# Configure Bitbucket Posting User

### Prerequisites

The Bitbucket posting user must be created by an individual on your team with the following administrative permissions:

* [ ] A HackerOne Code user account with an Owner role for the organization in question.
* [ ] An Admin role on your Bitbucket Server instance.

### Create Posting User

Log in to your Bitbucket instance as an administrator and create a new user with the username **PullRequest** or **HackerOne**. HackerOne Code will use this user to post scan results and validated issues.

Add the user to all of the repositories you want code review on. Be sure to grant the user **WRITE** permission so it's able to post comments.

{% hint style="success" %}
HackerOne Code will **DOES NOT** perform any code modification operations in your repositories. Read more about how we keep your data secure [here](https://www.pullrequest.com/security/).
{% endhint %}

<mark style="background-color:yellow;">**\*\*\*We strongly recommend adding the following image as the posting user's avatar**</mark>. This provides a much better end-user experience; it allows the service to be easily identified in the Bitbucket interface:

{% file src="<https://624363444-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LNMKNsDv2KL9GI5L5YY%2Fuploads%2F05SsuV99afZvtMeQpGj8%2Fhackerone-posting-user-avatar.jpg?alt=media&token=666bf255-4ddc-43d6-84d8-8b231d57da82>" %}

### Apply Bitbucket Access Token

Log in to Bitbucket as the user you just created.

{% hint style="info" %}
This may be easier in another browser or an incognito tab so you can remain logged in as the Bitbucket admin user.
{% endhint %}

Create a personal access token for the posting user in Bitbucket by opening <https://our-bitbucket.internal/plugins/servlet/access-tokens/manage> in the browser you were logged into as the PullRequest user.

The access token will need to have Projects **READ** and Repositories **WRITE** permissions.

![Creating a personal access token in Bitbucket](https://624363444-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LNMKNsDv2KL9GI5L5YY%2F-LNR819UWvpdnKt-st0x%2F-LNR8USEvuL_ef6zQ1Xm%2Fcreate-personal-access-token.png?alt=media\&token=13d73673-bd8c-415c-bc90-8c83202af05d)

Once generated, copy the personal access token to your clipboard so we can configure the connection to Bitbucket.

### Connecting PullRequest Proxy to Bitbucket

Now, it's time to return to that text file we're editing on the proxy server. Go ahead and set the following keys based on what was configured above.

```
PROVIDER_TYPE=bitbucket
PROVIDER_BASE_URL=https://our-bitbucket.internal
PROVIDER_USERNAME=PullRequest
PROVIDER_ACCESS_TOKEN=<access_token>
```

{% hint style="warning" %}
Make sure the **HackerOne Code Posting User's username** is spelled exactly as the username of the user that was created. We highly recommend "HackerOne" (all one word, PascalCase) to maintain communication consistency.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pullrequest.com/on-premise-server/configure-posting-user/configure-bitbucket-posting-user.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.