On this page

DocumentationAuthentication

Web API

Documentation

SonarQube provides web API to access its functionalities from applications. The web services composing the web API are documented within SonarQube, by URL. You can also access the web API documentation from the top bar in SonarQube:

screenshot showing how to access the Web API documentation on the SQ interface

Authentication

Administrative web services are secured and require the user to have specific permissions. In order to be authenticated, the user must provide credentials as described below.

User token

This is the recommended way. Benefits are described on the page Generating and using tokens.

SonarQube supports the bearer authentication scheme: 

curl --header 'Authorization: Bearer MY_TOKEN' https://sonarqube.com/api/user_tokens/search

Alternatively, you can use the basic scheme with an empty password:

# note that the colon after the token is required in curl to set an empty password 
curl -u THIS_IS_MY_TOKEN: https://sonarqube.com/api/user_tokens/search

HTTP Basic Access

Login and password are sent via the standard HTTP Basic fields:

curl -u MY_LOGIN:MY_PASSWORD https://sonarqube.com/api/user_tokens/search

Users who authenticate in the web application through an OAuth provider, for instance, GitHub or Bitbucket, don't have credentials and can't use HTTP Basic mode. They must generate and use tokens.

© 2008-2023, SonarSource S.A, Switzerland. Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution-NonCommercial 3.0 United States License. SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.

Creative Commons License