Add an API token to Sourcetree or another application

For 3rd party applications that use currently App passwords to authenticate with Bitbucket, you can migrate to API tokens by replacing the username with your Atlassian email and substitute your app password with a newly generated API token.

To get started using API tokens with Sourcetree, you'll need to create the API token in Bitbucket Cloud and specify the necessary scope to connect to your account, view your workspaces, and work with your repositories in Sourcetree.

Create an API token with scopes

  1. Select your profile in the upper-right corner of the top navigation bar.

  2. Under Account settings.

  3. From the Atlassian Account page, select the Security tab on the top navigation bar.

  4. Select Create and manage API tokens.

  5. Select Create API token with scopes. If you want to be able to authenticate against your user account, view your data, and work with your repositories (clone/push/pull to the repoository and work with pull requests (optional), you will need to select all of the following scopes: 
    read:user:bitbucket
    read:workspace:bitbucket
    read:repository:bitbucket
    write:repository:bitbucket
    read:pullrequest:bitbucket (optional)
    write:pullrequest:bitbucket (optional)
    More information on scopes can be found in our API scopes documentation.

  6. Give the API token a name and an expiry date, usually related to the application that will use the token and select Next.

  7. Select Bitbucket as the app and select Next.

  8. Select the scopes (permissions) the API token needs and select Next. For detailed descriptions of each permission, see: API Token permissions. Note: This step is required for your API token to access Bitbucket APIs or perform Git commands.

  9. Review your token and select the Create token button. The page will display the New API token.

  10. Copy the generated API token and either record or paste it into the application you want to give access.

Configure Sourcetree to work with your API token

To add your API token to Sourcetree:

Before you begin

Make sure you're on at least Sourcetree v4.2.14 (Mac) or Sourcetree v3.4.24 (Windows) by selecting Check for Updates and installing the necessary version or any updates. These versions and above fully support API tokens, and thus, you will need to update to the latest version, as you will encounter issues with older versions. You can confirm that the update was successful by selecting About Sourcetree and checking the version.

  1. Go to the tab where you'll add or edit your account details:

    1. (Windows) Go to Tools, then Options. From the Options dialog, select the Authentication tab.

    2. (macOS) Go to Sourcetree, then Preferences. From the dialog that options, select the Accounts tab.

  2. Select Edit to edit your account details or Add to add a new one.

  3. Select Bitbucket as the host.

  4. Select API Token as the Auth Type.

  5. Enter the user email associated with your Bitbucket Cloud user account into the User Email field.

  6. Paste your API token from above into the API Token field.

  7. Select OK or Save to save your account details.

Cloning a repository in Sourcetree

  1. Once you’re ready to clone a new remote repository, select the Remote tab.

  2. Find the repository you wish to clone and select the Clone button. This will clone the repository using the API token that you've configured in Sourcetree.

Working with existing repositories

By updating your configuration with your API token, Sourcetree will automatically update the remote repository authentication, so you may continue working with these repositories as normal.

Other considerations

As API tokens have a configurable expiry date, once the expiry date has passed, you will need to create a new API token and configure your settings in Sourcetree to reflect this new token as outlined in the above processes.

Renovate

To add your API token to the Renovate bot:

  1. Set your API token as a password in your config.js file.

  2. Set your API token as an environment variable RENOVATE_PASSWORD.

  3. Set your API token when you run Renovate in the CLI with --password=.

  4. Set the username for the bot account as your Atlassian email.

Other third-party applications

To add your API token to another application, see the application's documentation for how to apply the API token.

For other applications that use App passwords to authenticate with Bitbucket, replace your username with your Atlassian email and substitute your previous app password with a newly generated API token.

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageCreate an API token with scopesConfigure Sourcetree to work with your API tokenCloning a repository in Sourcetree Other considerationsRenovateOther third-party applications
CommunityQuestions, discussions, and articles