API Token Setup Guide
This guide explains how to configure API tokens for the JIRA automation pipeline using Bitbucket Repository Variables.
๐ Bitbucket Repository Variables Setupโ
1. Access Repository Variablesโ
- Go to your Bitbucket repository
- Click Repository settings (gear icon)
- Under PIPELINES, click Repository variables
2. Get Required API Tokensโ
JIRA API Tokenโ
- Go to Atlassian Account Settings
- Click Create API token
- Enter a label (e.g., "Documentation Automation")
- Copy the generated token
Anthropic API Keyโ
- Go to Anthropic Console
- Navigate to API Keys
- Click Create Key
- Copy the key (starts with
sk-ant-api03-)
Note: Claude Code CLI requires an API key for authentication in pipeline environments.
Bitbucket Authenticationโ
Option 1: App Password (Recommended for pipelines)
- Go to Bitbucket Settings โ Personal Bitbucket settings
- Click App passwords
- Click Create app password
- Select permissions:
- Repositories: Read, Write
- Pull requests: Read, Write
- Issues: Read (optional)
- Copy the generated password
Option 2: Bearer Token (OAuth)
If using OAuth-based authentication, obtain a Bearer token through your OAuth application flow.
3. Configure Repository Variablesโ
Add these variables in Bitbucket Repository Variables:
| Variable Name | Type | Value | Description |
|---|---|---|---|
JIRA_URL | Regular | https://superna.atlassian.net | Your Atlassian instance URL |
JIRA_EMAIL | Regular | your-email@superna.com | Your Superna email address |
JIRA_API_TOKEN | Secured | ATATT3xFfGF0... | Your JIRA API token |
ANTHROPIC_API_KEY | Secured | sk-ant-api03-... | Your Anthropic API key |
BITBUCKET_BEARER_TOKEN | Secured | your-bearer-token | Bitbucket Bearer token (OAuth) - OR use Basic Auth below |
BITBUCKET_USERNAME | Regular | your-username | Bitbucket username (for Basic Auth) |
BITBUCKET_API_TOKEN | Secured | your-app-password | Bitbucket app password (for Basic Auth) |
BITBUCKET_WORKSPACE | Regular | superna | Bitbucket workspace |
BITBUCKET_REPO_SLUG | Regular | public-documentation | Repository name |
DEFAULT_REVIEWERS | Regular | john.doe,jane.smith | Default PR reviewers (optional) |
Note: For Bitbucket authentication, use either:
BITBUCKET_BEARER_TOKENfor OAuth Bearer token authentication, ORBITBUCKET_USERNAME+BITBUCKET_API_TOKENfor Basic authentication with app password
Important: Mark sensitive tokens as Secured to encrypt them.
4. Firebase Variables (Already Configured)โ
These should already exist for your Firebase deployment:
FIREBASE_SERVICE_ACCOUNT_ENCODED(Secured)
๐ง Pipeline Integrationโ
The pipeline will automatically use these variables when running the auto-documentation scripts. No additional configuration needed.
Auto-Doc Branch Workflowโ
- JIRA automation creates branch
auto-doc/ISSUE-KEY - Pipeline triggers automatically
- Scripts access Repository Variables
- Documentation generated and PR created
- JIRA updated with results
๐งช Testingโ
The pipeline includes environment validation:
- All required variables are checked
- API connections are tested
- Clear error messages if anything is missing
๐ Security Best Practicesโ
- โ Use Secured variables for all API tokens
- โ Limit API token permissions to minimum required
- โ Use service accounts where possible
- โ Regularly rotate API tokens
- โ Monitor API token usage
๐ง Troubleshootingโ
Common Issuesโ
"Authentication failed"โ
- Verify your email and API token are correct in Repository Variables
- Check if API token has expired
- Ensure you're using the correct JIRA URL
"Pipeline fails during Claude Code CLI execution"โ
- Check pipeline logs for Claude Code CLI installation issues
- Verify branch follows
auto-doc/ISSUE-KEYformat - Ensure JIRA issue has
auto-doclabel
"Bitbucket authentication required"โ
- Verify you have either:
BITBUCKET_BEARER_TOKENset, OR- Both
BITBUCKET_USERNAMEandBITBUCKET_API_TOKENset
- Check if the token/app password hasn't expired
- Verify the app password has correct permissions (Repositories: Write, Pull requests: Write)
- Ensure variables are marked as Secured
Getting Helpโ
- Check the pipeline logs in Bitbucket
- Verify all Repository Variables are configured
- Ensure Secured variables are properly encrypted
๐ Environment Variable Referenceโ
| Variable | Required | Type | Description | Example |
|---|---|---|---|---|
JIRA_URL | Yes | Regular | Your Atlassian instance URL | https://superna.atlassian.net |
JIRA_EMAIL | Yes | Regular | Your Atlassian account email | user@superna.com |
JIRA_API_TOKEN | Yes | Secured | JIRA API token | ATATT3xFfGF0... |
ANTHROPIC_API_KEY | Yes | Secured | Anthropic API key | sk-ant-api03-... |
BITBUCKET_BEARER_TOKEN | Conditional* | Secured | Bitbucket Bearer token (OAuth) | your-bearer-token |
BITBUCKET_USERNAME | Conditional* | Regular | Bitbucket username (Basic Auth) | your-username |
BITBUCKET_API_TOKEN | Conditional* | Secured | Bitbucket app password (Basic Auth) | your-app-password |
BITBUCKET_WORKSPACE | No | Regular | Bitbucket workspace | superna (default) |
BITBUCKET_REPO_SLUG | No | Regular | Repository name | public-documentation (default) |
DEFAULT_REVIEWERS | No | Regular | Default PR reviewers | john.doe,jane.smith |
* Bitbucket Authentication: Either BITBUCKET_BEARER_TOKEN OR (BITBUCKET_USERNAME + BITBUCKET_API_TOKEN) is required.