Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Seeking Bitbucket Cloud REST API to get all repos in which a specific group can access

Durell Demartini October 17, 2022

Hello,

I'm new to using REST API and I'm seeking to know if there's an endpoint to simply get all repos that a specific group (such as Developers) in a Bitbucket Cloud Workspace can access. I've been looking thru the Bitbucket Cloud REST API documentation and also at articles in the community, but everything I found so far seems to indicate that this is not possible. 

Thanks in advance for any guidance you can offer.

1 answer

1 accepted

0 votes
Answer accepted
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 19, 2022

Hi @Durell Demartini,

We offer temporary support for certain 1.0 API resources until we have a replacement in version 2.0 of our API.

You can use the group-privileges endpoint:

Check the section "GET a list of repositories with a specific privilege group" in that document which includes an example as well.

If you have any questions, please feel free to let me know.

Kind regards,
Theodora

Durell Demartini October 19, 2022

Hi @Theodora Boudale - thanks for the information. I'm having trouble understanding what to indicate for the "group_owner." I'm an admin of the workspace but I don't see where this information is located when looking at any of our current groups.

https://api.bitbucket.org/1.0/group-privileges/{workspace_id}/{group_owner}/{group_slug}

Thanks very much for your time!

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 24, 2022

Hi @Durell Demartini,

The "group_owner" should be the same as the workspace id where this user group belongs.

A few years back it was possible to add to a repo a user group belonging to another team account you had access to, so the group owner could have been different than the owner of the repo. However, we no longer allow that, so the group owner should be the same workspace where your repositories belong.

If your workspace id is e.g. workspace-a and the user group slug is e.g. developers, then the URL should be

https://api.bitbucket.org/1.0/group-privileges/workspace-a/workspace-a/developers

If you want to confirm, you can use the following URL, which will show all user groups having access to this workspace's repos, along with the owner of each group:

https://api.bitbucket.org/1.0/group-privileges/workspace-a/

If you have any other questions, please feel free to let me know!

Kind regards,
Theodora

Durell Demartini October 24, 2022

Thanks, @Theodora Boudale - I appreciate the assistance. I've tried this:

https://api.bitbucket.org/1.0/group-privileges/workspace-a/workspace-a/developers

But I get the message, "Group is not owned by the workspace." 

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 25, 2022

Hi @Durell Demartini,

I am unsure why you are seeing this error, the only time I get this error is if I misspell the group owner.

I would suggest doing the following:

 

(1) First, ensure you are using the correct workspace id by checking the following:

  • On Bitbucket website, select your avatar (top right corner) > Select All workspaces
  • On the new page that lists all workspaces, find the one you are interested in and select Manage
  • On the new page that shows this workspace's settings, note the Workspace ID field

If you are not using the correct workspace id, please adjust it in the call. If you are using the correct one, please proceed with the following steps:


(2) Use this call to get all the groups with access to this workspace's repositories:

https://api.bitbucket.org/1.0/group-privileges/workspace-a/

For each group in the output, you will see the following fields:

"group": {
"name": "Developers",
"owner": {
"mention_id": null,
"avatar": "<....>",
"display_name": "workspace-a",
"nickname": "workspace-a",
"is_team": true,
"uuid": "{93fbe072-415f-3391-06c2-d6ff18679agf}",
"account_id": null,
"is_active": true
},
"slug": "developers",
<...>
}

Make note of the fields slug for the group (in my example it's developers) and also of the field uuid in the owner object (in my example it's {93fbe072-415f-3391-06c2-d6ff18679agf} ).

 

(3) Then use a call like the following to get the list of the repositories this group has access to:

https://api.bitbucket.org/1.0/group-privileges/workspace-a/%7B93fbe072-415f-3391-06c2-d6ff18679agf%7D/developers

where

workspace-a replace with the workspace ID for your workspace
%7B93fbe072-415f-3391-06c2-d6ff18679agf%7D replace with the uuid for the group owner that you got in the previous step - please note that we are replacing the curly brackets that surround the uuid, { with %7B and } with %7D
developers replace with the slug for your group

Please feel free to let me know if that works for you or if you're still experiencing any issues.

Kind regards,
Theodora

Durell Demartini October 26, 2022

Hi @Theodora Boudale - I really appreciate your assistance. I was able to construct the specific call based on your example. I wasn't able to retrieve the groups with the call below (CompanyAB is pretty similar to our workspace name, and I'm using the correct upper/lower case that's reflective in the 'Workspace ID'), but instead get the error "Something went wrong," and 500 Internal Server Error.

https://api.bitbucket.org/1.0/group-privileges/CompanyAB/

 I was able to get the info regarding the developers group using this:

https://api.bitbucket.org/1.0/groups/CompanyAB  

Then I was able to construct the call based on your input, but now I get the error, 

'504 Gateway Time-out.' I'm using Postman. Not sure if that makes any difference. 
Thanks again for the help. Have a reached dead-end? 
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 31, 2022

Hi @Durell Demartini,

 

I checked the workspaces your account has access to and I believe the reason for this error is a timeout, which has to do with the large number of repos the workspace owns. Version 1 of our API doesn't have pagination, so it is not possible to return results in pages.

When there is a large number of repos, the API call will try to return all of them, and if the call takes more than 28 seconds it will time out. I'm afraid that it is not possible to increase the timeout.

 

A way to work around this issue:

It should be possible to iterate through the repos of the workspace and use the following API 2.0 endpoint for each repo, in order to get the permissions a specific group has on each repo:

If the permissions returned are 'none', this means the user group has no access to the repo.

Please note though that we have a rate limit of 1,000 requests per hour for any access to /2.0/repositories/*, for authenticated calls.
With a large number of repos, you will get 429 responses when the rate limit is hit.

If you are writing a script, a way to work around this would be by adding a sleep command for e.g. 10 or 30 seconds after each API call, to avoid hitting the rate limits (rate limits are divided into a one-hour rolling window).

This means that there will be a delay in getting the results, but it's the only way to get the info via API for a large number of repos.

If you have any questions, please feel free to let me know.

 

Kind regards,
Theodora

Seth Miller January 12, 2023

At what point do you just throw in the towel and say "move to a competent competitor"? This is ridiculous!

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 17, 2023

Hi @Durell Demartini and @Seth Miller,

I discussed this issue a bit further with the development team, you can try using the parameter ?exclude-members=true with the group-privileges endpoint and see if this helps.

The url would be

https://api.bitbucket.org/1.0/group-privileges/{workspace_id}/{group_owner}/{group_slug}?exclude-members=true

By default this endpoint will return the group members as well, which may lead to performance issues, but adding this parameter will not return the group members.

We have a feature request for adding a group-privileges endpoint to version 2.0 of our API that you can vote for to express your interest:

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events