Managing HTTP access tokens

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Project and repository administrators can create HTTP access tokens for their projects and repositories. Users can create personal HTTP access tokens and use them in place of passwords for Git over HTTPS, or to authenticate when using the Bitbucket Data Center and Server REST API. As an administrator, you can edit and revoke tokens, and set global token settings.

Editing and deleting tokens

As an administrator, you can’t create tokens for users. However, once a user has created a token, you can edit or delete it.

To edit or delete a personal HTTP token:

  1. Go to  > Users.

  2. Search for the user and click on them.

  3. Open the HTTP access tokens tab.

  4. Select Edit or Delete.

To edit or delete a project or repository's HTTP token:

  1. From either the Project or Repository settings, select HTTP access tokens.
  2. Select Edit or Delete.

Selecting Edit will allow you to change a token’s name or its permissions. If it has an expiry date, however, you will not be able to modify it. Once a token’s expiry date has been set, it can’t be changed.

Require token expiry

By default, when a user is creating a personal access token, they can choose whether they want it to expire. As a system administrator, for added security you can make setting a token expiry a requirement.

To require token expiry:

  1. Go to  > Keys and tokens (under System).

  2. Select Yes for Automatic expiry.

  3. Enter the HTTP access token expiry (in days).

  4. Select Save.

Last modified on Feb 7, 2023

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.