Bitbucket API 403 vs. 401

Can someone explain to me why I could begetting a 403 error when an API request originates from one location (e.g. my remote server) and not from another location (e.g. my localhost). As I understand it, a 403 means that the authorization info (username and password) and request were valid and therefore are not at issue. Rather, bitbucket does think these credentials are sufficient to grant access. How could the same password and username be valid from requests from my localhost and not from my remote server?

401 UNAUTHORIZED Returned if the call requires authentication and either the credentials provided failed or no credentials were provided.

Returned if the caller attempts to make a call or modify a resource for which the caller is not authorized. The request was a valid request, the caller's authentication credentials succeeded but those credentials do not grant the caller permission to access the resource.

One further detail of relevance. I noticed that if I change the password to something incorrect, I will get a 401 error from bitbucket when the requests originates from my localhost. However, when the request originates from my remote server with the bad password, I still get a 403 error, suggesting that BitBucket is forbidding the request even before it looks at the username and password.

Here's a link to an earlier question dealing with the same problem:

Please help. I feel so frustrated and I don't know how to resolve this issue.

3 answers

1 accepted

2 votes
Accepted answer

This is the best answer I've gotten. This answers suggest that my remote server is behind a proxy and extra steps are required to solve it.

However, I got so frustrated, I switched to using php's CURL library which gave me none of the trouble that I had when using the get_file_contents function.

I hope these two possible solutions help someone else someday!

1 vote
Jason Worley Atlassian Team Mar 07, 2013


Is this still an issue for you? Are you using git or hg over SSH, or? Also, what is the exact error message you get? Although, it doesn't explain why it would work from point A versus point B, but if the error is "fatal: HTTP request failed", it is because you have exceeded your plan limit. This link discussed the 403 message in that context:

The 403 was previously sent in a 402 message. I attached a previous posting that shows what the message would like like:

If this info is relevant to your situation, then just a guess, perhaps the API request from your localhost is somehow bumping you up past your limit. Offhand, I don't know exactly how, but its conceivable that the environments would be different from each other. For example, the remote server might be in a data center (behind firewall, using standards ports) and your localhost might be running at home (could be non-standard customizations, different OS, etc). If it makes sense, determine the differences and from that you might have some options to explore.


Jason | Atlassian

Why can I curl -u username:pass{user}/{repo}/refs/branches

but I cannot use javascript libraries like HTTP.get or meteor.  Curl works and HTTP.get yields a 403 forbidden error.  Is that an account setting?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 06, 2018 in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

1,906 views 7 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you