I am seeking to programmatically create projects via the REST API on Bitbucket server 6.5.1. This seems to work fine when my bot account user authenticates with the actual password, but I always get "Unauthorized" for response when authenticating with a personal access token (which, if I understand correctly, is the way to do it with basic-auth bots). The token works fine when adding repositories, and I can create projects just fine using the bot account from the web UI.
Is it possible to create projects when authenticating by personal access token?
Solved.
You must use a basic authentication instead of personal token.
This is still relevant today on Bitbucket v8.16.1.
There is no reasonable justification for this: If I use an access token, I am the user that the token belongs to or at least I should be.
The documentation when creating a new token is especially misleading:
"Tokens are like another password, so their permissions will default to the level of access you have."
Yeah... no.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Eero and welcome to the Community!
Thank you for explaining the issue you’re having along with including your troubleshooting steps. Since you’ve already tested creating a repo within the WebUI for your Bot account, the issue is most likely due to the granted level of permissions within the API Token you issued. We would suggest generating a new API token with the Project Admin role to allow for the creation of repos. Further information on this may be found at Personal access tokens.
Once you’ve created a new token with appropriate permissions please test and let us know the outcome.
Regards,
Stephen Sifers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have tried this. The bot user is a "project creator", and when creating the token, it's being given the project admin permissions. Still causes a 401 response.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Eero,
Thanks for reporting back. Could you please paste the 401 response you're getting? It will tell us what the issue is with the attempted call.
Regards,
Stephen Sifers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"errors": [ { "context": null, "message": "You are not permitted to access this resource", "exceptionName": "com.atlassian.bitbucket.AuthorisationException" } ]}
401: Unauthorized
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Eero,
Thanks for responding back with your returned error. The error is letting us know the user and token you're using is not permitted to access the endpoint with verb you're using.
Could you let us know the endpoint you're attempting to use to create the project? This will help us to attempt to recreate the issue on our end.
Regards,
Stephen Sifers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
http://localhost:7990/rest/api/1.0/projects
I just tried again; the same request fails with the personal key, works with the password.
I'm using Postman to POST, the personal key has been directly copied to clipboard from Bitbucket's screen and should be exactly as presented...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Eero,
Thanks for providing the endpoint you’re using. After reviewing the endpoint you’re using we need to verify the account has PROJECT_CREATION permissions within Bitbucket. I would like to validate this using the REST API to confirm it’s set correctly. Could you please GET the user permissions from the following endpoint: /rest/api/1.0/admin/permissions/users
The bot account you’re using should have PROJECT_CREATE permissions as specified within /rest/api/1.0/projects.
Additionally, information around the error you’re having may also be found at Errors & Validation.
We look forward to hearing back which permission level the bot account has.
Regards,
Stephen Sifers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is it the same bot account that is supposed to access the permissions endpoint? Getting 401 Unauthorized from there as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
When you're checking the permissions of the account, you'll need to use an account different from the one you're checking permissions for. The 401 response is letting you know the endpoint is present but there is something wrong with your authentication header causing it to be rejected.
Regards,
Stephen Sifers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Here's what I get:
{
"size": 2,
"limit": 25,
"isLastPage": true,
"values": [
{
... my admin user
},
{
"user": {
"name": "the_bot",
"emailAddress": "the_bot@company.com",
"id": 2,
"displayName": "The Bitbucket Bot",
"active": true,
"slug": "thebot",
"type": "NORMAL",
"links": {
"self": [
{
"href": "http://localhost:7990/users/thebot"
}
]
}
},
"permission": "PROJECT_CREATE"
}
],
"start": 0
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello again,
This is rather strange if you have permission yet you're still being refused access to the endpoint. Could you please share the REST API call you're attempting to make? Please remove any sensitive information from the call. This example will allow us to attempt to recreate the problem to find a cause of the refusal.
Regards,
Stephen Sifers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Was there ever any resolve to this? It appears you still cannot create a project whilst authenticating with a personal access token. Despite having PROJECT_CREATE permissions, a curl call like the following will result in a 401 Unauthorized:
curl -v -X "POST" -H "Content-Type: application/json" -H "Authorization: Bearer ADMIN_TOKEN" -d '{"key":"prj","name":"prj","description":"desc"}' "http://localhost:7990/rest/api/1.0/projects"
This will also return a 401:
curl -v -X "POST" -H "Content-Type: application/json" -d '{"key":"prj","name":"prj","description":"desc"}' "http://username:admintoken@localhost:7990/rest/api/1.0/projects"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
I have encountered the same issue, Is there any solution yet?
The create project option is not shown while creating personal access token. That could be the reason its not allowing to create project using token though the user has sufficient permissions to create project.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have the same issue and would appreciate an updated response from Atlassian. The request only fails with an access token, but works fine when supplying same account's password via basic auth.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I also have the same issue... can anyone help?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi folks,
My team stumbled on the same issue. I opened a support ticket with Atlassian, and support told me that it is not possible to create a project with a Personal Access Token.
They linked me to the docs for Personal Access tokens and pointed out that they do not explicitly say that Project Admin tokens can create Projects. Sasidhar's screenshot of the token creation screen shows the same thing.
I suggested they make the documentation a bit clearer since several folks have stumbled on this and creating a Project with a Personal Access Token seems like it should be a feature.
I hope this helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.