Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Using APP PASSWORD to downlod zip of repo results in 403 telling me to log in

Until recently, we had a CFML script which would pull down a complete zip file of our branch and parse it out to the server. The <cfhttp> tag attribute would look like this:


An Atlassian username and password was used, and everything worked fine. Obviously, we want to move to an APP PASSWORD account with reduced permissions - because our current method of using user credentials is going to be deprecated, right?

So, after playing around with permissions enough to get any response at all, we finally got this (the "contents" of the .zip file) from our latest attempt:

403 Forbidden
Your account is currently inactive. Because it's been a while since you logged in, you'll need to log in at to get back in to your account.

I doubt that there's any way for an APP PASSWORD to actually "log in" at the web site. This message seems like a red herring.

So I'm stumped. What is the server actually trying to tell us, what exactly are the permissions needed on an APP PASSWORD for our current endpoint above to continue working?

(We've tried Workplace=Read, Projects=Read, Repositories=Read, Pull requests=Read)

Thanks all,

2 answers

1 accepted

0 votes
Answer accepted

The 403 message is a red herring, and seems to avoid saying that the Label should not be substituted for the [account] name (see url above) when an app password is used.

IOW, every APP PASSWORD you create continues to employ [account] as the username.

I would suggest an Enhancement Request to add some hint wording to this effect - where App Passwords are created, perhaps a tooltip (?) next to the "Label" column header, or a faux "Username" header which just repeats the correct value on each row.
I suspect this would reduce the volume of support traffic from idiots like me.

FYI It looks like the only permission needed was “Read” under “Pull requests”. 

kutumb aap downlod

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events