Web API 401 when using tokens

The Issue:
I am trying to access the Web API of our SonarQube instance, but all attempted endpoints report a 401 (Not Authorized) when accessing programtically following the instructions in the documentation. I am able to access the endpoints in my browser, so the endpoints exist on our instance.
I’m pretty sure this is related to Auth via token in our setup. I’m pretty much down to wild guesses at this point. Are there any common pitfalls that I could look into?

Our Setup:
We have a SonarQube instance (v9.9, build 65466) running on a machine behind an nginx proxy, configured in line with the SonarQube documentation for configuring HTTPS access using nginx.
We use GitHub to authenticate users for web sessions, and have tokens to run analysis from sonarscanner.
The “Force user authentication” option is enabled for our instance.

What I’ve tried:

  • Using the /api/user_tokens/search and /api/issues/search endpoints
  • Setting the Authorization: Bearer <squ_***> header value (all attempted requests)
  • Using both a known “good” token (used by the Scanner CLI to upload analysis to the SQ server) and a newly created user token.
  • Accessing both using curl and using the python requests library
  • Updating the nginx server/location configuration to include proxy_pass_header Authorization; (+restarting the service)


you have to use basic authentication with <sonarqubetoken>: means it’s the token + the delimiter ‘:’
Did you try that already ?


Using the basic scheme with an empty password worked. Thank you!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.