Android

Fixing Bitbucket’s “CHANGE-3222” App Password Error on Windows (Android Studio)

If you’re pushing to Bitbucket and suddenly seeing this in your terminal or Android Studio’s Git panel:

remote: CHANGE-3222 - Functionality has been deprecated
remote: App passwords are deprecated and must be replaced with API tokens.
remote: https://developer.atlassian.com/cloud/bitbucket/changelog#CHANGE-3222
fatal: unable to access 'https://bitbucket.org/yourteam/yourrepo.git/': The requested URL returned error: 410

…you’re not alone. Atlassian has been rolling out the deprecation of app passwords in favor of API tokens, with brownouts starting mid-2026 and full removal following shortly after. Here’s how I fixed it on Windows with Android Studio’s built-in Git.

Why this happens

Bitbucket app passwords are being retired in favor of API tokens. Git operations that previously authenticated with an app password now get rejected with a 410 Gone error instead of working as before.

One subtlety that tripped me up: if you check Windows Credential Manager and don’t see a bitbucket.org entry at all, that’s actually expected, not a bug. Git Credential Manager (GCM) only stores a credential after it successfully validates against Bitbucket’s API. Since the old app password was already failing, GCM never had a successful auth to cache — so there was nothing to see.

The fix

1. Generate a fresh API token

Go to https://id.atlassian.com/manage-profile/security/api-tokensCreate API token with scopes → select Bitbucket as the app → give it repository read + write scopes → set an expiry → copy the token immediately (it’s shown only once).

2. Force GCM to skip the OAuth prompt

GCM’s Bitbucket dialog has two tabs — a “Browser” tab for OAuth, and a token/password tab. To avoid landing on the wrong one, force basic auth mode:

powershell

git config --global credential.bitbucketAuthModes basic

3. Clear any stale cached credential

powershell

git credential-manager erase https://bitbucket.org

PowerShell gotcha: if you’re following older GCM docs that show a multi-line erase command with protocol=https / host=bitbucket.org piped in, PowerShell won’t accept plain newlines the way bash does — each line gets run as its own command and fails. Use the one-line form above instead, or if you need the multi-line stdin form, pipe it explicitly:

powershell

"protocol=https`nhost=bitbucket.org`n" | git credential-manager erase

4. Push again and enter the new credentials

powershell

git push

When prompted:

  • Username: your Bitbucket username (not your email — Bitbucket’s Git auth wants the username specifically, even though the API itself wants email)
  • Password: the API token you just generated

Once it succeeds, you’ll see a git:https://bitbucket.org entry appear in Windows Credential Manager, and Android Studio’s built-in Git will pick it up transparently from then on.

One more thing: tokens expire

Unlike the old app passwords, API tokens have a hard expiry — 90 days, 6 months, whatever you picked at creation. There’s currently no non-expiring option. When it lapses, you’ll get a normal 401 (not the CHANGE-3222 message), and the fix is the same three steps: erase the old cached entry, generate a new token, push again.


If you hit remote: unable to access ... 410 and the tips above don’t resolve it, check whether your remote URL has an old app password baked directly into it (git remote -v) — that bypasses the credential manager entirely and needs a separate fix (git remote set-url origin <clean-url>).

Leave a Reply

Your email address will not be published. Required fields are marked *