Start FreeLog in
SonarCloud | Managing your account | Managing tokens

Managing your tokens

Each user has the ability to generate tokens that can be used to run analyses or invoke web services without access to the user's actual credentials. When a user is deleted, their user access tokens are also deleted.

To generate a token, go to User > My Account > Security. Your existing tokens are listed here, each with a Revoke button: https://sonarcloud.io/account/security

The form at the top of the page allows you to generate new tokens. Once you click the Generate button, you will see the token value. Copy it immediately; if dismiss the notification or leave the page, you will not be able to retrieve it.

User tokens are used as a replacement for your usual login:

  • When running analyses on your code. Replace your login with the token in the sonar.token property.
  • When invoking web services. Use the token for HTTP bearer authentication by sending the token in the HTTP Authorization header using the Bearer scheme. 

Authorization: Bearer <token>

See Bearer Authentication for details.

In either case, no password is needed. The property sonar.password is deprecated.

For more information on using tokens with web services, see Web API


Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License