Workspace Access Tokens

Workspace Access Tokens are a premium feature. To learn about the Bitbucket Cloud Premium plan, visit: Bitbucket Cloud Premium.

Workspace Access Tokens are per-workspace passwords used for scripting tasks and integrating tools (such as CI/CD tools) with Bitbucket Cloud. Workspace Access Tokens are designed for use with a single application with limited permissions, so they don't require two-step verification (2SV, also known as two-factor authentication or 2FA). Workspace Access Tokens are not tied to a user's account but are connected to a Bitbucket workspace, restricting the token's access to a single workspace and any projects/repositories under that workspace, providing a more secure solution than user-based authentication methods such as App passwords.

Workspace Access Token features

Workspace Access Tokens have the following features:

They can be used to authenticate API calls.
They have limited permissions (scopes) specified when the access token is created.
They're intended to be single-purpose rather than reusable.
They're encrypted on our database and can't be viewed by anyone.

Workspace Access Token limitations

Workspace Access Tokens have the following limitations:

They can't be viewed or edited after they are created. They are intended to be replaced with a new access token rather than recovered or modified.
They can't be used to log in to your Bitbucket account at bitbucket.org.
They don't expire and have no expiry date. They will stop working when they are revoked.
They can't be used to manage or interact with any other workspace.

Was this helpful?

It wasn't accurate

It wasn't clear

It wasn't relevant

Still need help?

The Atlassian Community is here for you.

Ask the Community