I am building an API client, that uses bitbucket REST APIs, for a web application. I am building the API client in Node.js as shown in the Atlassian demo code.
When I test the API calls from POSTMAN vs my Node.js code, I am not getting the same results.
I have bitbucket user Id. On that user Id's profile I setup an oauth client. Generated a client Id and secret. I am using the "client credentials" oauth flow in POSTMAN and in my Node.js code. This client has read and write permissions on just about all of the areas.
Here is one example. When I call the below endpoint from POSTMAN, I get back two repos. One private and one public. This is correct. In the test environment that is all we have.
https://api.bitbucket.org/2.0/repositories/{username}?is_private=true
However when I run the same code in Node.js I only get back the public repo. Even with the querystring value added.
POSTMAN Request (Node.js code)
var request = require("request");
var options = { method: 'GET',
url: 'https://api.bitbucket.org/2.0/repositories/myUserNameHere',
qs: { is_private: 'true' },
headers:
{ 'cache-control': 'no-cache',
Connection: 'keep-alive',
'Accept-Encoding': 'gzip, deflate',
Host: 'api.bitbucket.org',
'Postman-Token': '146ac64',
'Cache-Control': 'no-cache',
Accept: '*/*',
'User-Agent': 'PostmanRuntime/7.17.1',
Authorization: 'Bearer o=',
'Content-Type': 'application/json' } };
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
My Node.js code for the same request
getPrivateRepos: function(access_token, token_type) {
let options = {
method: "GET",
url: "https://api.bitbucket.org/2.0/repositories/myusername/",
qs: { is_private: "true"},
headers: {
"Cache-Control": "no-cache",
Authorization: `${token_type} ${access_token}`,
"Content-Type": "application/json"
}
};
request(options, function(error, response, body) {
if (error) throw new Error(error);
console.log("Get private repos -> " + response.statusCode,response.statusMessage);
console.log(body);
});
}
Hello @[deleted],
If you're only getting public repos back, it's very likely that something is wrong with your request authentication. Can you double check you're sending correct Authorization header value?
You can validate authentication by making request to an endpoint which strictly requires it, for instance /2.0/user.
If you're still unsure why the script doesn't work, can you post its full content please?
Hope this helps.
Cheers,
Daniil
@Daniil Penkin - My authorization is working just fine. I am getting user details just fine.
Shown below is the log from my node.js app, it prints out all the details.
{"access_token": "Cv9XZI=", "scopes": "pullrequest:write team:write repository:admin account:write project:write", "expires_in": 7200, "refresh_token": "LazM", "token_type": "bearer"}
Response:
{
"access_token": "Cv9XZI=",
"scopes": "pullrequest:write team:write repository:admin account:write project:write",
"expires_in": 7200,
"refresh_token": "LczM",
"token_type": "bearer"
}
==================================================================
Callback from authorization server with access_token: Cv9XZI= to be used for API requests
Callback from authorization server with scope: pullrequest:write team:write repository:admin account:write project:write
Callback from authorization server with expires in: 7200
Callback from authorization server with refresh token: "LczM"
Callback from authorization server with token type: bearer
==================================================================
===========USER BEGIN==============================================
User display name: My UserName
User UUID: {b0d89fb0-xxxx-xxx-xxxx-651d3ef256f6}
User account id: undefined
===========USER END==============================================
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Daniil Penkin - I am getting access token and my call to user endpoint is working just fine. Shown below is the log from my node.js app.
{"access_token": "YFBu_ZgnM=", "scopes": "account:write repository:admin pullrequest:write team:write project:write", "expires_in": 7200, "refresh_token": "LrzM", "token_type": "bearer"}
Response:
{
"access_token": "YFBu_ZgnM=",
"scopes": "account:write repository:admin pullrequest:write team:write project:write",
"expires_in": 7200,
"refresh_token": LrzM",
"token_type": "bearer"
}
==================================================================
Callback from authorization server with access_token: YFBu_ZgnM= to be used for API requests
Callback from authorization server with scope: account:write repository:admin pullrequest:write team:write project:write
Callback from authorization server with expires in: 7200
Callback from authorization server with refresh token: LrzM
Callback from authorization server with token type: bearer
==================================================================
===========USER BEGIN==============================================
User display name: My User Name
User UUID: {b0dxxxb0-xxxx-xxxx-xxxx-651d3efxxxxx}
User account id: undefined
===========USER END==============================================
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The filtering doesn't work because the fitler query should be passed in the q query parameter – check out this page describing BBQL. So something like this is what you need:
https://api.bitbucket.org/2.0/repositories/dpenkin?q=is_private%3Dtrue
As for the authentication issue, I'm trying to trace your requests now but can't find them in the logs. You masked too much data so it's hard to track. It seems that your request is interpreted as unauthenticated, hence you're getting only public stuff back.
Are you making request against the right account?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Daniil Penkin - Yes I have verified, I am using the right account. As you can see from my log above, I am printing out the permissions my oauth client has been given. The account, on which I created the oauth client, I am using is an admin level account.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.