Last updated Aug 8, 2022

Rate this page:

Changelog

This changelog is the source of truth for all changes to the Bitbucket API and Bitbucket Connect API that affect people using Bitbucket Cloud and developing Bitbucket Cloud apps.

To ask any questions related to Bitbucket Cloud development please visit the Bitbucket Cloud developer community.

8 August 2022

Announcement Announcement — Introducing 'App User' type on Feb 9, 2023

To support the development of a new feature, we're introducing a new subtype of the Account definition called App User into the Bitbucket Cloud API. After a 6-month deprecation period, ending on Feb 9, 2023, any API which documents an Account type can start returning App User objects, along with the currently expected Team and User objects.

Read more about the impact of the changes here: https://developer.atlassian.com/cloud/bitbucket/announcement-introducing-app-user/

1 August 2022

Deprecation Notice Deprecation of personal Connect apps in Bitbucket

Bitbucket is deprecating support for Personal Connect apps on January 1, 2023. This is an uncommon type of Connect app that installs into a user’s personal account rather than the workspace.

Below you can find more information about this change, as well as steps to update your app.

More details

Personal Connect apps are a type of Bitbucket Connect app that is installed into the user’s personal account - as opposed to the typical Connect app that is installed into a Bitbucket workspace. As such, Personal Connect apps ‘follow’ users around as they navigate content across different workspaces.

From January 1, 2023, Bitbucket will no longer support Personal Connect apps. Their installation will be blocked. Soon after, Personal Connect apps will be removed from users' accounts. After this, the only valid Bitbucket Connect context type will be “account”.

This is part of an ongoing effort to give workspace admins more control over which integrations can access their data. Additionally, simplifying our Connect framework will help us create and roll out new features to customers faster.

If you're an app developer that maintains a personal Connect app, we suggest converting your app into a workspace Connect app. This will effectively reduce the reach of your app to the workspace of the user, rather than any workspace that the user can access.

In order to do this, you will need to update your Connect descriptor to change its "contexts" attribute from ["personal"] to ["account"]. This change will then be applied to new installations of your app.

To apply this change to existing installations you have 2 options:

As a user, check if any of your installed apps are “personal” apps by navigating to your workspace settings > Apps and Features > Installed Apps. For each app you can see the installation context (personal or workspace).

You can also contact your app vendor to learn more about the recommended upgrade path.

29 July 2022

Removed The format and length of Bitbucket App Passwords has changed

The previously announced change to the format of App Passwords has been fully rolled out.

25 July 2022

Announcement New developer support page

We recently launched a new developer support page, which serves as a centralized hub for reporting issues, managing your app and getting support. This page will streamline your experience of getting in contact with us for different areas of support:

  • Bugs: Report development or Marketplace bugs

  • Incidents: Report critical issues or breaking changes

  • App listing: Edit your app or access Marketplace APIs

  • Accounts and payment: Manage your Marketplace payments and licenses

  • App migration: Get help with creating a cloud version of your app

  • Security programs: Apply or adjust your program details

  • Partner resources: Request access to exclusive partner content

  • Ukraine support: Request emergency concessions or ask questions

If you have any questions, please get in touch with us via the developer community announcement.

28 June 2022

Deprecation Notice Changes to format and length of Bitbucket app passwords

On Jul 12, 2022, Bitbucket will be changing the format of newly created app passwords. As part of this, the length of app passswords will change from 20 to 36 characters.

More details

To improve the overall security of app passwords, we want to improve our capabilities to scan for any leaked tokens. Changing the format lets us accomplish this at a greater scale.

This should have no impact on most scripts and integrations. However, you may need to update your storage to accommodate for this. For example, you may need to update the character size of a database column, in case you’re persisting these tokens in a database, like Postgres.

If you’re impacted by this in any way, we suggest that you allow for tokens with a length of 100 characters. This should cover any potential future changes as well.

Note that this will only affect newly created app passwords. Existing app passwords will remain unchanged.

7 June 2022

Deprecation Notice Removing project:write scope from Bitbucket Cloud API on 15 May 2023

Beginning 15 May 2023, we are removing the project:write scope from the Bitbucket Cloud API.

More details

We have released a new scope, project:admin, which means the project:write scope is now obsolete.

  • All integrations currently using the project:write scope to call the Project endpoints (listed here) need to start using the project:admin scope.

  • All integrations currently using the project:write scope to call the Repository endpoints (listed here) or Git LFS need to start using the repository scope.

27 May 2022

Deprecation Notice The diff type is changing

We are changing the type of diff that is returned in the Bitbucket Cloud API from a ‘3-way’ diff to Git’s ‘three-dot’ diff. This new diff reflects the difference between the tip of a source branch and the commit from which it branched off of the destination. Read more about the new ‘three-dot’ diff here.

As a part of this change we are deprecating the merge query parameter in the diff and diffstat API endpoints. It is being replaced with a new query parameter topic, an optional boolean where true returns the new 'three-dot' diff and false returns a simple two-dot diff.

More details

For the next six months, requests to the diff APIs with neither the merge nor topic parameter provided will continue to return a '3-way' diff. After this period, the merge parameter will be removed entirely and requests without a topic parameter will return a 'three-dot' diff.

28 March 2022

Added New 3LO App Controls for Site Admins

An improvement will be made in the coming days to allow customers (site admins) to turn off (or back on) end-user installation capabilities for OAuth 2.0 (3LO) apps. If you are a developer of OAuth 2.0 (3LO) apps, you do not need to take any action as a result of this change, as this message is only to communicate the impact to the customer.

More details

Previously, controls were not in place for an admin to block their users from installing 3LO apps. Adding the ability for an admin to prohibit users from installing 3LO apps now aligns more closely to how a user would install any other, non-3LO apps on the Marketplace. This functionality was requested by several Atlassian enterprise customers to gain increased control over where their data is shared and which apps have access to their instance. By allowing admins to control end-user app installs, we are making it possible for more enterprise customers to move to cloud. Once in cloud, these companies will not be blocked from installing 3LO apps, because admins will retain the ability to vet and install the apps at their discretion.

Figure (a) below demonstrates the section of the customer’s admin console where they will now be able to block their users from installing 3LO apps. Figure (b) below shows the new experience when a customer tries to install a 3LO app after their admin has disabled this function.

If a customer attempts to install a 3LO app after their admin has disabled this function, the following error message will appear:

App is blocked by an admin
An admin has not allowed [App Name] to access data from [Your Atlassian Instance] . Select another site to authorize access to or contact your admin for more information.

(a)

(b)

9 August 2021

Deprecation Notice Atlassian account passwords for API and Git activity will be disabled 1 March 2022

As previously announced in the Bitbucket blog, beginning 1 March 2022, Bitbucket users will not be able to use their Atlassian account passwords for API and Git activity.

Additionally, we've recently announced that new users with Atlassian accounts created on or after 13 September 2021 will not be able to use their account passwords for these Bitbucket activities.

Read more here.

10 March 2021

Deprecation Notice Bitbucket Cloud JSAPI Messages is deprecated effective 10 March 2021

Bitbucket is deprecating Connect JSAPI Messages. This change requires minimal changes to start using the new JSAPI Flag component. We are enacting this change to align Bitbucket Connect JSAPI with other Atlassian cloud products. You will have 6 months to update your app and make the required changes.

Read more here.

19 February 2021

Added You can now subscribe to Request Changes Webhooks

The newly introduced Request Changes status in Bitbucket Cloud brings an explicit method to tell the pull request author that there is still some work to do. For more information on this feature, you can take a look at our blog post. To help teams determine when this action has been performed, we have added the ability with webhooks to subscribe to the Request Changes callback.

Read more here.

30 November 2020

Deprecation Notice Updating commit status permissions

On May 21, 2021 Bitbucket /2.0/.../commit/{node}/statuses/build API for creating and retrieving commit build statues will have updated permissions. Only the creator of the build status will be able to overwrite existing records (PUT/POST requests). If you are using this API endpoint, please read on.

Read more here.

28 October 2020

Deprecation Notice Removing webhooks registered via Connect apps from /2.0/.../hooks API response

On April 30, 2021 Bitbucket /2.0/.../hooks API for retrieving webhooks will no longer include the read-only hooks registered via Connect apps in the response. If you are using these API endpoints, please read on.

Read more here.

1 July 2020

Removed Connect app webhooks to be restricted by scopes 1 July 2020

Bitbucket is making a change that may result in connect apps receiving fewer webhooks than they were previously. We are doing this to provide end-users with more information about the type of access an app may have to their content. This could potentially break applications—read on to determine if your app will be impacted.

Previously, apps could register for any Bitbucket webhook, regardless of its scopes. Scopes were only applied to the API requests that the app made, not the webhooks it received—and this is what we’re changing.

We will begin enforcing the same scopes that are applied to API requests to webhooks as well. For example, your app will need to have the pullrequest scope in order to receive the pullrequest:updated webhook.

Read more here.

8 April 2020

Deprecation Notice Sandboxing of Connect App iframes

To improve security, we are adding sandboxing to Connect App iframes in Bitbucket. These changes have been implemented by Jira and Confluence. The sandbox adds extra security by preventing the content of the iframe from performing certain actions. You have until February 20, 2021 to update your Connect Apps and fix any breaking changes.

Read more here.