In the Authentication section of REST API Modules documentation https://developer.atlassian.com/server/bitbucket/rest/v814/intro/ it is described

Any authentication that works against Bitbucket Data Center will work against the REST API. The preferred authentication methods are HTTP Basic (when using SSL) and OAuth. Other supported methods include: HTTP Cookies and HTTP Access Tokens

Such a description might give the impression that HTTP Access Tokens can be used instead of other types of authentication. However, the scope of HTTP Access Tokens at the moment is limited to the Project permissions level.

The following rephrasing would solve the ambiguity:

Any authentication that works against Bitbucket Data Center will work against the REST API. The preferred authentication methods are HTTP Basic (when using SSL) and OAuth. Other supported methods include: HTTP Cookies and HTTP Access Tokens (for project and repository level APIs)