Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket Cloud API Accessing PR Commits

DavidK
DavidK September 7, 2021

I am trying to access the commits of a PR using the following, but I keep getting a 403 error, forbidden url.

https://confluence.atlassian.com/bitbucket/pullrequests-resource-423626332.html?focusedCommentId=734071465#pullrequestsResource-GETthecommitsforapullrequest

 

GET https://api.bitbucket.org/2.0/repositories/{owner}/{repo_slug}/pullrequests/{id}/commits
Answer
Watch
Like # people like this
586 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 8, 2021

Hi David,

What form of authentication are you using to make the API call? Is it username+password? Or username+app-password? Or OAuth?

In case you're using an app password or OAuth, it is possible that the app password or OAuth consumer doesn't have permissions for pull requests. There are separate permissions for pull requests when creating either an app password or an OAuth consumer.

You can check and change permissions for an OAuth consumer, but this is not possible for an app password. In case an app password doesn't have the necessary permissions, you can create a new one.

Is there any additional output from this API call, other than the 403 error code? Also, do you get the same error if you use another Bitbucket API endpoint, e.g. /2.0/repositories/{workspace}/{repo_slug}/src, with the same credentials?

Kind regards,
Theodora

View More Comments
DavidK
DavidK September 8, 2021

Hi Theodora,

I am using an app password with maximum privileges. I was able to use the app password for other endpoints, not sure why I'm getting this error for the commits portion of PRs. I am able to get info on PRs, excluding commits, 

 

Thank you for your attention and input!

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 10, 2021

Hi David,

Not a problem, I'm happy to help! I have checked our logs for pull requests API calls made by the Bitbucket user that has the same email as your community account, using an app-password and with status 403 for the last week, but my search doesn't show any results.

Could you please let me know the following:

1. Are you using for the authentication the Bitbucket account with the same email as your community account?

2. Can you consistently reproduce this, or is it an intermittent issue?

3. If this error occurs every time you use this endpoint, would it be possible for you to make a new API call with this endpoint when you have the chance, and let me know the date and time you made the call in UTC (you can use this to convert the time in UTC: https://savvytime.com/converter/utc), so I can check our logs again?

Kind regards,
Theodora

Like
DavidK
DavidK September 10, 2021

Thank you for your instructions!

1) Yes, I am using the same email account. However, for app auth I use my username instead of an email address - using an email address yields a 401 error. Using the username for this account successfully allows me to auth and retrieve PRs, except for the endpoint in question that is causing 403 error.

2) Yes, it is consistent.

3) I ran it just now. Sept 10, 2021 6:23 PM UTC.  requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.bitbucket.org/2.0/repositories/<owner>/<repo slug>/pullrequests/38/commits/

- The <owner> is not my personal account, it is a work account to which I have access - for which I am able to access other end points.

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 13, 2021

Hi David,

Thank you for the info. I have checked our logs, I can see the API calls made to https://api.bitbucket.org/2.0/repositories/<owner>/<repo slug>/pullrequests/38/commits/ with 403 status, but I'm afraid I do not see any additional info that could shed some light on why the error is occurring. I also don't see any issues with your access to this specific repo.

My suggestion would be the following:

  • Generate a new app password with maximum permissions, and check if you are able to execute the API call with the new app password. This is to understand if the issue seems to be specific to the existing app password or not.
  • If you get the same error with the new app password as well, please let me know and I can open a support ticket for you to further investigate this issue. We would need extra debug info and possibly access the repo (which is not possible without a support ticket open) to further investigate, so I can create a ticket for you and let you know what additional info we need.

Kind regards,
Theodora

Like
DavidK
DavidK September 13, 2021

No luck again with a new app password.

I have also attempted similar api calls on my own personal account / repo, and still the api returns 403 errors. This leads me to conclude it is not a permissions issue, but an api issue. Looking closer at the doc/ref, I see that some of the end points require redirects, which may be causing issues with the bitbucket python module I was using. I therefore did a raw curl request with redirects, and it worked! I will just have to use curl for getting the commits and diffs, but I now have what I need. 

This is what worked:

curl --user <user>:<pass> -L -s -XGET "https://api.bitbucket.org/2.0/repositories/<owner>/<repo>/pullrequests/<pr_id>/diff"

 

Thanks again!

David

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 14, 2021

Hi David,

Thank you for your reply.

I assumed that you were already using curl (my mistake, I shouldn't have made that assumption), so I didn't think of looking elsewhere.

For the pullrequests/<pr_id>/diff endpoint it makes sense, and the -L is needed in the curl command to allow the redirect. The pullrequests/<pr_id>/commits endpoint though doesn't redirect, so I'm not sure why there would an issue there. That being said, I am not familiar with bitbucket python module and the details of its implementation.

I'm glad that you figured this out and thank you for posting what worked for you!

Kind regards,
Theodora

Like
DavidK
DavidK September 14, 2021

That's my fault, I should have indicated the manner of my interaction with the API. 

If I ever figure out the python issue, I'll make sure to post back.

Thanks,

David

Like Theodora Boudale likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events