Personal Access Token

Andrea Pannitti
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 25, 2022

Hi all,
I was able to create a bitbucket project by REST API, using the following:

/rest/api/1.0/projects [POST]

With the following body:

{"key": "TEST", "name": "TestProject", "description": "Test"}

And using the Basic Authentication.

Now, I create a Personal Access Token for a Bitbucket user admin and I'm trying to call the same REST api to create another project using the Personal Access Token but in this case I receive an error 401 Unauthorized: You are not permitted to access this resource.

How could I solve this problem?

Thanks

2 answers

1 accepted

0 votes
Answer accepted
Andrea Pannitti
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 27, 2022

The problem is due to the fact that with token authentication it is possible to:

Create and fork repositories
Update project settings and permissions
Update repository settings and permissions
Push to repositories and perform pull request actions
Pull and clone repositories

But not to create projects.

0 votes
Idan Bidani October 25, 2022

Hi

Can you test a GET request? the token should be used in the same place the password was together with the username.

For ex. in curl it should look like this:

 

curl -s --user <userID>:<TOKEN> --request GET https://URL/rest/api/latest/projects?limit=10
Andrea Pannitti
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 26, 2022

Hi @Idan Bidani ,

no, I need to call in POST because I must create a new Project on Bitbucket and I want use the Personal Access Token because more secure of the Basic Authentication.

 

Regards

Like Markus Pietrek likes this
Markus Pietrek July 3, 2023

I would second that request. We also have to create projects and want to use HTTP access tokens for it.

With the current limitations we have to use the login password of a user with project admin permissions.This is a big security risk especially as we have to pass the credentials via IPC to the process creating the projects.

A token with just the capability for project creation and initial configuration would be best.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events