I’m seeing some inconsistent behavior with the Bitbucket REST API. I’m hesitant to say this is a bug, but something certainly isn’t adding up.
I’m using User A’s Bitbucket access token, and calling the teams/{username}/members API to list the members of a Bitbucket Team.
https://developer.atlassian.com/bitbucket/api/2/reference/resource/teams/{username}/members
This works as expected, returning a paginated list of team members along with their role and user UUIDs. The response is returning User B’s UUID, stating that User B is a member of the Bitbucket Team.
I then want to double-check / confirm User B is a member of the Bitbucket Team. I use User B’s Bitbucket access token and call the /user/permissions/teams endpoint. This returns all of the teams the user has permissions to.
https://developer.atlassian.com/bitbucket/api/2/reference/resource/user/permissions/teams
However, for that second API call I am getting a 200 response with an empty array of memberships. In other words, to User B at least, it appears that they are not a member of any Bitbucket Teams. However, according to User A when looking up the members of a given Team, User B is an actual member.
These API calls work fine for a SaaS product I work on. However, for a particular Bitbucket Team and user I’m getting this different behavior.
Could it be some subtle aspect of the particular user’s role in the Team or something? What other steps can I take to troubleshoot/investigate this issue?