Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Deprecation notice: Bitbucket Cloud shifts to API tokens from app passwords for enhanced security

June 9, 2025

Hello Bitbucket Cloud community,

At Atlassian, we’re dedicated to keeping your data and integrations secure. To enhance Bitbucket Cloud’s security, we’re announcing the transition from app passwords to API tokens, which offer improved security and management capabilities. Here’s what you need to know to prepare for this change.

Important: No changes are taking effect immediately, and existing integrations using app passwords will continue to function without interruption. However, this change is time-sensitive, with a 12-month transition period. Integrations withapp passwords will stop working entirely on June 9, 2026.

We strongly recommend starting the transition to Bitbucket API tokens as soon as possible to ensure uninterrupted access and improved security. Early preparation will ensure a smooth experience, and transitioning to API tokens is straightforward. This announcement outlines the steps to create API tokens, the reasons for this change, the timeline, and next steps.

Why app passwords are being deprecated

App passwords have served as a reliable authentication method, but API tokens offer enhanced security and greater control for all users:

  • Expiration control: API tokens can be set to expire after a defined period, reducing the risk of long-term exposure if a token is compromised.

  • Centralized management: API tokens are managed through a centralized system, enabling easier oversight, revocation, and control. For managed accounts within a claimed domain, Org Admins gain visibility into API token usage and the ability to revoke tokens as needed.

  • Modern scopes: API tokens support modern identity scopes, which are more secure and flexible than the classic scopes used by app passwords.

Transitioning to API tokens ensures a more secure and consistent authentication experience for all Bitbucket Cloud users. Learn more about user API tokens and different roles.

Deprecation timeline

A phased approach is being adopted to ensure a smooth transition with minimal disruption to existing integrations:

Phase 1: Announcement and preparation (June 9th 2025 )

  • No customer impact: App passwords will continue to work as expected, and all existing integrations remain unaffected.

  • Customers can begin transitioning to API tokens at their own pace.

  • Review our support documentation to help you create and implement API tokens.

  • We will be working with our partners, to make sure they are also aware of these changes and make necessary adjustments to their application to ensure smooth transition for 3rd party integrations for our customers.

Phase 2: Disabling new app password creation (September 9th 2025)

  • Bitbucket Cloud will no longer allow the creation of new app passwords.

  • Existing App passwords will continue to work, ensuring no disruption to your integrations.

  • Customers will be routed to create API tokens from this date forward and will be encouraged to adopt API tokens for their integrations during this phase.

Phase 3: Full deprecation of app passwords (June 9th 2026 )

  • App passwords will cease to function, and integrations using them will stop working.

  • All integrations previously using app passwords now must switch to API token to authenticate with Bitbucket Cloud.

  • Regular updates, reminders, and support will be provided throughout this process to ensure a seamless transition.

How to create API tokens

You can start using API tokens for scripting, CI/CD tools, or testing Bitbucket-connected applications. Follow these steps:

  1. From the top navigation bar, select Settings > Atlassian account settings > Security.

  2. Choose Create and manage API tokens > Create API token with scopes.

  3. Name the token, set an expiry date, and select Bitbucket as the app.

  4. Assign necessary permissions (see API token permissions for details).

  5. Create the token, copy it, and paste it into your application. Note: The token is displayed only once.

Learn more in our support documentation.

How to use API tokens

API tokens are single-purpose tokens with limited user scopes, perfect for scripting, CI/CD tools, and testing Bitbucket Connect apps during development. Here's how to use API tokens:

  • Bitbucket Cloud REST API: Authenticate using your Atlassian account email (located under Email aliases in your Bitbucket Personal settings) and an API token, replacing your username and app password.

  • Git Command-Line Interface (Git CLI): Use your Bitbucket username and an API token for interactions with Bitbucket Cloud.

See our support documentation for detailed guidance on how to use Bitbucket Cloud API tokens with the Git command line interface (Git CLI) and Bitbucket Cloud REST APIs.

Third-Party integrations

We are collaborating with partners like Sourcetree and other third-party applications to enhance and streamline their integrations for API token support. Once these integrations are fully implemented, we will provide updates. For setup instructions during the transition, please consult the documentation. For additional guidance, refer to our integration support documentation.

We’re here to help

We’re dedicated to making this transition seamless. Expect regular updates, reminders, and resources. If you have questions or need assistance, drop a comment below on this post.

Comment
Watch
Like # people like this
710 views

5 comments

TealShift
TealShift
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 20, 2025

Hi, when I updated my repo's remote address as instructed to:
git remote set-url origin https://{bitbucket_username}@bitbucket.org/{workspace}/{repository}.git

And then do `git pull` I still get prompted for my app password instead of my token. Why? And how do I use the token so I know it's working?

Like Michael Czeiszperger likes this
Michael Czeiszperger
Michael Czeiszperger
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 26, 2025

Has anyone successfully gotten this to work?  I just spent 2 hours trying to figure it out, and gotten nowhere. 

The instructions don't say what to do after the "git remote", which still asks for the password.  

 

 

Like
Giacomo
Giacomo
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 27, 2025

Hello, exactly I have the same problem. I created the api key but I have no idea how to use it.

Like
Hamreet Kaur
Hamreet Kaur
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 27, 2025

Thank you for raising this issue. To clarify, when prompted for a password, you can enter your API token instead. We've updated our documentation to make this step clearer. Let us know if you run into any further issues.

Like Sandeep K likes this
Michael Czeiszperger
Michael Czeiszperger
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 27, 2025

I already tried using the APi token instead of the password over and over again, which is why I am trying to find out if anyone has actually gotten it to work. It doesn’t take API tokens, or at least it wouldn’t take mine. I’ll wait until the last minute and hope you’ve figured it out by then.  I tried to verify that what was copied/pasted into the field, but it’s designed to be impossible to verify as best I can tell.  

Like

Comment

Log in or Sign up to comment
Hamreet Kaur

Hamreet Kaur

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

Associate Product Manager - Bitbucket Cloud

Atlassian

9 total posts

View profile
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security