Get started with Bitbucket Cloud
New to Bitbucket Cloud? Check out our get started guides for new users.
Workspace Access Tokens are a premium feature. To learn about the Bitbucket Cloud Premium plan, visit: Bitbucket Cloud Premium.
Workspace Access Tokens are single-purpose, workspace-based access tokens that can be created with limited scopes (or permissions). The following types of scope are available for Workspace Access Tokens:
To determine which scopes (permissions) the Workspace Access Token will need, look up the APIs you need in the Bitbucket Cloud Developer Documentation.
Repository permissions provide access to view or modify Bitbucket Cloud repositories. Bitbucket Cloud allows the following repository permission levels:
Read
Write
Admin
Delete
Equivalent to the repository API scope.
Provides access to view repositories, including the source code. This does not include pull requests.
Equivalent to the repository:write API scope.
Provides access to modify repositories, including the source code. This does not include pull requests.
Equivalent to the repository:admin API scope.
Provides access to administrator access to repositories. This permission (scope) allows the user to:
View and manipulate committer mappings.
List and edit deploy keys.
Ability to delete the repositories.
View and edit repositories permissions.
View and edit branch permissions.
List and edit default reviewers.
List and edit repository links (such as Jira, Bamboo, and custom links).
List and edit the repository webhooks.
Initiate a repository ownership transfer.
Equivalent to the repository:delete API scope.
Provides access to delete repositories.
Project permissions provide access to view or modify Bitbucket Cloud Projects. Bitbucket Cloud allows the following project permission levels:
Read
Admin
Equivalent to the project API scope.
Provides access to view the project or projects and read access (repository) to the repositories in the project.
Equivalent to the project:admin API scope.
Provides administrative access to a project or projects. No distinction is made between public and private projects. This scope doesn't implicitly grant the project scope or the repository:write scope on any repositories under the project. It gives access to the admin features of a project only, not direct access to the project’s repositories. This scope provides access to:
create a project
update a project
delete a project
Pull request permissions provide access to view or modify Bitbucket Cloud pull requests. Bitbucket Cloud allows the following pull request permission levels:
Read
Write
Equivalent to the pullrequest API scope.
Provides access to view and list pull requests. This permission (scope) also allows the user to create and resolve tasks.
Equivalent to the pullrequest:write API scope.
Provides access to create, comment, approve, decline, and merge pull requests.
The Webhooks permission provides read and write access to existing webhooks, allowing for the creation of webhooks when combined with other permissions. For details, see: Bitbucket Cloud REST APIs — Webhooks.
Equivalent to the webhook API scope.
Required for webhook operations. Additional API scopes may be required. For details, see: Bitbucket Cloud REST APIs — Webhooks.
Pipelines permissions provide access to view or control Bitbucket Pipelines. Bitbucket Cloud allows the following pipeline permission levels:
Read
Write
Edit variables
Equivalent to the pipeline API scope.
Provides access to view the pipelines, steps, deployment environments, and variables.
Equivalent to the pipeline:write API scope.
Provides access to stop, rerun, resume, and manually trigger pipelines.
Equivalent to the pipeline:variable API scope.
Provides access to create pipelines environmental variables in repositories and deployments.
Runners permissions provide access to view or modify Bitbucket Pipelines Runners for a repository or repositories. Bitbucket Cloud allows the following pipeline runner permission levels:
Read
Write
Equivalent to the runner API scope.
Provides access to view the pipelines runners for a repository or repositories.
Equivalent to the runner:write API scope.
Provides access to create, edit, disable, and delete pipelines runners for a repository or repositories.
Account permissions provide access to view the user’s Bitbucket Cloud account or workspace details.
Equivalent to the account API scope.
When used for:
user-related APIs — Gives read-only access to the user's account information. Note that this doesn't include any ability to change any of the data. This scope allows you to view the user's:
email addresses
language
location
website
full name
SSH keys
user groups
workspace-related APIs — Grants access to view the workspace's:
users
user permissions
projects
Was this helpful?