# Managing personal access tokens

Each user can manage two token types in SonarQube Cloud: personal access tokens and tokens for agent apps. Token handling for the [SonarQube MCP Server](https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-mcp-server/about-the-mcp-server) depends on how you access it. Choose the token type that matches how you connect and what you want to do.

* Personal access tokens and tokens for agent apps. Personal access tokens are used to run analyses or invoke web services without using the user’s actual credentials. This token type can be used when setting up connected mode with [SonarQube for IDE](/sonarqube-cloud/analyzing-source-code/connected-mode.md), and when configuring your [AI agent with the SonarQube MCP Server](broken://spaces/EHnpEP79nyG2U40QiiYV/pages/JLiY6Gf0PjVWm8Dcbio9) in a local configuration. See [#personal-tokens](#personal-tokens "mention").
* ​Tokens for agent apps that need to access SonarQube Cloud. When you install the [SonarQube agent through GitHub agent apps](/agent-centric-development-cycle/developer-tools/agent-plugins/agent-apps-for-github.md), it uses a one-time token created for the user who starts the request. See [#agent-apps](#agent-apps "mention") for more details.

From the Team plan, Scoped Organization Tokens can be used for analysis with `sonar.token`. They are project-scoped and grant only **Execute analysis**, so they fit CI scanner runs best. See the see [Managing Scoped Organization Tokens](/sonarqube-cloud/administering-sonarcloud/managing-organization/scoped-organization-tokens.md) page for more information.

{% hint style="info" %}
When a user is deleted, their user access tokens are also deleted.
{% endhint %}

## Generating personal tokens <a href="#personal-tokens" id="personal-tokens"></a>

You can generate personal tokens as a replacement for your usual login:

* When running analyses on your code. Replace your login with the token in the `sonar.token` property. (Note that the property `sonar.password` is deprecated.)
* When invoking web services. See the [Web API](/sonarqube-cloud/appendices/web-api.md) page for more details.

In either case, no password is needed.

{% hint style="info" %}
For security reasons, tokens that have been inactive for 60 days will be automatically removed.
{% endhint %}

### Generating a personal token

1. Open your account menu in the top right corner of the SonarQube Cloud interface.
2. In the menu, select **My account** > **Access Tokens**.
3. The **Personal Tokens** tab shows your existing personal tokens.
4. In **Generate Tokens**, enter the token name and select **Generate Token**. The token value will be displayed.
5. Copy it immediately by selecting the copy tool in front of the value.

{% hint style="warning" %}
If you dismiss the notification or leave the page, you will not be able to retrieve the token's value anymore.
{% endhint %}

### Revoking a personal token

1. Open your account menu in the top right corner of the SonarQube Cloud interface.
2. In the menu, navigate to **My account** > **Access tokens** > **Personal Tokens**. Your existing tokens are listed here.
3. In your list of existing tokens, select **Revoke** to remove the respective token.

## Managing tokens for agent apps <a href="#agent-apps" id="agent-apps"></a>

To use the [SonarQube MCP Server](https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-mcp-server/about-the-mcp-server) via agent apps, you must authorize the generation of Sonar tokens for the agent. These one-time tokens, which mirror your current SonarQube Cloud permissions, remain active until the agent task finishes or for up to one hour. You have the ability to track and revoke these tokens directly within SonarQube Cloud.

For more about using agent apps when logged in with GitHub, see the [Agent apps for GitHub](/agent-centric-development-cycle/developer-tools/agent-plugins/agent-apps-for-github.md) page.

### Enabling / disabling the token creation for agent apps

1. Open your account menu in the top right corner of the SonarQube Cloud interface.
2. In the menu, select **My account** > **Access Tokens** > **Agent Apps**.
3. Select or unselect the **Allow Agent Apps for GitHub to create personal access tokens** option.

### Tracking your Agent apps tokens

1. Open your account menu in the top right corner of the SonarQube Cloud interface.
2. In the menu, select **My account** > **Access Tokens** > **Agent Apps**.
3. In your list of existing tokens, select **Revoke** to remove the respective token.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-cloud/managing-your-account/managing-tokens.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.