket profile, I noticed you have access to multiple workspaces, one of them being a Personal workspace attached to your account (see Difference between personal and shared workspaces).

OAuth consumers created at a personal workspace will represent your user and have the same level of access as your account has in other workspaces.

In this case, if you have created the OAuth consumer in your personal workspace, and are trying to use the token from that OAuth to create the web hook in a second workspace, then your bitbucket account needs to have repository admin access to that second workspace. This is because the web hooks feature lives under the Repository Settings, which is only accessible by Repository Admins.

If you're not an Admin in the repository, the creation of the web-hook will be denied with the message "Access denied. You must have write or admin access."

In this situation, you can use the following options:

  • Continue to use OAuth from your personal workspace : for this to work, your bitbucket account will need to have Repository admin (or project/workspace admin) access to the repository where the web-hook is being created.

    OR 

  • Use an OAuth consumer created in the own workspace where the webhook is being created
    In this scenario, you'll need a workspace admin to create the OAuth consumer in the workspace that owns the repositories.
    This OAuth consumer will have proper access to create webhooks in repositories under the workspace it belongs to.

 

I hope that helps to clarify your questions. Should you have any follow up questions, feel free to ask.

Thank you, @Vishal Singh !

Patrik S

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security