API Authentication using Github

• ALM used - GitHub
• CI system used - Github Actions
• Scanner command used when applicable (private details masked)
• Languages of the repository - TypeScript

I am trying to do a basic curl to the https://sonarcloud.io/api/project_analyses/search?project=“my-project” url using a personal access token generated from Github, which is my authentication method, in the same way described here, but even though I am an admin for our plan on sonarcloud, I am getting an “Insufficient privileges” error. The command I’m using is
curl -u <my-actual-github-token>: https://sonarcloud.io/api/project_analyses/search?project="<my-project-key>"

Would anyone have any idea what might be the issue?

Hello @zacharymelancon,

Do you generate token through the SonarCloud? I am not really sure if I understand what do you mean about generating the token from Github.

You have to go to your profile and generate the token here:

image1800×1074 111 KB

Then I recommend you to user bearer token authentication method, in your case it would be like this:

curl https://sonarcloud.io/api/project_analyses/search?project="<my-project-key>" -H "Authorization: Bearer <token>"

Anyone with “browse” permission should be able to call this API endpoint.

Let me know if you have any other questions

Best,
Marcin

Awesome. That worked! I will say that it’s not very clear that that is what you should do based on the documentation here though. Is that because it is specific to Sonarqube? If so, do you know where I can find the documentation for the authorization method you suggested?

Yes, you should rely on the SonarCloud documentation when using SonarCloud. You can find the relevant page here: https://sonarcloud.io/documentation/advanced-setup/user-accounts/#user-tokens

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.