SonarQube api api/project_analyses/search fails with 403 "msg": "Insufficient privileges" yet API ke

jhoechtl · December 19, 2022, 12:05pm

First I appologize if cross-posting here and to stackoverflow is dis-encouraged. If so, i couldn’t find the netiquette.

I have an API key. The user behind the API key has been propagated to be admin.

I am sending authenticated requests as described in Web API

Using Insomnia.

A call to /api/components/search_projects works.
A call to /api/project_analyses/search?project=RSV_FLAG fails with HTTP Status Code 403

If I am in the web interface I see that calls to the same API endpoint /api/project_analyses/search work, yet there are cookies and xrfi-tokens involved.

Why does a call to /api/project_analyses/search fail when the token assigned has administrative privileges?

Colin · December 21, 2022, 1:28pm

Hey there.

Welcome to our Community!

As noted in the topic template: what version of SonarQube are you using?

jhoechtl · December 21, 2022, 2:00pm

I am using version 9.6.1.59531

Colin · December 21, 2022, 3:57pm

Thanks!

GET /api/project_analyses/search requires that the user making the request has Browse permissions on the project. This will not necessarily be the case even if a user has global Administer permissions.

Does the user the token was generated for have permissions to browse the project in question?