Managing your tokens
Each user has the ability to generate tokens that can be used to run analyses or invoke web services without access to the user's actual credentials. When a user is deleted, their user access tokens are also deleted.
To generate a token, go to User > My Account > Security. Your existing tokens are listed here, each with a Revoke button: https://sonarcloud.io/account/security
The form at the top of the page allows you to generate new tokens. Once you click the Generate button, you will see the token value. Copy it immediately; if dismiss the notification or leave the page, you will not be able to retrieve it.
User tokens are used as a replacement for your usual login:
- When running analyses on your code. Replace your login with the token in the
sonar.tokenproperty. - When invoking web services. Use the token for HTTP bearer authentication by sending the token in the HTTP
Authorizationheader using theBearerscheme.
Authorization: Bearer <token>
See Bearer Authentication for details.
In either case, no password is needed. The property sonar.password is deprecated.
For more information on using tokens with web services, see Web API.
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
