Api/users/search endpoint returning all users

Kristoffer_Bergman · May 16, 2022, 3:00am

Hello!

I am currently trying out your WEB API, and I noticed that the api/users/search endpoint seems to return users outside of your organization. Is this intentional?

With the information being returned, it’s not really a security risk, but it’s the first time I have seen a “public” API endpoint like this so I was just curious.

Colin · May 16, 2022, 9:25am

Hey there.

A couple things!

https://api.github.com/users allows unauthenticated access
We will stop allowing unauthenticated access this month
Eventually, we’d like to restrict endpoints like this to the organization. We have some work to do around onboarding new team members before we can make that happen.

Kristoffer_Bergman · May 17, 2022, 8:28am

Hello Colin.

Got it! Thank you for the reply.

Topic		Replies	Views
New Search API for SonarCloud SonarQube Cloud api	6	196	August 2, 2024
Can web_api return only members of my organization when using a free plan? SonarQube Cloud web_api	4	500	August 21, 2023
SonarCloud /api/users/search endpoint to require authentication Announcements sonarqube-cloud	0	524	April 21, 2022
Organization User Search with External identity ID SonarQube Cloud web_api , sonarqube-cloud	3	712	April 20, 2023
Check user information API Rest SonarCloud SonarQube Cloud	5	1880	January 2, 2023

Api/users/search endpoint returning all users

Related topics