Bitbucket REST API: POST using token instead of basic auth

Mibex_Software
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

Hi,

I would like to create a pull request comment by using Bitbucket's REST API. I cannot use username/password via Basic Auth to authenticate, but rather would like to use an API key or an OAuth token of a technical user as it is possible with Github.

What I managed to do is to execute OAuth GET requests like this:

curl "https://bitbucket.org/api/1.0/repositories/YOUR_USER/YOUR_REPOSITORY?oauth_token_secret=YOUR_SECRET&oauth_token=YOUR_TOKEN"

Is there something similar I can use for Bitbucket REST POST requests like the following:

curl -X POST -d '{"content":"my comment"}' -H "Content-Type: application/json"   "https://bitbucket.org/api/1.0/repositories/YOUR_USER/YOUR_REPOSITORY/pullrequests/1/comments"

Thanks in advance,

Michael

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

3 votes
Answer accepted
TimP
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

Hi Michael,

You can see the different ways of using an OAuth token under "Making Requests" on Bitbucket OAuth 2.0

The best way is to pass your token in the Authorization header, like so:

Authorization: Bearer {access_token}

Note also that you shouldn't need to pass your secret as part of the request, just the token.

cheers,

Tim

Mibex_Software
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

Thanks for your feedback! I tried to create an access token, but with that I get {"error": {"message": "Access token expired. Use your refresh token to obtain a new access token."}} Here is what I did: I entered the consumer key and the consumer secret from Bitbucket into the form at http://term.ie/oauth/example/client.php and used "https://bitbucket.org/api/1.0/oauth/request_token?oauth_callback="; as my endpoint. With that, I got an "oauth_token" and "oauth_token_secret". Then I tried to execute the following using the generated "oauth_token": curl -X POST -d '{"content":"my comment"}' -H "Authorization: Bearer oauth_token" -H "Content-Type: application/json" "https://bitbucket.org/api/1.0/repositories/MY_USER/MY_REPO/pullrequests/1/comments"; which resulted in the error above. Can you spot the error I made? Also, what is the recommended way for users to create such a token for using it within shell scripts etc. when basic auth is not an option? Is there a provided page in Bitbucket or is it necessary to implement the OAuth process inside the place where this should be used? Isn't there some way to just create something like an API token to be used for scenarios like that?

TimP
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

That looks good to me - I did the same with my own consumer info and it worked. You can use the following curl command to retrieve a token rather than going via term.ie if you like: $ curl -X POST -u "consumer_key:consumer_secret" https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials Did you modify the "scopes" or any other information associated with your OAuth consumer before POSTing to the Pull Request API? If so it will expire your token, which may have caused the problem you're seeing. For a script, I'd recommend using the "Client Credentials Grant" documented at https://developer.atlassian.com/static/bitbucket/concepts/oauth2.html to get an OAuth token and then use that to authenticate with the REST API.

Mibex_Software
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

Thanks. Now I keep getting {"error_description": "No callback uri defined for the OAuth client.", "error": "invalid_request"}[ even if I define a callback URI: curl -X POST -u "consumer_key:consumer_secret" https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials -d oauth_callback=http://www.google.ch Any ideas?

TimP
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

Ah, for OAuth2 you need to define your callback URI on your OAuth consumer in the Bitbucket UI: https://monosnap.com/file/iegsugZq4REHTaQ7lItm9kk7M7e4zk.png We don't allow you to pass it as a parameter. Hope that helps!

Mibex_Software
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

Thanks a lot, that did the trick! One last question: is there a concept of a technical user (or service user in terms of Stash) in Bitbucket? I want to execute REST API calls from a script and I actually don't want to do it as my own user. I would really like to see in my pull request comments that they were created by "SERVICE XYZ" instead of my user. I know that there are API keys for teams in Bitbucket (which I was able to do REST calls with), but I want something similar for single-user repositories. Does that exist?

TimP
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

It's an intriguing idea! But no, the concept of service users don't currently exist in Bitbucket. I'd heartily recommend raising a feature request at https://bitbucket.org/site/master/issues/ though - it's a great idea for integrations.

Like Tae-kyeom, Kim likes this
Mibex_Software
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

I will create a feature request then. Thanks again for your great help!

Mibex_Software
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015
TimP
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2015

Cheers!

Sohit Kumar June 14, 2018

why callback url is required for grant type =client_credentials??

Like # people like this
TAGS
AUG Leaders

Atlassian Community Events