Bitbucket · Authentication Profile

Bitbucket Authentication

Authentication

Bitbucket secures its APIs with apiKey, http, and oauth2 across 3 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode flow(s).

AtlassianCI/CDCode CollaborationCode ReviewDevOpsGitPull RequestsRepository HostingVersion Control
Methods: apiKey, http, oauth2 Schemes: 3 OAuth flows: authorizationCode API key in: header

Security Schemes

basic http
scheme: basic
oauth2 oauth2
· flows: authorizationCode
api_key apiKey
· in: header (Authorization)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/bitbucket-cloud-rest-api-openapi.json
summary:
  types:
  - apiKey
  - http
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - authorizationCode
schemes:
- name: basic
  type: http
  scheme: basic
  description: Basic HTTP Authentication as per [RFC-2617](https://tools.ietf.org/html/rfc2617)
    (Digest not supported). Note that Basic Auth is available only with username and app password
    as credentials.
  sources:
  - openapi/bitbucket-cloud-rest-api-openapi.json
- name: oauth2
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://bitbucket.org/site/oauth2/authorize
    tokenUrl: https://bitbucket.org/site/oauth2/access_token
    scopes: 26
  description: OAuth 2 as per [RFC-6749](https://tools.ietf.org/html/rfc6749).
  sources:
  - openapi/bitbucket-cloud-rest-api-openapi.json
- name: api_key
  type: apiKey
  in: header
  parameter: Authorization
  description: API Keys can be used as Basic HTTP Authentication credentials and provide a substitute
    for the account's actual username and password. API Keys are only available to team accounts
    and there is only 1 key per account. API Keys do not support scopes and have therefore access
    to all contents of the account.
  sources:
  - openapi/bitbucket-cloud-rest-api-openapi.json