New app! API Token Authentication for Bitbucket

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on reddit
Reddit
Share on facebook
Facebook
Advanced token management has finally landed on the Bitbucket planet! Find out the advantages over the classic tokens Atlassian has been offering to developers.

Table of Contents

Introducing API Token Authentication for Bitbucket

We are happy to announce we have just released a new member of the API Token authentication family!

Enjoy advanced API token management also in Bitbucket Server and Bitbucket Data Center.

But I thought that Bitbucket already had personal access tokens!

personal access tokens for bitbucket

Yes, indeed. Bitbucket ships with personal access tokens so that users can leverage secure access to the Bitbucket REST API.

If you’re used to Bitbucket’s personal access tokens, jumping onto API Token Auth will be quite transparent, because there are important similarities.

Similarities between Bitbucket personal access tokens and resolution’s API tokens for Bitbucket

Similarity 1: Tokens can do what the user can do

For starters, a token will have the same permissions of the user who creates it.

For example, if Mary Smith can fork a repository in project A but not in project B, Mary’s token can be used to fork a repository in project A, but not in project B.

Similarity 2: Token scopes

On top of the user permissions, you can restrict what a token can do even further.

Here’s where the approach differs a bit.

  • With resolution’s API Token Authenticator for Bitbucket, you can two types of scopes:
    • Read only permits GET, HEAD and OPTIONS requests
    • Read & write also permits PUT, POST, DELETE
API Token authentication: screen to create a token

Differences between Bitbucket personal tokens and resolution’s tokens for Bitbucket

Beyond the similarities, there are some major differences that can improve the security of Bitbucket and give administrators more options to control who has the rights to connect to the API, and for doing what.

Difference 1: permissions to use and create tokens (also for other users)

In Bitbucket, every user can create an API token for himself, and admins can revoke tokens. Period.

With the API Token Auth permissions, on top of the same base functionality you can decide which groups get to:

  • Use tokens
  • Create tokens
  • Create tokens on behalf of other users (and revoke other user’s tokens).
API Token authentication permissions

Bonus Trick: You can also restrict who gets to create read&write tokens with the options above.

create a read only token for the Bitbucket API

Difference 2: Advanced system settings

As with the above, the older brothers of API Token Authenticator for Bitbucket already contained interesting restrictions that give additional security:

  • Restrict API Tokens so they are only accepted if coming from specific IP addresses and ranges. This can be used to whitelist connections from authorized cloud vendors like Salesforce and from your own servers.
    • when running Bitbucket behind a reverse proxy, admins can adjust the app config so that the client IP address making a request with an API Token is read from a different header. This makes it possible for IP address restrictions to work as intended also in that setting.
  • Disable password authentication. If you want your users to stop using their passwords to access the API, this is an interesting option!

What’s coming next?

With this launch, API Token Authentication for Bitbucket has a complete set of functionality that we won’t expand in the short term.

But this can change, we’re always listening to our customers requirements.

What other features would you like to see?

We are highly responsive to the feature requests of our customers. Starting with SAML SSO, those feature requests have been the foundation to build our enterprise user management apps into the market leaders they currently are.

Start your evaluation

Keep reading

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on reddit
Reddit
Share on facebook
Facebook
SUBSCRIBE & FOLLOW
Get The Latest Updates
Subscribe To Our Newsletter
No spam, notifications only about new products, updates.
MOST POPULAR

How to empower Jira Service Desk agents to solve any issue

Empowering Jira Service Desk agents with real-time translations increases productivity, customer satisfaction and employee retention.

Read More

How to embed Power BI reports in Confluence

Introducing Microsoft Power BI Embed for Confluence We are happy to announce that we have...

Read More

How to staff a global service desk on a budget

How many team members you need on your agent team in Jira Service Desk to...

Read More

Setting up user provisioning on the journey to Data Center

Sixt Lease's architecture leverages Data Center applications with the most advanced apps from the Atlassian...

Read More
Categories
Tags
Read our recent posts
embed Power BI reports in Confluence sample
How to embed Power BI reports in Confluence

Introducing Microsoft Power BI Embed for Confluence We are happy to announce that we have just launched Microsoft PowerBI Embed...

Read More
How to staff a global service desk
How to staff a global service desk on a budget

How many team members you need on your agent team in Jira Service Desk to staff a global service desk?...

Read More
User Sync attribute synchronization
Setting up user provisioning on the journey to Data Center

Sixt Lease's architecture leverages Data Center applications with the most advanced apps from the Atlassian Marketplace for user provisioning.

Read More