How to Test Bitbucket Webhooks
Capture Bitbucket push, pull request, and Pipelines build events in real time — inspect every delivery header before writing your handler.
TL;DR: Get a free URL from requex.me, go to Bitbucket Repository Settings → Webhooks → Add webhook, paste the URL, choose triggers, and push a commit or open a PR. The full JSON payload — including the X-Event-Key header — appears in Requex instantly.
What Bitbucket Sends
Bitbucket webhooks send one event per POST request — no batching. The event type is identified by the X-Event-Key header, not a field in the body. Always read the header to route events in your handler.
| Event Key | Trigger | Use Case |
|---|---|---|
repo:push | Commits pushed to any branch | CI/CD triggers, auto-deploy, notifications |
pullrequest:created | New PR opened | Review reminders, auto-assign reviewers |
pullrequest:fulfilled | PR merged | Deploy triggers, changelog generation |
pullrequest:rejected | PR declined or closed without merge | Metrics tracking, notifications |
issue:created | New issue created in the repo | Project sync, triage automation |
build:updated | Pipelines build status changes | Build status badges, deploy gates |
Step 1 — Generate a Requex Endpoint
Open requex.me and copy your unique URL:
https://requex.me/hook/a1b2c3d4-e5f6-7890-abcd-ef1234567890
Step 2 — Configure Bitbucket Webhook
- In Bitbucket Cloud, open your repository and go to Repository Settings (gear icon).
- In the left sidebar, find Webhooks under the Workflow section.
- Click Add webhook.
- Give the webhook a title (e.g., "Requex Dev Test").
- Paste your Requex URL into the URL field.
- Leave Status as Active.
- Under Triggers, select the events you want. For most use cases, start with Repository → Push, Pull Requests → Created and Fulfilled.
- Click Save. Bitbucket will immediately fire a test ping event — you'll see it arrive in Requex.
Step 3 — Trigger a Test Event
Push a commit to any branch in the repository:
git commit --allow-empty -m "test: trigger Bitbucket webhook" git push origin main
This fires a repo:push event. To test pull request events, create a branch, push it, and open a PR in the Bitbucket UI. The pullrequest:created event fires as soon as you submit the PR form.
Step 4 — Inspect the Payload
In Requex, click the incoming request and check both the Body and Headers tabs. A repo:push payload looks like:
// Headers — always check these first
X-Event-Key: repo:push
X-Request-UUID: a1b2c3d4-e5f6-7890-abcd-ef1234567890
Content-Type: application/json
// Body
{
"actor": {
"type": "user",
"display_name": "Jane Smith",
"account_id": "5b1234abc"
},
"repository": {
"type": "repository",
"name": "my-repo",
"full_name": "myteam/my-repo",
"links": { "html": { "href": "https://bitbucket.org/myteam/my-repo" } }
},
"push": {
"changes": [
{
"new": {
"type": "branch",
"name": "main",
"target": {
"hash": "abc123def456",
"message": "test: trigger Bitbucket webhook",
"author": { "raw": "Jane Smith <jane@example.com>" },
"date": "2026-04-05T12:00:00+00:00"
}
},
"old": { "name": "main", "target": { "hash": "xyz789" } },
"created": false,
"forced": false
}
]
}
}The X-Request-UUID header provides a unique delivery ID useful for deduplication. The push.changes array lists every ref that changed in the push — a single push to multiple branches results in multiple entries.
Bitbucket Security — No Signature on Cloud
Bitbucket Cloud does not add an HMAC signature header by default. This is a key difference from GitHub (which signs with X-Hub-Signature-256) and GitLab (which uses X-Gitlab-Token).
Bitbucket Cloud — Security options
Without a built-in signature, the recommended approach is to use a secret token in the URL as a query parameter:
https://yourapp.com/webhooks/bitbucket?secret=my-random-token-here
Validate this token in your handler and reject requests that don't include it. It's less secure than HMAC but better than no authentication.
Bitbucket Data Center / Server — Secret token
Bitbucket Data Center and Server support a Secret field when configuring webhooks. The secret is sent in the X-Hub-Signature header as an HMAC-SHA256 digest — similar to GitHub's signature format.
Common Issues
| Problem | Cause | Fix |
|---|---|---|
| Webhook shows "Failed" in Bitbucket | Endpoint returned non-2xx or timed out | Bitbucket expects a 2xx within 10 seconds — return 200 immediately and process asynchronously |
| PR events not arriving | Pull Request trigger group not selected | Edit the webhook and expand the Pull Requests trigger section to enable specific PR events |
| Wrong branch events arriving | No branch filter — all branches trigger | Check push.changes[0].new.name in your handler and ignore branches you don't care about |
Test Bitbucket Webhooks Free
Capture real Bitbucket push and PR payloads and inspect every delivery header. No signup required.
Open Requex →Related guides
Start Testing Webhooks Now
Generate your unique URL and test webhooks instantly. Free, no signup.
Open Webhook Tester →