I have a private Bitbucket repository with a public issue tracker. I would like to include a "Report Issue" dialog in my mobile app, that the user would fill out (title, description), and then use the REST API to create a new item in the issue tracker.
The docs for the REST API say that authentication is required for POST .../issues .
What would be an appropriate user in this use case? I don't want the users of my app to have to use a Bitbucket account, nor do I want the app to post using my account.
Community moderators have prevented the ability to post new answers.
One way to solve this issue is to proxy the requests.
Assuming your mobile app has a backend component, you can relay the create-issue requests to your own server and then from there you POST to Bitbucket. This will keep your Bitbucket credentials secure.
You should also still create a dedicated Bitbucket account for your app like Marcus suggested, so not all issues are created under your personal account.
As Bitbucket accounts are 100% FREE to create and use, I'd recommend using a new user that you create and own called {my app} Bot or some such. We use one internally to clone issues from our public Bitbucket issue tracker into our internal development issue tracker.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can do that, but I think efung's reason for not using his own account in his app is that that would expose his credentials to all his users.
Using a dedicated Bitbucket account for which the username/password is hardcoded in the app, would expose you to the the same problems. Nothing is stopping users from deleting the account, or do other silly things.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.