How to fetch the scope of a token via command line?

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

Sometimes, we need to verify the scope that an access token has to verify if it has more permissions or less permissions than required. One way to do this is by editing the access token from Workspace or Repository settings but this requires you to use the Bitbucket Web UI.

Solution

You can use the below command to fetch the scope of a token -

1 curl -I -H "Authorization: Bearer <token>" https://api.bitbucket.org/2.0/repositories ORcurl -I -H "Authorization: Bearer <token>" https://api.bitbucket.org/2.0/workspaces

Under x-oauth-scopes, you will see the scope of the token.

Example

Replace the token with the actual access token you would like to fetch the scope for in the below curl command. 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 curl -I -H "Authorization: Bearer <token>" https://api.bitbucket.org/2.0/repositories HTTP/2 200 date: Fri, 24 May 2024 14:48:04 GMT content-type: application/json; charset=utf-8 content-length: 33460 server: AtlassianEdge vary: Authorization, Origin, cookie, user-context, Accept-Encoding x-accepted-oauth-scopes: repository:write x-used-mesh: False x-credential-type: repo_access_token x-asap-succeeded: True x-oauth-scopes: repository:write x-view-name: bitbucket.apps.repo2.api.v20.repo.AllRepositoriesHandler x-dc-location: Micros-3 x-served-by: 9rri150EirG9 x-version: 9rri150EirG9 x-static-version: 9rri150EirG9 x-request-count: 2422 x-render-time: 0.4020509719848633 x-b3-traceid: i650JWcvz2yj9GSMeBhBcHXt9CLCX2n6 x-b3-spanid: i650JWcvz2yj9GSMeBhBcHXt9CLCX2n6 x-frame-options: SAMEORIGIN cache-control: private x-usage-user-time: 0.167439 x-usage-system-time: 0.004914 x-usage-input-ops: 0 x-usage-output-ops: 8 x-trace-id: i650JWcvz2yj9GSMeBhBcHXt9CLCX2n6 strict-transport-security: max-age=31536000; includeSubDomains; preload api-via-stargate: True x-content-type-options: nosniff x-xss-protection: 1; mode=block atl-traceid: i650JWcvz2yj9GSMeBhBcHXt9CLCX2n6 report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600} nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}

You can see the scope in the line - x-oauth-scopes: repository:write

Updated on February 25, 2025
Platform
Cloud only
Product
Bitbucket Cloud
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community