Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Bitbucket API OAuth vs App password


Greetings Atlassian community,


Not being too familiar with OAuth, I was wondering what the recommended approach would be for the following use-case.

We have a metrics scrape service, that basically scrapes the different Bitbucket API endpoints of our instance in-order to get a complete metrics overview of our different projects. This is a continuously running service that scrapes each minute. This service is owned by a (internal service) team.

For this use-case, I was wondering what the best approach for authenticating with the Bitbucket API. OAuth requires a bit more complexity in code, whereas an App Password is much more simple.

Any recommendations between OAuth vs App Password?

1 answer

1 accepted

1 vote
Answer accepted
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 23, 2022 • edited

Hey Sander,

The decision to use AppPassword vs OAuth will all come down to personal preference.

For both, they require the knowledge of both a username as well as a specific token. The difference is, OAuth is configured at the workspace-level meaning that anyone on that workspace can generate tokens if they have the necessary read/write permissions and the permissions granted by that token are configurable, whereas AppPassword is configured on the personal level and the access is based on the access that personal account has to the workspace.

OAuth will require, as you stated - more code complexity and tokens expire after a certain time - meaning that it is generally more secure vs AppPassword where this does not expire however both can be revoked/regenerated at any time.

As long as OAuth tokens/AppPasswords are not shared with third-party users, you can consider these both secure.

If you are wanting simplicity, AppPassword would be the suggested choice - if you are wishing to favour security at the cost of code complexity, OAuth is the suggested choice.


- Ben (Bitbucket Cloud Support)

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events