Skip to end of metadata
Go to start of metadata

SonarQube provides web API to access its functionalities from applications. The web services composing the web API are documented within SonarQube, through the URL "/web_api", which can also be reached from a link in the page footer. 


Administrative web services are secured and require the user to have specific permissions. In order to be authenticated, the user must provide credentials as described below.

User Token

This is the recommended way. Benefits are described in the page User Token. Token is sent via the login field of HTTP basic authentication, without any password.

# note that the colon after the token is required in curl to set an empty password 

HTTP Basic Access

Login and password are sent via the standard HTTP Basic fields:


 Users who authenticate in web application through an OAuth provider, for instance GitHub or Bitbucket, don't have credentials and can't use HTTP Basic mode. They must generate and use tokens.

Note about api/permissions

This mapping table will help you to choose which Permission Key to use when using the API api/permissions.


Permission Key
UI Name
adminAdminister SystemGlobal
profileadminAdminister Quality ProfilesGlobal
gateadminAdminister Quality GatesGlobal
scanExecute AnalysisGlobal
provisioningCreate ProjectsGlobal
issueadminADMINISTER ISSUESProject
codeviewerSEE SOURCE CODEProject
  • No labels