Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Bitbucket Cloud API Accessing PR Commits

1 answer

0 votes

Hi David,

What form of authentication are you using to make the API call? Is it username+password? Or username+app-password? Or OAuth?

In case you're using an app password or OAuth, it is possible that the app password or OAuth consumer doesn't have permissions for pull requests. There are separate permissions for pull requests when creating either an app password or an OAuth consumer.

You can check and change permissions for an OAuth consumer, but this is not possible for an app password. In case an app password doesn't have the necessary permissions, you can create a new one.

Is there any additional output from this API call, other than the 403 error code? Also, do you get the same error if you use another Bitbucket API endpoint, e.g. /2.0/repositories/{workspace}/{repo_slug}/src, with the same credentials?

Kind regards,

Hi Theodora,

I am using an app password with maximum privileges. I was able to use the app password for other endpoints, not sure why I'm getting this error for the commits portion of PRs. I am able to get info on PRs, excluding commits, 


Thank you for your attention and input!

Hi David,

Not a problem, I'm happy to help! I have checked our logs for pull requests API calls made by the Bitbucket user that has the same email as your community account, using an app-password and with status 403 for the last week, but my search doesn't show any results.

Could you please let me know the following:

1. Are you using for the authentication the Bitbucket account with the same email as your community account?

2. Can you consistently reproduce this, or is it an intermittent issue?

3. If this error occurs every time you use this endpoint, would it be possible for you to make a new API call with this endpoint when you have the chance, and let me know the date and time you made the call in UTC (you can use this to convert the time in UTC:, so I can check our logs again?

Kind regards,

Thank you for your instructions!

1) Yes, I am using the same email account. However, for app auth I use my username instead of an email address - using an email address yields a 401 error. Using the username for this account successfully allows me to auth and retrieve PRs, except for the endpoint in question that is causing 403 error.

2) Yes, it is consistent.

3) I ran it just now. Sept 10, 2021 6:23 PM UTC.  requests.exceptions.HTTPError: 403 Client Error: Forbidden for url:<owner>/<repo slug>/pullrequests/38/commits/

- The <owner> is not my personal account, it is a work account to which I have access - for which I am able to access other end points.

Hi David,

Thank you for the info. I have checked our logs, I can see the API calls made to<owner>/<repo slug>/pullrequests/38/commits/ with 403 status, but I'm afraid I do not see any additional info that could shed some light on why the error is occurring. I also don't see any issues with your access to this specific repo.

My suggestion would be the following:

  • Generate a new app password with maximum permissions, and check if you are able to execute the API call with the new app password. This is to understand if the issue seems to be specific to the existing app password or not.
  • If you get the same error with the new app password as well, please let me know and I can open a support ticket for you to further investigate this issue. We would need extra debug info and possibly access the repo (which is not possible without a support ticket open) to further investigate, so I can create a ticket for you and let you know what additional info we need.

Kind regards,

No luck again with a new app password.

I have also attempted similar api calls on my own personal account / repo, and still the api returns 403 errors. This leads me to conclude it is not a permissions issue, but an api issue. Looking closer at the doc/ref, I see that some of the end points require redirects, which may be causing issues with the bitbucket python module I was using. I therefore did a raw curl request with redirects, and it worked! I will just have to use curl for getting the commits and diffs, but I now have what I need. 

This is what worked:

curl --user <user>:<pass> -L -s -XGET "<owner>/<repo>/pullrequests/<pr_id>/diff"


Thanks again!


Hi David,

Thank you for your reply.

I assumed that you were already using curl (my mistake, I shouldn't have made that assumption), so I didn't think of looking elsewhere.

For the pullrequests/<pr_id>/diff endpoint it makes sense, and the -L is needed in the curl command to allow the redirect. The pullrequests/<pr_id>/commits endpoint though doesn't redirect, so I'm not sure why there would an issue there. That being said, I am not familiar with bitbucket python module and the details of its implementation.

I'm glad that you figured this out and thank you for posting what worked for you!

Kind regards,

That's my fault, I should have indicated the manner of my interaction with the API. 

If I ever figure out the python issue, I'll make sure to post back.



Like Theodora Boudale likes this

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,263 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you