New Bitbucket Cloud 2.0 APIs

We are happy to announce an update to the Bitbucket Cloud 2.0 REST API, designed to allow developers a simple way to automate all Create, Read, Update and Delete (CRUD) operations on repository permissions for both groups and users.

What’s New

• GET /repositories/{workspace}/{repo_slug}/permissions-config/users

  • List explicit user permissions for a repository

• GET /repositories/{workspace}/{repo_slug}/permissions-config/users/{selected_user}

  • Get an explicit user permission for a repository

• PUT /repositories/{workspace}/{repo_slug}/permissions-config/users/{selected_user}

  • Update an explicit user permission for a repository

• DELETE /repositories/{workspace}/{repo_slug}/permissions-config/users/{selected_user}

  • Delete an explicit permission for a repository

• GET /repositories/{workspace}/{repo_slug}/permissions-config/groups

  • Get a paginated list of all explicit group permissions for a repository.

• GET /repositories/{workspace}/{repo_slug}/permissions-config/groups/{group_slug}

  • Get an explicit group permission for a repository

• PUT /repositories/{workspace}/{repo_slug}/permissions-config/groups/{group_slug}

  • Update an explicit group permission for a repository

• DELETE /repositories/{workspace}/{repo_slug}/permissions-config/groups/{group_slug}

  • Delete an explicit group permission for a repository

All of these endpoints require a repository admin permission and repository:admin scope.

Why create a new permissions-config resource on the repositories path?

These endpoints provide a 2.0 REST API replacement for much of the functionality in Bitbucket’s 1.0 REST API /group-privileges endpoint. The movement of permission CRUD functionality from the Principal to the Resource is intentional and has several advantages:

• The same endpoint can manipulate permissions for both users and groups without needing a separate endpoint for both.

• The scope required to change permissions is much more restrictive (repository:admin) as opposed to the full account:write scope required to update groups.

• When project permissions are released later this year they will follow the same pattern and be consistent for all permission assignments.

Check out examples for:

• Querying user and group permissions

• Adding user and group permissions to a repository

• Deleting user and group permissions from a repository

Give us feedback

Like everything we build at Atlassian, we depend on feedback from our integrations partners. Tell us what's working, what's missing, or where we can improve by leaving us some feedback in the Atlassian Developer Community.