Get started with Bitbucket Cloud
New to Bitbucket Cloud? Check out our get started guides for new users.
Repository Access Tokens are per-repository passwords for scripting tasks and integrating tools (such as CI/CD tools) with Bitbucket Cloud. Repository Access Tokens are designed for use with a single application with limited permissions, so they don't require two-step verification (2SV, also known as two-factor authentication or 2FA). Repository Access Tokens are tied to a repository, not a user’s account. This restricts the token’s access to a single repository, providing a more secure solution than user-based authentication methods such as App passwords.
Repository Access Tokens have the following features:
They can be used to authenticate API calls.
They have limited permissions (scopes) specified when the access token is created.
They are intended to be single-purpose rather than reusable.
They are encrypted on our database and can't be viewed by anyone.
Repository Access Tokens have the following limitations:
They can't be viewed or edited after they are created. They are intended to be replaced with a new access token rather than recovered or modified.
They can't be used to log in to your Bitbucket account at bitbucket.org.
They don't expire and have no expiry date. They will stop working when they are revoked.
They can't be used to manage or interact with workspaces, projects, or any other repository.
Create a Repository Access Token
How to create a new Repository Access Token
Repository Access Token permissions
Descriptions of the scopes or permissions available for Repository Access Tokens
Using Repository Access Tokens
How to use Repository Access Tokens
Revoke a Repository Access Token
How do I deactivate or revoke a Repository Access Token
Was this helpful?