Bitbucket REST API: POST using token instead of basic auth

Thanks for your feedback! I tried to create an access token, but with that I get {"error": {"message": "Access token expired. Use your refresh token to obtain a new access token."}} Here is what I did: I entered the consumer key and the consumer secret from Bitbucket into the form at http://term.ie/oauth/example/client.php and used "https://bitbucket.org/api/1.0/oauth/request_token?oauth_callback="; as my endpoint. With that, I got an "oauth_token" and "oauth_token_secret". Then I tried to execute the following using the generated "oauth_token": curl -X POST -d '{"content":"my comment"}' -H "Authorization: Bearer oauth_token" -H "Content-Type: application/json" "https://bitbucket.org/api/1.0/repositories/MY_USER/MY_REPO/pullrequests/1/comments"; which resulted in the error above. Can you spot the error I made? Also, what is the recommended way for users to create such a token for using it within shell scripts etc. when basic auth is not an option? Is there a provided page in Bitbucket or is it necessary to implement the OAuth process inside the place where this should be used? Isn't there some way to just create something like an API token to be used for scenarios like that?

That looks good to me - I did the same with my own consumer info and it worked. You can use the following curl command to retrieve a token rather than going via term.ie if you like: $ curl -X POST -u "consumer_key:consumer_secret" https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials Did you modify the "scopes" or any other information associated with your OAuth consumer before POSTing to the Pull Request API? If so it will expire your token, which may have caused the problem you're seeing. For a script, I'd recommend using the "Client Credentials Grant" documented at https://developer.atlassian.com/static/bitbucket/concepts/oauth2.html to get an OAuth token and then use that to authenticate with the REST API.

Thanks. Now I keep getting {"error_description": "No callback uri defined for the OAuth client.", "error": "invalid_request"}[ even if I define a callback URI: curl -X POST -u "consumer_key:consumer_secret" https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials -d oauth_callback=http://www.google.ch Any ideas?

Ah, for OAuth2 you need to define your callback URI on your OAuth consumer in the Bitbucket UI: https://monosnap.com/file/iegsugZq4REHTaQ7lItm9kk7M7e4zk.png We don't allow you to pass it as a parameter. Hope that helps!

Thanks a lot, that did the trick! One last question: is there a concept of a technical user (or service user in terms of Stash) in Bitbucket? I want to execute REST API calls from a script and I actually don't want to do it as my own user. I would really like to see in my pull request comments that they were created by "SERVICE XYZ" instead of my user. I know that there are API keys for teams in Bitbucket (which I was able to do REST calls with), but I want something similar for single-user repositories. Does that exist?

It's an intriguing idea! But no, the concept of service users don't currently exist in Bitbucket. I'd heartily recommend raising a feature request at https://bitbucket.org/site/master/issues/ though - it's a great idea for integrations.

I will create a feature request then. Thanks again for your great help!

Just as a reference: https://bitbucket.org/site/master/issues/11739/request-for-technical-users-to-support

Cheers!

why callback url is required for grant type =client_credentials??