Last updated May 18, 2023

Rate this page:

Changelog

This changelog is the source of truth for all changes to the Bitbucket API and Bitbucket Connect API that affect people using Bitbucket Cloud and developing Bitbucket Cloud apps.

To ask any questions related to Bitbucket Cloud development please visit the Bitbucket Cloud developer community.

18 May 2023

Deprecation Notice Bitbucket Cloud Pipelines is ending support for the legacy runtime execution environment in favor of Containerd

Bitbucket Pipelines operates in a Kubernetes-based infrastructure environment, and our internal execution environment leverages Containerd by default for all customers in a transparent manner.

A small number of users have been provisioned onto Docker based runtime infrastructure after a specific exemption was applied by Customer Support; it’s now time to retire that infrastructure.
A runtime change does not impact your ability to build containers using the Docker CLI, the primary impact is if you’re using out-of-date Docker tooling, or tooling that leverages deprecated Docker APIs
The Docker project has been committed to the Containerd project for a number of years Extending Docker’s Integration with containerd | Docker

30 March 2023

Deprecation Notice Jira issue glance module in Forge or Connect app being deprecated and replaced.

The jiraIssueGlances and jira:issueGlance module in Forge and Connect are being deprecated and replaced with the issueContext module on the Oct 6, 2023.

1 February 2023

Announcement Introducing Project and Workspace Access Tokens

Bitbucket Cloud now features Project and Workspace Access Tokens, which are similar to the recently released Repository Access Tokens, providing access to a single project or workspace and all the repositories under that resource. These tokens can be used to authenticate with Bitbucket APIs for scripting, CI/CD tools, Bitbucket Cloud-connected apps, and Bitbucket Cloud integrations. 

Workspace admins can set a Project or Workspace Access Token’s access level through permission scopes during creation. Each token is linked to a project or workspace; preventing them from being used to access any repositories outside the specific project or workspace.

More details

To start using Project Access Tokens, visit a Bitbucket Cloud project you have admin access to, and navigate to Project settings > Security > Access tokens. For Workspace Access Tokens, navigate to the Workspace view, then select Settings > Security > Access tokens.

For details, see:

18 January 2023

Announcement We’re updating our API token, API key, and Repository Access Token length

On January 18, 2023, we'll be extending the length of API tokens for Atlassian accounts, API keys, and Repository Access Tokens. This ensures new tokens and keys generated after this date are more secure and reliable. Tokens and keys created before January 18, 2023 won’t be affected.

5 January 2023

Removed Bitbucket no longer supports personal Connect apps

We’ve discontinued support for personal Connect apps in Bitbucket. Please see the deprecation notice for more details.

24 November 2022

Announcement Introducing Repository Access Tokens

Bitbucket Cloud now features Repository Access Tokens, a new form of authentication that provides access to a single repository. These tokens can be used to authenticate with Bitbucket APIs for scripting, CI/CD tools, Bitbucket Cloud-connected apps, and Bitbucket Cloud integrations.

Repository admins can set a Repository Access Token’s access level through permission scopes during creation. Each token is linked to its repository, not a user or workspace; this prevents them from being used to access any other repositories or workspaces.

More details

To start using Repository Access Tokens, select Repository Settings > Security > Access Tokens on your repository.

For more information, see:

8 August 2022

Announcement Announcement — Introducing 'App User' type on Feb 9, 2023

To support the development of a new feature, we're introducing a new subtype of the Account definition called App User into the Bitbucket Cloud API. After a 6-month deprecation period, ending on Feb 9, 2023, any API which documents an Account type can start returning App User objects, along with the currently expected Team and User objects.

Read more about the impact of the changes here: https://developer.atlassian.com/cloud/bitbucket/announcement-introducing-app-user/

1 August 2022

Deprecation Notice Deprecation of personal Connect apps in Bitbucket

Bitbucket is deprecating support for Personal Connect apps on January 1, 2023. This is an uncommon type of Connect app that installs into a user’s personal account rather than the workspace.

Below you can find more information about this change, as well as steps to update your app.

More details

Personal Connect apps are a type of Bitbucket Connect app that is installed into the user’s personal account - as opposed to the typical Connect app that is installed into a Bitbucket workspace. As such, Personal Connect apps ‘follow’ users around as they navigate content across different workspaces.

From January 1, 2023, Bitbucket will no longer support Personal Connect apps. Their installation will be blocked. Soon after, Personal Connect apps will be removed from users' accounts. After this, the only valid Bitbucket Connect context type will be “account”.

This is part of an ongoing effort to give workspace admins more control over which integrations can access their data. Additionally, simplifying our Connect framework will help us create and roll out new features to customers faster.

If you're an app developer that maintains a personal Connect app, we suggest converting your app into a workspace Connect app. This will effectively reduce the reach of your app to the workspace of the user, rather than any workspace that the user can access.

In order to do this, you will need to update your Connect descriptor to change its "contexts" attribute from ["personal"] to ["account"]. This change will then be applied to new installations of your app.

To apply this change to existing installations you have 2 options:

As a user, check if any of your installed apps are “personal” apps by navigating to your workspace settings > Apps and Features > Installed Apps. For each app you can see the installation context (personal or workspace).

You can also contact your app vendor to learn more about the recommended upgrade path.

29 July 2022

Removed The format and length of Bitbucket App Passwords has changed

The previously announced change to the format of App Passwords has been fully rolled out.

25 July 2022

Announcement New developer support page

We recently launched a new developer support page, which serves as a centralized hub for reporting issues, managing your app and getting support. This page will streamline your experience of getting in contact with us for different areas of support:

  • Bugs: Report development or Marketplace bugs

  • Incidents: Report critical issues or breaking changes

  • App listing: Edit your app or access Marketplace APIs

  • Accounts and payment: Manage your Marketplace payments and licenses

  • App migration: Get help with creating a cloud version of your app

  • Security programs: Apply or adjust your program details

  • Partner resources: Request access to exclusive partner content

  • Ukraine support: Request emergency concessions or ask questions

If you have any questions, please get in touch with us via the developer community announcement.

28 June 2022

Deprecation Notice Changes to format and length of Bitbucket app passwords

On Jul 12, 2022, Bitbucket will be changing the format of newly created app passwords. As part of this, the length of app passswords will change from 20 to 36 characters.

More details

To improve the overall security of app passwords, we want to improve our capabilities to scan for any leaked tokens. Changing the format lets us accomplish this at a greater scale.

This should have no impact on most scripts and integrations. However, you may need to update your storage to accommodate for this. For example, you may need to update the character size of a database column, in case you’re persisting these tokens in a database, like Postgres.

If you’re impacted by this in any way, we suggest that you allow for tokens with a length of 100 characters. This should cover any potential future changes as well.

Note that this will only affect newly created app passwords. Existing app passwords will remain unchanged.

7 June 2022

Deprecation Notice Removing project:write scope from Bitbucket Cloud API on 15 May 2023

Beginning 15 May 2023, we are removing the project:write scope from the Bitbucket Cloud API.

More details

We have released a new scope, project:admin, which means the project:write scope is now obsolete.

  • All integrations currently using the project:write scope to call the Project endpoints (listed here) need to start using the project:admin scope.

  • All integrations currently using the project:write scope to call the Repository endpoints (listed here) or Git LFS need to start using the repository scope.

27 May 2022

Deprecation Notice The diff type is changing

We are changing the type of diff that is returned in the Bitbucket Cloud API from a ‘3-way’ diff to Git’s ‘three-dot’ diff. This new diff reflects the difference between the tip of a source branch and the commit from which it branched off of the destination. Read more about the new ‘three-dot’ diff here.

As a part of this change we are deprecating the merge query parameter in the diff and diffstat API endpoints. It is being replaced with a new query parameter topic, an optional boolean where true returns the new 'three-dot' diff and false returns a simple two-dot diff.

More details

For the next six months, requests to the diff APIs with neither the merge nor topic parameter provided will continue to return a '3-way' diff. After this period, the merge parameter will be removed entirely and requests without a topic parameter will return a 'three-dot' diff.

28 March 2022

Added New 3LO App Controls for Site Admins

An improvement will be made in the coming days to allow customers (site admins) to turn off (or back on) end-user installation capabilities for OAuth 2.0 (3LO) apps. If you are a developer of OAuth 2.0 (3LO) apps, you do not need to take any action as a result of this change, as this message is only to communicate the impact to the customer.

More details

Previously, controls were not in place for an admin to block their users from installing 3LO apps. Adding the ability for an admin to prohibit users from installing 3LO apps now aligns more closely to how a user would install any other, non-3LO apps on the Marketplace. This functionality was requested by several Atlassian enterprise customers to gain increased control over where their data is shared and which apps have access to their instance. By allowing admins to control end-user app installs, we are making it possible for more enterprise customers to move to cloud. Once in cloud, these companies will not be blocked from installing 3LO apps, because admins will retain the ability to vet and install the apps at their discretion.

Figure (a) below demonstrates the section of the customer’s admin console where they will now be able to block their users from installing 3LO apps. Figure (b) below shows the new experience when a customer tries to install a 3LO app after their admin has disabled this function.

If a customer attempts to install a 3LO app after their admin has disabled this function, the following error message will appear:

App is blocked by an admin
An admin has not allowed [App Name] to access data from [Your Atlassian Instance] . Select another site to authorize access to or contact your admin for more information.

(a)

(b)

9 August 2021

Deprecation Notice Atlassian account passwords for API and Git activity will be disabled 1 March 2022

As previously announced in the Bitbucket blog, beginning 1 March 2022, Bitbucket users will not be able to use their Atlassian account passwords for API and Git activity.

Additionally, we've recently announced that new users with Atlassian accounts created on or after 13 September 2021 will not be able to use their account passwords for these Bitbucket activities.

Read more here.