Please adjust permissions of some Web API calls and add documentation which calls need authentication.
For example its really useless to require authentication for api/system/ping which I try to use for docker health check
Hello,
As far as i know, api/system/ping does not require authentication. For docker healthcheck, we added to the official docker-library an example of healthcheck as we would recommend to implement it :
I suggest you to use api/system/status which return a more precise status about the state of the sonarqube instance.
Thanks for the hint, I will change the docker healthcheck
But as we have sonar configured with force authentication, I was getting a 401 for api/system/ping !
I just tested with 7.9 and /api/system/ping definitely returns 401 when sonar.forceAuthentication=true.
1 Like
Could anyone help me with the login string format to call healthcheck using a token?
In the running LTS 8.9 /api/system/ping still returns 401
“Requires system administration permission” is not present in the documentation.
Luckily /api/system/status works without a login, so that’s a viable workaround as a health check (like for haproxy or docker).