Skip to content
This documentation applies to Codacy Self-hosted v13.0.0

For the latest updates and improvements, see the latest Cloud documentation instead.

API tokens#

Codacy provides account and project-level API tokens that allow you to:

The sections below provide details about the two types of API tokens and instructions on how to generate and revoke them.

Warning

Never write API tokens to your configuration files and keep your API tokens well protected, as they grant owner permissions to your projects on Codacy.

We recommend that you set API tokens as environment variables. Check the documentation of your CI/CD platform on how to do this.

Generating and revoking account API tokens#

Account API tokens are defined at the Codacy user account level. Each account API token authorizes access to the same organizations, repositories, and operations as the roles and permissions of the owner of the account.

Important

If you're using an account API token to upload coverage be sure to check the roles that your Git provider account must have to authorize uploading coverage to Codacy.

We recommend that you use a dedicated service account for integrating Codacy with your repositories. This will avoid disruption of service if the user who originally created an account API token stops having access to the repositories, such as when the user leaves the team or the organization.

You can create new account API tokens programmatically using the Codacy API or using the Codacy UI:

  1. Open your account, tab Access management.

  2. Click the button Create API token under Account API tokens.

    Tip

    You can create multiple account API tokens. This can be useful to have a more flexible control by revoking only a specific token.

    Creating an account API token

To revoke an account API token, click the "X" next to the token. After this, all applications or services using that token to access the Codacy API will fail to authenticate and will receive the reply {"error":"not found"}.

Generating and revoking project API tokens#

Project API tokens are defined on individual repositories. Each project API token only authorizes access to the corresponding repository.

You can create new project API tokens programmatically using the Codacy API or using the Codacy UI:

  1. Open your repository Settings, tab Integrations.

  2. Click the button Add integration and add a Project API integration.

  3. Click the button Settings on the Project API integration and copy the project API token.

    Tip

    You can create multiple (up to 100) project API tokens per repository. This can be useful to have a more flexible control by revoking only a specific token.

    Creating a project API token

To revoke a project API token, click the trash can icon for the corresponding Project API integration. After this, all applications or services using that token to access the Codacy API will fail to authenticate and will receive the reply {"error":"not found"}.

See also#

Share your feedback 📢

Did this page help you?

Thanks for the feedback! Is there anything else you'd like to tell us about this page?

We're sorry to hear that. Please let us know what we can improve:

Alternatively, you can create a more detailed issue on our GitHub repository.

Thanks for helping improve the Codacy documentation.

If you have a question or need help please contact support@codacy.com.

Last modified November 25, 2022