Managing your tokens

Each user has the ability to generate tokens that can be used to run analyses or invoke web services without access to the user's actual credentials. When a user is deleted, their user access tokens are also deleted.

To generate a token, select your account menu in the top right corner of the SonarQube Cloud interface. In the menu, select My Account > Security. Your existing tokens are listed here, each with a Revoke button: https://sonarcloud.io/account/security

The form at the top of the page allows you to generate new tokens. Once you click the Generate button, you will see the token value. Copy it immediately; if dismiss the notification or leave the page, you will not be able to retrieve it.

Tokens are used as a replacement for your usual login:

• When running analyses on your code. Replace your login with the token in the sonar.token property. (Note that the property sonar.password is deprecated.)
• When invoking web services. See Authenticating to the API.

In either case, no password is needed.