If you’re pushing to Bitbucket and suddenly seeing this in your terminal or Android Studio’s Git panel:
remote: CHANGE-3222 - Functionality has been deprecated
remote: App passwords are deprecated and must be replaced with API tokens.
remote: https://developer.atlassian.com/cloud/bitbucket/changelog#CHANGE-3222
fatal: unable to access 'https://bitbucket.org/yourteam/yourrepo.git/': The requested URL returned error: 410
…you’re not alone. Atlassian has been rolling out the deprecation of app passwords in favor of API tokens, with brownouts starting mid-2026 and full removal following shortly after. Here’s how I fixed it on Windows with Android Studio’s built-in Git.
Why this happens
Bitbucket app passwords are being retired in favor of API tokens. Git operations that previously authenticated with an app password now get rejected with a 410 Gone error instead of working as before.
One subtlety that tripped me up: if you check Windows Credential Manager and don’t see a bitbucket.org entry at all, that’s actually expected, not a bug. Git Credential Manager (GCM) only stores a credential after it successfully validates against Bitbucket’s API. Since the old app password was already failing, GCM never had a successful auth to cache — so there was nothing to see.
The fix
1. Generate a fresh API token
Go to https://id.atlassian.com/manage-profile/security/api-tokens → Create API token with scopes → select Bitbucket as the app → give it repository read + write scopes → set an expiry → copy the token immediately (it’s shown only once).
2. Force GCM to skip the OAuth prompt
GCM’s Bitbucket dialog has two tabs — a “Browser” tab for OAuth, and a token/password tab. To avoid landing on the wrong one, force basic auth mode:
powershell
git config --global credential.bitbucketAuthModes basic
3. Clear any stale cached credential
powershell
git credential-manager erase https://bitbucket.org
PowerShell gotcha: if you’re following older GCM docs that show a multi-line
erasecommand withprotocol=https/host=bitbucket.orgpiped in, PowerShell won’t accept plain newlines the way bash does — each line gets run as its own command and fails. Use the one-line form above instead, or if you need the multi-line stdin form, pipe it explicitly:powershell
"protocol=https`nhost=bitbucket.org`n" | git credential-manager erase
4. Push again and enter the new credentials
powershell
git push
When prompted:
- Username: your Bitbucket username (not your email — Bitbucket’s Git auth wants the username specifically, even though the API itself wants email)
- Password: the API token you just generated
Once it succeeds, you’ll see a git:https://bitbucket.org entry appear in Windows Credential Manager, and Android Studio’s built-in Git will pick it up transparently from then on.
One more thing: tokens expire
Unlike the old app passwords, API tokens have a hard expiry — 90 days, 6 months, whatever you picked at creation. There’s currently no non-expiring option. When it lapses, you’ll get a normal 401 (not the CHANGE-3222 message), and the fix is the same three steps: erase the old cached entry, generate a new token, push again.
If you hit remote: unable to access ... 410 and the tips above don’t resolve it, check whether your remote URL has an old app password baked directly into it (git remote -v) — that bypasses the credential manager entirely and needs a separate fix (git remote set-url origin <clean-url>).