sonar.forceAuthentication not setting via api - the parameter "key" is missing

  • Version 7.3 (build 15553)
  • When using Firefox’s RESTClient extension, cannot set sonar.forceAuthentication to true. - ultimately I want to do this with ansible using the uri module, just trying to get it working with a RESTClient first.
  • Steps to reproduce:
  1. Set up Basic Authentication in the Firefox RESTClient with a valid sonar admin user.
  2. Select “POST”, and set the url to
  3. Set the body to the following: “key”:“sonar.forceAuthentication”,“value”:“true” and “send”. (this body was found by doing a GET at /api/properties, which is set to false).
  4. The response will be a 400 with: {“errors”:[{“msg”:“The ‘key’ parameter is missing”}]}.(or if you’re logged in to the ui with the same credentials that you set in step 1, a 401. Log out of the ui and try again)>

I’ve tried various combos of quotes around key vs no quotes, no “key” word at all(same error message), and wrapping the whole thing in [{“key”:“sonar.forceAuthentication”,“value”:“true”}] and {“key”:“sonar.forceAuthentication”,“value”:“true”}

I’ve been down the rabbitholes of:

And even commented on, where the very helpful @julienlancelot assisted and suggested I create this post to help others that might run into this. I did find one thing about curl(the RESTClient uses curl) vs. wget, where wget works. Haven’t tried that out yet - Always get 400 when calling api/settings by curl

Can anyone tell me how to switch the false to true on sonar.forceAuthentication via api? I’m starting with 7.4, but need to do some 6.7.5s , and 5.5s also. Thanks!

EDIT: I did see a thread somewhere that talks about the key param being deprecated since 6.7.5 or so - but still should be usable since the GET I’m doing pulls it, correct? If there’s another new way to do it, I’m really having a hard time finding it:

POST api/settings/set

since 6.1

Update a setting value.
Either ‘value’ or ‘values’ must be provided.
The settings defined in config/ are read-only and can’t be changed.
Requires one of the following permissions:

  • ‘Administer System’

  • ‘Administer’ rights on the specified component

  • Parameters

  • Changelog


optional Component key #### Example value


optional Setting field values. To set several values, the parameter must be called once for each value. #### Example value

fieldValues={"firstField":"first value", "secondField":"second value", "thirdField":"third value"}

required Setting key #### Example value


optional Setting value. To reset a value, please use the reset web service. #### Example value

optional Setting multi value. To set several values, the parameter must be called once for each value. #### Example value


Hi Brian,

The parameters must be passed in the query path, not in the body. Example:

curl -XPOST -u admin:admin "http://localhost:9000/api/settings/set?key=sonar.forceAuthentication&value=true"

I hope it helps.

Unfortunately it didn’t @simon.brandhof - maybe something networky is wrong on my side, I’m not using localhost or port 9000. The curl command shows an upload happen, no status code(tried -I and a couple of other things), and the switch does not get flipped. I can curl my url with /settings and get the html back.

@Brian the command I provided was successfully tested with versions 6.7.7 and 7.7 of SonarQube. I suggest to troubleshoot by enabling the curl verbose mode with argument -v.