bitbucket API v2 /repositories/{username}/{repo_slug}/ permissions problem

Vangelis Katsikaros September 29, 2017

Hi

I have both buitbucket API v1 and v2 working with plain curl commands, but I run into a user configuration problem.

  • The user I am using has read permissions on the repo
  • the repo is set to private
  • and the oauth consumer has the scope repository.

With API v2

I am getting my access token (using password grant type)

curl -s -X POST -d 'grant_type=password&username=__USERNAME__&password=__PASSWORD__' --user '__USERID__:__KEY__' https://bitbucket.org/site/oauth2/access_token | jq --raw-output .access_token

I can use this token in other API calls, that return 200 and data. So I have managed to make authentication work.

curl -s -H "Authorization: bearer `curl -s -X POST -d 'grant_type=password&username=__USERNAME__&password=__PASSWORD__' --user '__USERID__:__KEY__' https://bitbucket.org/site/oauth2/access_token | jq --raw-output .access_token`" https://api.bitbucket.org/2.0/repositories/__TEAM__/ | jq .



{
"next": "https://api.bitbucket.org/2.0/repositories/__TEAM__/?page=2",
"page": 1,
"values": [
{
"description": "",
"is_private": false,


...

However when I try the same on /repositories/{username}/{repo_slug}/commits/master it fails with 401

curl -s -H "Authorization: bearer `curl -s -X POST -d 'grant_type=password&username=__USERNAME__&password=__PASSWORD__' --user '__USERID__:__KEY__' https://bitbucket.org/site/oauth2/access_token | jq --raw-output .access_token`" https://api.bitbucket.org/2.0/repositories/__TEAM__/__REPO__/commits/master | jq .

So I am wondering what could I be doing wrong here? The only thing I can think of is a configuration on the bitbucket's repo or user, but I am unclear on how to proceed.

 

With API v1

Accessing the commits with v1 works fine (so I guess permissions are ok?)

curl -s --user __USERID__:__KEY__ "https://api.bitbucket.org/1.0/repositories/__TEAM__/__REPO__/changesets/?limit=1" | jq --raw-output .

but I cannot filter the commits per branch, which makes it very hard to look for a specific branch.

1 answer

1 accepted

3 votes
Answer accepted
csomme
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 2, 2017

Hi,

Your test of the 2.0 endpoint (using /2.0/repositories/__TEAM__/) is a little deceiving. That endpoint doesn't require authentication at all. If it's called without authentication, or with invalid credentials, it will return public repositories.

In your case, the fix should be simple. The "Bearer" in the Authorization header is case sensitive. Change it from "bearer" to "Bearer" and it will likely work.

All of that said, depending on what you're after, that isn't necessarily required. We have no plans to stop supporting Basic auth for the endpoints. The Basic auth you're using on the v1 api will work fine on a v2 api, and the oauth2 credentials will work on the v1 api. If you're writing a script that has access to your username and password anyway, and have no need to use OAuth for any other reason, feel free to keep using basic auth. It will fail if you use 2FA on your account, but that's true of both Basic auth and the password flow for OAuth2 on Bitbucket.

Vangelis Katsikaros October 3, 2017

Indeed, the case sensitive header authentication problem, was masked by a bad test!

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events