Authorization
Sonarqube
Prerequisites
Before creating a SonarQube credential, you need to obtain your API Key (User Token) from your SonarQube account. SonarQube uses API Key authentication for all API requests, with the API key sent in the Authorization header with the Bearer prefix.
To obtain your SonarQube API Key, follow these steps:
-
Sign in to your SonarQube account using your administrator credentials.
-
Navigate to your user account settings by clicking your profile icon in the top right corner and selecting My Account or Account.
-
In your account settings, navigate to Security or Tokens section.
-
Look for the User Tokens or API Tokens section in your account settings.
-
If you don't have an API token yet, look for the option to generate or create your user token.
-
Click Generate Token or Create Token to create a new user token.
-
Configure your user token settings:
- Enter a name for the token (e.g., "Nexla Integration")
- Review and select the token type (User Token or Project Token)
-
Click Generate to create the user token.
-
Copy the user token immediately after it's generated, as it may not be accessible again after you navigate away from the page.
-
Store the user token securely, as you will need it to configure your Nexla credential. The user token is sensitive information and should be kept confidential.
The API key (user token) is sent in the Authorization: Bearer {token} header for all API requests to the SonarQube API. The token authenticates your requests and grants access to SonarQube resources based on your account permissions. If your API key is compromised, you should immediately revoke it in your SonarQube account settings and generate a new one. For detailed information about obtaining user tokens, API authentication, and available endpoints, refer to the SonarQube Web API documentation.
Create a SonarQube Credential
- To create a new SonarQube credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
New Credential Overlay – SonarQube
Credential Name & Description
-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.
API Key Authentication
SonarQube uses API Key authentication for all API requests. The API key (user token) is sent in the Authorization header with the Bearer prefix to authenticate API requests to the SonarQube API.
-
Enter your SonarQube API Key Value in the API Key Value field. This is the user token you obtained from your SonarQube account settings (My Account > Security > User Tokens). The API key is sent in the
Authorization: Bearer {token}header for all API requests to the SonarQube API. The API key is sensitive information and must be kept confidential.Your SonarQube API key (user token) can be found in your SonarQube account settings under My Account > Security > User Tokens. The API key is sent in the
Authorization: Bearer {token}header for all API requests to the SonarQube API.If your API key is compromised, you should immediately revoke it in your SonarQube account settings and generate a new one. The API key provides access to your SonarQube account data and should be treated as sensitive information. Keep your API key secure and do not share it publicly.
For detailed information about obtaining user tokens, API authentication, and available endpoints, see the SonarQube Web API documentation.
Save the Credential
-
Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.
-
The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.