Retrieving single raw file from Bitbucket with token based authentication

Question

I successfully managed to retrieve my access token and refresh token following these suggestions, and I can also clone my private repositories using the access token. However, what I'm trying to do now is retrieving a single raw file from my private repository, using the same kind of token-based authentication. What I tried so far is:

curl "https://x-token-auth:{access_token}@bitbucket.org/michelezamuner/bpkg-test/raw/master/package.json"

but I get this error message:

This endpoint does not support token-based authentication

I actually don't even know if something like that is possible to do with Bitbucket in the first place, but I didn't find this explicitly forbidden anywhere. Do anyone know if this is possible, and how it could be done? Thanks!

Answer 1

Yes, to use the API with an OAuth 2 Bearer token, as per the spec, you should pass it along in any of the following ways (in descending order of preference):

• Authorization request header: Authorization: Bearer mF_9.B5f-4.1JqM (notice the lack of a username element)
• Form encoded body parameter (access_token) in application/x-www-form-urlencoded POSTs
• As a URI query parameter: /resource?access_token=mF_9.B5f-4.1JqM

Since Git and Mercurial don't work too well with these requirements, we invented the bogus x-token-auth username filler. However, that exists only for git/hg. All other parts of Bitbucket follow the OAuth 2 Bearer Token RFC.

Edit:

I realize now that you are not actually hitting the API. You are instead hitting one of our website's URLs. The API and the UI are different properties and OAuth is supported on the API only. The API lives under the api.bitbucket.org domain, while bitbucket.org is the website. The domains are not interchangeable.

Instead, try:

$ curl -H "Authorization: Bearer <token>" https://api.bitbucket.org/1.0/repositories/michelezamuner/bpkg-test/src/master/package.json