Migration from App Passwords to API Tokens
Starting September 9th, 2025, Bitbucket will disable the use of app passwords for authentication.
This change is part of Atlassian’s ongoing effort to strengthen account security by phasing out weaker authentication methods and moving to API tokens, which offer finer-grained access controls and better security practices. Important: No changes are taking effect immediately, and existing integrations using app passwords will continue to function without interruption. However, this change is time-sensitive, with a 12-month transition period. Integrations with app passwords will stop working entirely on June 9, 2026.
Impact on Existing sync Providers
If you already have a Bitbucket sync provider connected with an app password, it will continue to work after September 9th. However, users will be unable to add new Bitbucket sync providers using App passwords. We highly recommend migrating from app passwords to API tokens. Read more here for scopes on API tokens.
Migration steps
Open the sync provider settings, go to your list of configured sync providers
Find the bitbucket sync provider using App passwords(we will highlight that in red for your view, along with the warning, 'App Password migration required')

Click on Migrate to API Tokens
Your form will open with all existing details, except app passwords

Add an API Token generated from Atlassian
Replace user name with user email
Click on save to complete the migration of your existing sync from App passwords to API tokens
Repeat the above steps for any other existing Bitbucket syncs with App passwords
Last updated
Was this helpful?