Hi
I have both buitbucket API v1 and v2 working with plain curl commands, but I run into a user configuration problem.
With API v2
I am getting my access token (using password grant type)
curl -s -X POST -d 'grant_type=password&username=__USERNAME__&password=__PASSWORD__' --user '__USERID__:__KEY__' https://bitbucket.org/site/oauth2/access_token | jq --raw-output .access_token
I can use this token in other API calls, that return 200 and data. So I have managed to make authentication work.
curl -s -H "Authorization: bearer `curl -s -X POST -d 'grant_type=password&username=__USERNAME__&password=__PASSWORD__' --user '__USERID__:__KEY__' https://bitbucket.org/site/oauth2/access_token | jq --raw-output .access_token`" https://api.bitbucket.org/2.0/repositories/__TEAM__/ | jq .
{
"next": "https://api.bitbucket.org/2.0/repositories/__TEAM__/?page=2",
"page": 1,
"values": [
{
"description": "",
"is_private": false,
...
However when I try the same on /repositories/{username}/{repo_slug}/commits/master it fails with 401
curl -s -H "Authorization: bearer `curl -s -X POST -d 'grant_type=password&username=__USERNAME__&password=__PASSWORD__' --user '__USERID__:__KEY__' https://bitbucket.org/site/oauth2/access_token | jq --raw-output .access_token`" https://api.bitbucket.org/2.0/repositories/__TEAM__/__REPO__/commits/master | jq .
So I am wondering what could I be doing wrong here? The only thing I can think of is a configuration on the bitbucket's repo or user, but I am unclear on how to proceed.
With API v1
Accessing the commits with v1 works fine (so I guess permissions are ok?)
curl -s --user __USERID__:__KEY__ "https://api.bitbucket.org/1.0/repositories/__TEAM__/__REPO__/changesets/?limit=1" | jq --raw-output .
but I cannot filter the commits per branch, which makes it very hard to look for a specific branch.
Hi,
Your test of the 2.0 endpoint (using /2.0/repositories/__TEAM__/) is a little deceiving. That endpoint doesn't require authentication at all. If it's called without authentication, or with invalid credentials, it will return public repositories.
In your case, the fix should be simple. The "Bearer" in the Authorization header is case sensitive. Change it from "bearer" to "Bearer" and it will likely work.
All of that said, depending on what you're after, that isn't necessarily required. We have no plans to stop supporting Basic auth for the endpoints. The Basic auth you're using on the v1 api will work fine on a v2 api, and the oauth2 credentials will work on the v1 api. If you're writing a script that has access to your username and password anyway, and have no need to use OAuth for any other reason, feel free to keep using basic auth. It will fail if you use 2FA on your account, but that's true of both Basic auth and the password flow for OAuth2 on Bitbucket.
Indeed, the case sensitive header authentication problem, was masked by a bad test!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.