[BSERV-10482] Create admin personal tokens for admin endpoints in Bitbucket Server REST API

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: API - REST
Labels:
- personal-access-token

UIS:
337
Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Problem Definition

In Bitbucket Server 5.5 personal access tokens have been introduced. They can be used to replace passwords over https, or to authenticate using the Bitbucket Server REST API over Basic Auth. However the tokens cannot be used for administrative access REST endpoints like /rest/access-tokens/latest/users/admin or
/rest/api/1.0/admin/permissions/groups

The error message: Tokens may not have the following permission: ADMIN

Why this is important

Using tokens for the system management automation is more comfortable and secure rather than login-password authentication.

is related to

BSERV-12791 Add the ability to create projects via REST API using Personal Access Token Auth

Gathering Interest

relates to

BSERV-19635 Provide more explicit documentation on HTTP Access tokens for REST API

Gathering Interest

causes: PS-89420 You do not have permission to view this issue

mentioned in: Page Failed to load; Page Failed to load

Nitin Sharma added a comment - 14/Jan/2025 1:11 PM

https://getsupport.atlassian.com/browse/PSSRV-153790

Nitin Sharma added a comment - 14/Jan/2025 1:11 PM https://getsupport.atlassian.com/browse/PSSRV-153790

Anton Shaleev added a comment - 31/Dec/2024 2:52 PM

It is not a 100% solution but as a workaround, you can use OAuth2 tokens for Bitbucket 7.21 and newer.
https://confluence.atlassian.com/bitbucketserverkb/how-to-use-oauth2-tokens-for-administrative-endpoints-of-bitbucket-data-center-1489469945.html

Anton Shaleev added a comment - 31/Dec/2024 2:52 PM It is not a 100% solution but as a workaround, you can use OAuth2 tokens for Bitbucket 7.21 and newer. https://confluence.atlassian.com/bitbucketserverkb/how-to-use-oauth2-tokens-for-administrative-endpoints-of-bitbucket-data-center-1489469945.html

Travis Sharp added a comment - 03/Apr/2024 8:41 PM

Using tokens instead of basic auth has become the standard for our development. Our security team wants to enforce this as a standard across our footprint. I need this in place to remain compliance with our audit department.

Travis Sharp added a comment - 03/Apr/2024 8:41 PM Using tokens instead of basic auth has become the standard for our development. Our security team wants to enforce this as a standard across our footprint. I need this in place to remain compliance with our audit department.

Jason Kemp added a comment - 19/Apr/2023 12:51 AM

Using tokens instead of username/passwords is a way to improve security. So, for the endpoints that should have the most security associated with them, we can't use tokens? Who decided that?

System Admin should just be another level selectable when creating the token.

Jason Kemp added a comment - 19/Apr/2023 12:51 AM Using tokens instead of username/passwords is a way to improve security. So, for the endpoints that should have the most security associated with them, we can't use tokens? Who decided that? System Admin should just be another level selectable when creating the token.

Antoine Lemaitre added a comment - 09/Mar/2019 2:58 PM

Hi,

For security purpose, it should be available, because we must use passwords instead of tokens to authenticate in our admin scripts.

Antoine Lemaitre added a comment - 09/Mar/2019 2:58 PM Hi, For security purpose, it should be available, because we must use passwords instead of tokens to authenticate in our admin scripts.

Imran Khan added a comment - 22/Dec/2017 2:35 AM

Hi ashaleev

Thanks for the suggestion. We decided not include this permission in the personal tokens due to security reasons. Allowing more permissions for tokens is not on our short term roadmap but, can reconsider based on feedback and comments form all the users. I'm opening this issue.

Imran Khan added a comment - 22/Dec/2017 2:35 AM Hi ashaleev Thanks for the suggestion. We decided not include this permission in the personal tokens due to security reasons. Allowing more permissions for tokens is not on our short term roadmap but, can reconsider based on feedback and comments form all the users. I'm opening this issue.

Bitbucket Data Center

Create admin personal tokens for admin endpoints in Bitbucket Server REST API

Problem Definition

Suggested Solution

Why this is important

Bitbucket Data Center

Details

Description

Problem Definition

Suggested Solution

Why this is important

Attachments

Issue Links

Forms

Activity

[BSERV-10482] Create admin personal tokens for admin endpoints in Bitbucket Server REST API

Collapse comment: Nitin Sharma added a comment - 14/Jan/2025 1:11 PM

Expand comment: Nitin Sharma added a comment - 14/Jan/2025 1:11 PM

Collapse comment: Anton Shaleev added a comment - 31/Dec/2024 2:52 PM

Expand comment: Anton Shaleev added a comment - 31/Dec/2024 2:52 PM

Collapse comment: Travis Sharp added a comment - 03/Apr/2024 8:41 PM

Expand comment: Travis Sharp added a comment - 03/Apr/2024 8:41 PM

Collapse comment: Jason Kemp added a comment - 19/Apr/2023 12:51 AM

Expand comment: Jason Kemp added a comment - 19/Apr/2023 12:51 AM

Collapse comment: Antoine Lemaitre added a comment - 09/Mar/2019 2:58 PM

Expand comment: Antoine Lemaitre added a comment - 09/Mar/2019 2:58 PM

Collapse comment: Imran Khan added a comment - 22/Dec/2017 2:35 AM

Expand comment: Imran Khan added a comment - 22/Dec/2017 2:35 AM

People

Dates

Backbone Issue Sync