Managing Personal Access Tokens

Users can manage SonarQube Cloud's Personal Access Tokens (PAT) according to their permission levels defined by an administrator.

Each user has the ability to generate tokens that can be used to run analyses or invoke web services without access to the user’s actual credentials. When a user is deleted, their user access tokens are also deleted.

From the Team plan, it's highly recommended to use Scoped Organization Tokens (SOT) instead of PATs. For more information, see Managing Scoped Organization Tokens.

For security reasons, tokens that have been inactive for 60 days will be automatically removed.

To generate a token, select your account menu in the top right corner of the SonarQube Cloud interface. In the menu, select My Account > Security. Your existing tokens are listed here, each with a Revoke button.

The form at the top of the page allows you to generate new tokens. Once you select Generate, you will see the token value. Copy it immediately; if your dismiss the notification or leave the page, you will not be able to retrieve the token's value.

Tokens are used as a replacement for your usual login:

When running analyses on your code. Replace your login with the token in the sonar.token property. (Note that the property sonar.password is deprecated.)
When invoking web services. See Web API for more details.

In either case, no password is needed.

PreviousSigning in to SonarQube Cloud NextSubscribing to notifications

Last updated 28 days ago

Was this helpful?