# Web API
## Documentation
SonarQube provides web API to access its functionalities from applications. The web services composing the web API are documented within SonarQube, by URL. You can also access the [web API documentation](https://next.sonarqube.com/sonarqube/web_api/api/alm_integrations) from the top bar in SonarQube:
{% hint style="warning" %}
It’s highly recommended to use form data parameters when making POST requests to the Web API. If you use URI query parameters instead then these parameters won’t be securely passed to the endpoint.
{% endhint %}
## Authentication
Administrative web services are secured and require the user to have specific permissions. In order to be authenticated, the user must provide credentials as described below.
### User Token
This is the recommended way. Benefits are described on the page [generating-and-using-tokens](https://docs.sonarsource.com/sonarqube-server/9.9/user-guide/user-account/generating-and-using-tokens "mention"). The token is sent via the login field of HTTP basic authentication, without any password.
```css-79elbk
# note that the colon after the token is required in curl to set an empty password
curl -u THIS_IS_MY_TOKEN: https://sonarqube.com/api/user_tokens/search
```
### HTTP Basic Access
Login and password are sent via the standard HTTP Basic fields:
```css-79elbk
curl -u MY_LOGIN:MY_PASSWORD https://sonarqube.com/api/user_tokens/search
```
Users who authenticate in the web application through an OAuth provider, for instance, GitHub or Bitbucket, don’t have credentials and can’t use HTTP Basic mode. They must generate and use tokens.
