Managing your tokens
Each user has the ability to generate tokens that can be used to run analyses or invoke web services without access to the user's actual credentials. When a user is deleted, their user access tokens are also deleted.
To generate a token, go to User > My Account > Security. Your existing tokens are listed here, each with a Revoke button: https://sonarcloud.io/account/security
The form at the top of the page allows you to generate new tokens. Once you click the Generate button, you will see the token value. Copy it immediately; if dismiss the notification or leave the page, you will not be able to retrieve it.
User tokens are used as a replacement for your usual login:
- When running analyses on your code. Replace your login with the token in the
sonar.token
property. - When invoking web services. Use the token for HTTP bearer authentication by sending the token in the HTTP
Authorization
header using theBearer
scheme.
Authorization: Bearer <token>
See Bearer Authentication for details.
In either case, no password is needed. The property sonar.password
is deprecated.
For more information on using tokens with web services, see Web API.
Was this page helpful?