403 Forbidden - Insufficient privileges when calling the api/users/create endpoint

Hi guys,

I am having two issues with the web service api…

I am trying to create a new SonarCloud user using the api/users/create endpoint, like so:


But I get a 403 Forbidden - Insufficient privileges. I am passing my token in using Basic Auth and other endpoints work for me so any ideas on what the issue is here?

When I add a new member to my organisation, how can I (via the web service api), just grant the user access to an individual project? At the moment when I add a new member it seems like they just have access to every project (even if a project is private).

Any help would be great as I can’t figure it out from the documentation.



  1. Yeah it’s normal, this endpoint requires “instance administrator” rights, which you do not have on SonarCloud. You will never be able to use this WS (we will most probably un-list it from there soon)
    We currently don’t have a public API to manage members of your organization, but you could eventually use api/organizations/add_member (if it’s for a one shot usage, since it could change in the future) if the member you want to invite already has an account on SonarCloud.
    Note that if you use Github, you can synchronize your organization members with the one from your Github organization.

  2. All members of your organization will be able to at least “see” all private and public projects of your organization. Then, you can manage other permissions like “execute analysis” or “administer” per users/groups directly on a project or at the organization level.
    You can find more info about it in those pages :

Hi Gregoire,

Thanks for getting back to me.

So there’s really no way to give a user permissions to only access a single project?


Actually I’m wrong on the 2nd point.
It should be possible to allow only some members to access a private project with the “browse” permission (available only for private projects).
To to do this, you need:

  • A paid organization and a private project
  • In your org check your permissions templates, the “default template” is the one applied when you create a new project and I think by default it gives the “browse” permission to all members.
  • Then inside your private project, remove the “browse” permission of the members group
  • You should now be able to grant that “browse” permission only to the groups or users that you want

I don’t suggest to manage the permissions users by users though, it’s better to create groups with the right permissions on the projects you want and then put members inside those groups.

Great thanks I will try that!