BitBucket changed its security policy to require API Tokens for Git operations in 2026.
The following shows how to update a repo to be able to continue to use Git operations as usual.
In the Atlassian UI, first we need to create an API Token.
Find the following in the UI:
- Profile icon, then Account settings
- Security, then Create and Manage API tokens, then select Create API token
- Create API token with scopes
- Give the token a name like “API Token”
- Select a long expiry time, e.g. one year
- Assign scopes required. For Git operations we only need:
Read
read:repository:bitbucket
Write
write:repository:bitbucket
Save the API Token locally in a text file, e.g.:
api-token.txt
Now update the remote of the repo:
$ git remote set-url origin
https://x-bitbucket-api-token-auth@bitbucket.org/{workspace}/{repository}.git
That is:
- workspace is your username
- repository is the repo name
For example:
https://bitbucket.org/{your-username}/{your-repo}.git
In this case the complete command is:
$ git remote set-url origin
https://x-bitbucket-api-token-auth@bitbucket.org/{your-username}/{your-repo}.git
Now we can perform git operations as usual; however, we will need the API token ready to paste into the password prompt.
To copy the token into the clipboard (pasteboard) on macOS, a nice clean way is:
$ cat api-token.txt | pbcopy
Now perform a git operation in our repo, e.g.:
$ git push origin main Password for 'https://x-bitbucket-api-token-auth@bitbucket.org':
Paste in the API token as the password with Command+v.
The git operation should succeed as usual.
References
https://developer.atlassian.com/cloud/bitbucket/changelog/#CHANGE-3222
