The new Bitbucket webhooks

By on June 24, 2015

Bitbucket webhooks are used by teams every day to test, analyze, deploy, and distribute great software to millions of people.

As Bitbucket webhooks are one of our most popular integration points, we’ve had the opportunity to gather lots of feedback regarding our webhook payloads, usage, and integrations.

We’ve listened to the community (check out public issues #7775, #5938, #4467, #6545 + more) and collaborated with CI vendors to make crucial improvements to this process.

We’re proud to announce the new Bitbucket webhooks.


The new webhooks can be accessed in your repository administration settings as shown in the image above. The webhooks provide a host of improvements over the previous, and soon-to-be deprecated “POST and Pull Request POST” hooks, which have now been renamed to “Services”.

Let’s look at some of the improvements and attributes of the new webhooks.

Fuller, more descriptive payload

Bitbucket webhooks now send more comprehensive information in the payload. For example, a repo:push event now includes detailed payload information about each and every reference that was updated:


Please visit our payload documentation for more examples of changes and improvements.

Better controls

We’ve added fine-grained control over the events you want to receive hooks for, such as repository, issue, and pull request events:


Improved troubleshooting

You can now troubleshoot malfunctioning webhooks more easily by reviewing the recent requests, including status codes and response times:



The new Bitbucket webhooks have been written from the ground up as a Connect add-on using our Atlassian Connect for Bitbucket platform, leveraging the same APIs for building powerful add-ons for extending Bitbucket.


This is just the beginning. We’ve got more features on the way, such as viewing request details (headers, event payloads, etc.), retrying requests, advanced queuing, and much more.

If you’re currently integrating with the old webhooks (renamed to “Services”), these will be deprecated soon. Please visit our payload documentation for the new payload descriptions.

Take the new Bitbucket webhooks for a spin – you can configure them in your repository settings. Are you inspired to build new, exciting integrations?  Clone our webhook-listener demo project to quickly get started with Bitbucket webhooks.

Atlassian Connect for Bitbucket: A new way to extend your workflow in the cloud

By on June 10, 2015

More than 3 million developers and 450,000 teams use Bitbucket to manage and collaborate on source code. But code collaboration is only a fraction of what software teams do on a daily basis to ship software.

Nowadays, shipping great software involves constant context switching using tools that don’t integrate tightly. Even when integrations are made, toolchains have to be painstakingly maintained on an ongoing basis with reams of messy bespoke integration code that has to be regularly re-written.

This is a challenge that development teams face every day. Most integration architectures available right now in the software industry only partially solve the problem. They only provide simple integration points that prevent teams from creating deeper integrations and a more unified workflow.

Not your average platform

To solve this problem, we’ve re-engineered Bitbucket into a platform that helps remove the interrupt-driven workflow and brings all the information to ship software in one place. Atlassian Connect for Bitbucket provides an integration architecture that embeds your add-ons right within the product UI creating a more unified workflow.

Here is a demo of code search enabled by the add-on built by Sourcegraph:


Why build using Atlassian Connect for Bitbucket?

If you’re still wondering why you should build an add-on using Atlassian Connect for Bitbucket, here are three reasons:

  1. Atlassian Connect is a next generation extensibility framework, providing much deeper integration than what is offered by standard REST APIs and webhooks.
  2. Add-ons are straightforward to implement. You can build an add-on in any language, on any stack, using any interface.
  3. You also can distribute your great add-ons to more than three million developers and 450,000 teams using Bitbucket.

Add-ons available for early preview

We couldn’t launch an integration platform without the help of the community. Here are previews of add-ons currently available on Bitbucket:

If you are currently a user of Bitbucket and want to take a sneak peak, click on your avatar, select “Manage Account”, and simply install these new add-ons by selecting “Find new add-ons” from the left menu.

Get started with Atlassian Connect for Bitbucket

It is now super-easy to extend Bitbucket so that you have the best workflow for your team. Click here for documentation to get started with Atlassian Connect for Bitbucket.

We look forward to seeing what exciting and interesting add-ons you build using Atlassian Connect for Bitbucket. Imagine the possibilities – happy developing!

Get Started

Bitbucket’s SSL certificate is changing for SHA-2

By on May 6, 2015

We’ll be replacing our main SSL certificate on May 8 at 00:00 UTC. The new certificate is signed with SHA-2, so Chrome and Firefox users will no longer see certificate warnings when they load any Bitbucket page.

Most users won’t notice the change, and won’t have to take any action. However, if you’re using Mercurial over HTTPS, you may see this error message:

abort: certificate for has unexpected fingerprint
(check hostfingerprint configuration)

If you see this error, you’ll need to update the host fingerprint for in your ~/.hgrc or Mercurial.ini configuration file:

[hostfingerprints] = 46:de:34:e7:9b:18:cd:7f:ae:fd:8b:e3:bc:f4:1a:5e:38:d7:ac:24

Thanks, and happy branching!

Mercurial: Onward and upward

By on April 30, 2015

Hi, I’m Sean, the newest member on the Bitbucket team. I currently work on Mercurial but come from a scientific background with the PETSc team. My responsibilities here are working on the backend but what I’m most excited about is improving Mercurial support.

I’ve been a contributor to Mercurial for about three years and have loved Mercurial for its human-friendly user interface and supportive community. Some of my work for Mercurial includes the addition of namespaces and improving the in-memory context object. I also wrote the experimental remotenames extension (to be added to core Mercurial in the future) and the most fun smb extension.

The future of Mercurial

In my time with Mercurial, I have seen it grow in fascinating ways. These include the concept of changeset evolution coming to life and the announcement of Facebook choosing Mercurial over Git. The future of Mercurial is that of scalability and because of that, I believe the best days of Mercurial are ahead.

Mercurial 3.4 Sprint at PyCon

Here at Bitbucket, with the support of the team, I’d like to build up relations with the community and the first step was attending the Mercurial 3.4 Sprint at PyCon in Montreal this year. There were many topics discussed: new manifest version, narrow checkouts, commit signing, obsolescence marker exchange, evolve UI, reflog equivalent, new path options, and remote bookmarks. Of these topics, manifests received the most attention. A new manifest format means we can enable checkouts of only a subdirectory (called a ‘narrow’ checkout). On top of that, it opens the door for only retrieving a truncated history (called a ‘shallow’ checkout). My personal favorites are the inclusion of remote bookmarks that will be built on top of the journal i.e. reflog equivalent, and the new path features i.e. the ability to define a custom revset for pushing to a particular path.

Here are some pictures from the event (photos by Ryan McElroy and me):




Celebrating Mercurial’s 10th anniversary

Now that I am here, with the support of Atlassian and the Bitbucket team, we will be improving relations with the Mercurial community by hosting many events this year. We begin with celebrating Mercurial’s 10th anniversary on Wed, May 6th by hosting the first official Bay Area Mercurial Meetup at Atlassian’s San Francisco office. We will have speakers from Google to talk about scaling Mercurial and Facebook to talk about why they picked Mercurial as the version control system and what this means for the future of Mercurial. Register immediately if you are interested since we can only accommodate 100 attendees. We look forward to seeing you next week with the rest of the Mercurial community.

[*Note: An earlier version had accidentally stated that Google had chosen Mercurial over Git but that is untrue. Google is working on Mercurial scalability, but also uses Git and contributes to Git development.]

Fare-thee-well, Digest access authentication

By on April 3, 2015


Today, we are deprecating support for Digest access authentication, or “Digest auth” on Bitbucket. Digest auth support is currently slated to be turned off on May 1st, 2015.

What is Digest authentication?

Digest auth (RFC-2617) is one of the older standardized methods of authenticating HTTP requests that was used to avoid sending a password in clear text, and to prevent replay attacks. Over unsecured channels it was (in the late 90s and early 00s) a much better approach than traditional Basic Auth. We have always offered Digest auth — currently under SSL only — as an alternative to Basic auth, but today very few users use it.

Why are we deprecating it?

Over the past couple of years, as SSL-only sites became the norm, having this end-to-end encryption has effectively made Digest auth obsolete. Today, Digest auth under SSL offers nothing over Basic Auth except added complexity and, in most cases, an additional round trip to request the necessary auth challenge.

Bitbucket has been SSL-only for years and we have been planning to deprecate Digest auth. In recent years, Bitbucket’s Digest auth support has been limited to select endpoints, and aimed at providing backwards compatibility with older clients only.

Next steps

As of May 1st, clients that exclusively support Digest auth will cease to work. This might affect some older curl-based scripts that use the `–digest` parameter. Simply removing that parameter will make curl use Basic auth (over SSL, of course) instead. For all users, we recommend using one of the more modern auth methods available.

OpenSSL Security Advisory

By on March 19, 2015

Bitbucket is not affected by the vulnerabilities announced by the OpenSSL project today. Two high severity security vulnerabilities CVE-2015-0291 and CVE-2015-0204 have been announced:

The CVE-2015-0291 vulnerability results in a potential denial of service attack against a server that requests a client’s certificate, which is not something that would happen in most circumstances as it is usually the client that requests the server’s certificate.

The CVE-2015-0204 vulnerability is a reclassification of the existing and well known FREAK vulnerability (CVE-2015-0204 & CVE-2015-1637), which allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.

Both vulnerabilities described in the OpenSSL security advisory posted at do not affect Bitbucket.

Snippets for teams are here with a rich set of APIs

By on March 18, 2015

Teams that use Bitbucket often want to share important information that isn’t part of their project repository – favorite regexes, config files, code snippets, homebrew recipes (beers, and the package manager). And yes – image, audio, video, and a host of other MIME types. Currently, there is no way to share such information via Bitbucket.

Snippets for teams

Today, we’re thrilled to announce Snippets, available now in Bitbucket,  to create and manage multi-file snippets of all kinds. We took a different approach than standard pastebin or gist – we built Snippets around teams. Snippets can be shared with your team, private to you, or fully public; you control read and write privileges. If you create a snippet owned by your team, the snippet will stay with the team forever, even after you leave that team.


Additional features

In Bitbucket, you’ll find a clean, easy interface to create, edit, version, and share Snippets. It’s media-friendly, supports drag-and-drop, and features syntax highlighting for over 90 programming languages.

Because Snippets are backed by Git or Mercurial repositories, power users can clone and edit them like any other distributed code repositories.

Rich set of APIs

You can use Snippets’ rich set of APIs to further extend functionality, and access the core set of features from desktop, mobile, and web apps. For example, this command line interface for creating, inspecting, and editing Bitbucket Snippets uses this python wrapper built on top of the Snippets API. For more info, please visit the Snippets API documentation: Snippets REST API

Snippets via command line

Most importantly, we have made it easy to create Snippets via the command line. Creating a snippet from your local file is just a single curl command:

$ curl -X POST{username or teamname} \
-u {username} -F file=@myawesomefile.txt

Got Snippets?

We hope you’re as excited as we are. We look forward to hearing from you in the comments below.

Coding in the cloud with Bitbucket

By on February 11, 2015

We are proud to announce the integration of several popular cloud IDEs into the Bitbucket experience. You are already managing, building, and deploying your code to the cloud; you can now code in the cloud as well. Your personally-configured cloud IDE and dev environments are now accessible to you on any machine anywhere, all connected to, and, most importantly, integrated with the familiar Bitbucket interface.

Today, we are launching integrations with Codio and Codeanywhere, since they meet Atlassian’s standards of quality and security. Integrations with other cloud IDE vendors will be available soon. You can now click on the repository view of Bitbucket to clone and edit files directly in Codio or Codeanywhere:


Cloud IDEs have come a long way in the past few years. The IDEs we have chosen to integrate with Bitbucket are solid, full-fledged development environments with desktop-quality coding experiences: resizing, context-coloring, navigation, and responsiveness. We believe that many developers will appreciate the code editing features, as well as the more advanced features of some of our partner cloud IDEs – automatic configuration of code libraries and build server & deployment integrations.


Cloud IDE integration is a one-click process. Just select the IDE partner of your choice from your Bitbucket users settings and authenticate. Bitbucket’s repository view page will now contain an additional option in the ‘develop’ menu: Open in your cloud IDE (‘Open in Codio’, for example).

More about our launch partners



Codio is the cloud-based IDE and publishing platform for teaching computer programming and computer science in schools, universities, and the vocational education sector worldwide.

Codio provides instant coding environments featuring rich code editing, a large portfolio of programming languages & other software components, dedicated virtual servers, advanced features for student administration, and a growing library of course content resources, all accessible anywhere through any browser.

“Codio has always focused on delighting users with instant access anywhere to a powerful web IDE, and with today’s integration we’re thrilled to extend that experience to Bitbucket.”

– Freddy May, CEO and founder, Codio.


Collaboration platform for developers. Codeanywhere’s powerful web IDE has all the features of a Desktop IDE but with additional features only a cloud application can give you.

“When Codeanywhere was just starting out, connecting to Bitbucket was one of the first feature requests our users had. Today I am ecstatic that Bitbucket will be integrating Codeanywhere, allowing their users to easily and seamlessly edit and write code, from anywhere.”

– Ivan Burazin, CEO, Codeanywhere.

Bitbucket: 2014 in review

By on February 5, 2015

Congrats to the New England Patriots for winning the Super Bowl. And what a heartbreaker for fans of the Seattle Seahawks! But it was a very close game and it could have gone either way. Both teams have a lot to celebrate. Just like any good football team reflects on their accomplishments at the end of the season, the Bitbucket team has a lot to celebrate, too. So we thought it would be fun to look back at what we achieved together in 2014. Thank you for making 2014 our best year yet and here’s to making 2015 even better.


New year, new features

By on January 30, 2015

It’s been a busy quarter for us at Bitbucket. As you may have noticed, Bitbucket is faster than ever, and even more reliable for our human users, cloning agents, and even for our robot friends who reach on behalf of CI systems and other integrations.

We also have a bunch of new features that have launched recently. Here’s a recap:

Merged pull requests in compare view

It’s often useful to see the pull request history when comparing a branch to master, or between tags. In this way you could see all the features (and fixes) that have been pushed from, say ‘staging’ to ‘deployed’ versions of your application, shown as a list of pull requests.

A tab called ‘Merged Pull Requests’ now appears alongside the familiar ‘Diff’ and ‘Commits’ tabs on all Compare and Branch results to list any pull requests that have been merged into the source, and you can now examine each of these pull requests with a single click.

Merged PRs at a glance

Introducing ‘Omnibar’ 

Sometimes you just can’t be bothered with your mouse. For the power users of Bitbucket, we’ve created the Omnibar, a one-stop shop for finding the things you want and taking action on them without ever having to leave your keyboard. Your repositories, pull requests, and issues are just a few keystrokes away. Just hit the period key to reveal Omnibar.


Ignore whitespace in diffs via URL

Depending on language and coder style, sometimes you do care about whitespace in diffs. But sometimes whitespace differences just clutter up the diff. Bitbucket now gives you the option to ignore whitespace in diffs.

Whenever you’re on a Bitbucket page showing a diff, you can add “w=1″ to the query string in the URL to force the diff engine to ignore whitespace when comparing lines. On reload, differences in the files where a given line has only unmatched whitespace will not be shown.


Custom tab size via URL

So, how wide should a tab be? It’s a matter of taste, and, if the discussions on our team are any example, of religious conviction. Now you can set all tabs in Bitbucket code displays to the width you believe is best by adding a “ts” query param to the URL and reloading the page.

For example, adding “ts=4″ to the query string of a URL will set the tab size to 4 spaces for all code on that page. The feature is currently supported in Chrome, Firefox, and Safari, but not Internet Explorer due to CSS limitations there.


Emoji Auto-complete

Sometimes, code comments, wiki pages, and readmes are just crying out for emoji. But who can remember ‘Face With Stuck-Out Tongue And Tightly-Closed Eyes?’ (表情(いー))

The many (many) emoji Unicode has to offer can now be entered in Bitbucket by ‘type-ahead’ when you type a ‘:’ followed by any part of the emoji description string (followed by a brief pause then pausing a bit). For example: typing ‘:ast’ will autosuggest a number of matching emoji including ‘:astonished:’ with the astonished face emoticon shown for your selection, ‘train’ will return all sorts of train emoticons.


Improved emoji

And, now, your emoji on Bitbucket are in high-res.

Bitbucket now supports the so-called ‘twemoji’ set used by Twitter and others, which cover the entire Unicode space with emoji in scalable, resolution-independent vectors. Previously, we were using a stagnant set of .png file emoji that simply scaled to twice their source size on high-dpi (including ‘retina’) screens, and didn’t map perfectly with modern Unicode characters. We render our new emoji set as native DOM images, and they look great in all modern browsers, including IE9.

Improved emoji