Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Rest API - Update a repository deploy key - return 403


I am trying to use rest-API to update repository access key.

When calling this

The response is:

Response: 403 Forbidden
{"type": "error", "error": {"message": "This API is not accessible by this authentication mechanism"}}

Calling GET list deploy keys works fine 

for both calls I am using access token with all available permissions 

Access token permissions:


  • pipeline
  • pipeline:variable
  • pipeline:write
  • pullrequest
  • pullrequest:write
  • repository
  • repository:admin
  • repository:delete
  • repository:write
  • runner
  • runner:write
  • webhook

2 answers

1 accepted

0 votes
Answer accepted
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Mar 28, 2023

Hello @vickos ,

Thank you for reaching out to Atlassian Community!

I'm afraid that currently Repository/project/workspace access tokens can't be used to authenticate API calls for POST/PUT/DELETE operation in the deploy-keys endpoint. I went ahead and created a feature request to add the ability to use this authentication mechanism : 

I would suggest you to add your vote there, since this helps both developers and product managers to understand the interest. Also, make sure you add yourself as a watcher in case you want to receive first-hand updates from that ticket. Please note that all features are implemented with this policy in mind.

While this feature is not implemented, the available authentication options for those endpoints are username and app password or OAuth access token. 

Thank you, @vickos !

Patrik S

Thanks for your reply.

I was able to use  username and password to authenticate the API call, but I prefer not to use my own cerdinatial in the code.

How can I use OAuth access token, Do I need to use my username and password to create one or I can do it from the site? and how to limit the token's permissions?

What you think should be the best practice if I want automatically update access token after deploying my app to the server?




Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events