Access tokens for a workspace

Access tokens for a workspace are per-workspace passwords used for scripting tasks and integrating tools (such as CI/CD tools) with Bitbucket Cloud. Access tokens are designed for use with a single application with limited permissions, so they don't require two-step verification (2SV, also known as two-factor authentication or 2FA). Access tokens for a workspace are not tied to a user's account but are connected to a Bitbucket workspace, restricting the token's access to a single workspace and any projects/repositories under that workspace, providing a more secure solution than user-based authentication methods such as App passwords.

Workspace-level access token features

Access tokens for a workspace have the following features:

• They can be used to authenticate API calls.

• They have limited permissions (scopes) specified when the access token is created.

• They're intended to be single-purpose rather than reusable.

• They're encrypted on our database and can't be viewed by anyone.

• They can have an expiry date.

Workspace-level access token limitations

Access tokens for a workspace have the following limitations:

• They can't be viewed or edited after they are created. They are intended to be replaced with a new access token rather than recovered or modified.

• They can't be used to log in to your Bitbucket account at bitbucket.org.

• They will stop working when they are revoked.

• They can't be used to manage or interact with any other workspace.