oauth Resource

We are deprecating this endpoint and it will be deleted soon. For more information on using Oauth see, OAuth on Bitbucket Cloud.

Overview

Use the oauth resource to create your own OAuth consumers. Oauth is an open standard for authorization. Oauth allows you to use Bitbucket a service provider. You can create a consumer with this API or using the OAuth Consumer option on the Account > Integrated Applications page. When creating consumers, Bitbucket generates a unique consumer key and secret for you. You cannot provide or change these yourself. A consumer has the following structure:

{
        "name": "bitbucket REST documentation",
        "url": null,
        "secret": "5X8xtavvLndf2XB4c9wfALBLRrrBYR5F",
        "key": "h3WHQGSvnWCRtSN1fp",
        "id": 167,
        "description": ""
}

The fields in this structure are the following:

Field Description
name User facing name for the key. This field is required to create a key.
url The local of the service using the key. This is optional.
secret This is generated by the Bitbucket service.You cannot create or change this.
key This is generated by the Bitbucket service.You cannot create or change this.
id A unique id for the consumer. This is generated by Bitbucket and you cannot change this.
description User facing description for the key.

With an OAuth consumer, third-party applications can integrate with Bitbucket and make authenticated requests on behalf of its end users.

The Bitbucket service supports:

  • OAuth 1.0a with HMAC-SHA1 (shared secret) signatures, using both 3-Legged and 2-Legged OAuth. RSA-SHA1 (public/private keys) is not currently supported.
  • OAuth 2 and all 4 of RFC-6749's grant flows.

Consumers are tied to a Bitbucket account. This is important only when making 2-Legged requests. 2-legged requests lack an end-user specific access token; the Bitbucket service authenticates these as the user who owns the consumer.

Encoding

This resource accepts both regular form posts (Content-Type:  application/x-www-form-urlencoded) as illustrated above, but also JSON request bodies. JSON request bodies should follow  the same layout as the responses from the examples below. When using JSON request bodies, make sure to send the appropriate Content-Type: application/json request header.

GET all OAuth consumers

Gets the OAuth consumers currently configured on user's account. This call requires authentication. The caller must authenticate as the owner for an individual account or  as a user with administrative rights for a team account. This call takes the following parameters:

Parameter Required Description
accountname Yes The name of an individual or team account.
GET https://api.bitbucket.org/1.0/users/{accountname}/consumers
  Click here to expand...
[
    {
        "id": 165,
        "secret": "pMDhe2QMGzNEyVAuH46nnjfNULa8Sq8R",
        "name": "fdhgfgAASD",
        "key": "EE8npgGuWp9Q2ykcaE",
        "description": ""
    },
    {
        "id": 166,
        "secret": "5XQT2yfYrwuW5M8Sn9Euh9VqtwHenjw4",
        "name": "fdhgfgAASD",
        "key": "mkHxpx9dqYPkZdw8WT",
        "description": ""
    }
]

POST new OAuth consumers

Creates a new OAuth consumer for an individual or team account. The caller must authenticate as the owner for an individual account or  as a user with administrative rights for a team account. This will return a 201 status code on success, with the contents of the new consumer. When creating consumers, Bitbucket will generate a unique consumer key and secret for you. You cannot provide or change these yourself. This call takes the following parameters:

Parameter Required? Description
accountname Yes The name of an individual or team account.
name Yes A display name for the key.
description No A description of the key.
url No The location of the service that will use the key.
POST https://api.bitbucket.org/1.0/users/{accountname}/consumers --data name=value&description=value&url=value"
{
    "id": 165,
    "secret": "pMDhe2QMGzNEyVAuH46nnjfNULa8Sq8R",
    "name": "MyApp",
    "key": "EE8npgGuWp9Q2ykcaE",
    "description": "Description of MyApp"
}

Update an OAuth consumers

Updates an existing OAuth consumer for an individual or team account. The caller must authenticate as the owner for an individual account or as a user with administrative rights for a team account. When creating consumers, Bitbucket will generate a unique consumer key and secret for you. You cannot provide or change these yourself. This call takes the following parameters:

Parameter Required? Description
accountname Yes The name of an individual or team account.
name Yes A display name for the key.
description No A description of the key.
url No The location of the service that will use the key.
key_id Yes The id of the key to update.

If you do not supply a description or url, the system removes the content of that field.

PUT https://api.bitbucket.org/1.0/users/{accountname}/consumers/{key_id} --data name=value&description=value&url=value"
$ curl --request PUT --user evzijst:password https://api.bitbucket.org/1.0/users/evzijst/consumers/165 --data name=MyApp2
{
    "id": 165,
    "secret": "pMDhe2QMGzNEyVAuH46nnjfNULa8Sq8R",
    "name": "MyApp2",
    "key": "EE8npgGuWp9Q2ykcaE",
    "description": ""
}

DELETE OAuth consumers

Deletes an existing OAuth consumer for an individual or team account. The caller must authenticate as the owner for an individual account or as a user with administrative rights for a team account. This call takes the following parameters:

Parameter Required? Description
accountname Yes The name of an individual or team account.
key_id Yes The id of the key to update.
DELETE  https://api.bitbucket.org/1.0/users/{accountname}/consumers/{key_id}

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport