I am trying to access the Web API of our SonarQube instance, but all attempted endpoints report a 401 (Not Authorized) when accessing programtically following the instructions in the documentation. I am able to access the endpoints in my browser, so the endpoints exist on our instance.
I’m pretty sure this is related to Auth via token in our setup. I’m pretty much down to wild guesses at this point. Are there any common pitfalls that I could look into?
We have a SonarQube instance (v9.9, build 65466) running on a machine behind an nginx proxy, configured in line with the SonarQube documentation for configuring HTTPS access using nginx.
We use GitHub to authenticate users for web sessions, and have tokens to run analysis from sonarscanner.
The “Force user authentication” option is enabled for our instance.
What I’ve tried:
- Using the
- Setting the
Authorization: Bearer <squ_***>header value (all attempted requests)
- Using both a known “good” token (used by the Scanner CLI to upload analysis to the SQ server) and a newly created user token.
- Accessing both using
curland using the python
- Updating the nginx server/location configuration to include
proxy_pass_header Authorization;(+restarting the service)