Authentication Required
OSS Index now requires authentication. Learn why this improves stability, how to set up your token, and how upcoming paid tiers enable unlimited access.
Sonatype OSS Index now requires all users — including automated tools — to authenticate using a personal API token .
What’s changing:
- All Sonatype OSS Index web and API access now requires authentication.
- Anonymous requests are no longer allowed.
- Most integrations will start failing if a token is not configured.
Why this is happening:
- High anonymous traffic (especially from automated tools) has made it harder to maintain stable, fair service.
- Authentication allows us to give developers more control and avoid one-size-fits-all limits.
- It also sets the foundation for usage-based tiers and future product improvements.
What you get when you authenticate:
- Higher rate limits, tied to your usage — not your shared IP.
- Better reliability, with traffic shaping based on real users.
- Tool-specific setup instructions, pre-filled with your token.
- Future usage visibility, support access, and optional upgrades.
How to get started:
- Create an account — it’s free
- Get your API token
- Configure your tools
Upcoming Paid Tier: Unlimited Access
In the near future, Sonatype OSS Index will offer a paid tier for teams and organizations that need unlimited component lookups and no rate limits.
This tier is designed for enterprise-scale use: continuous builds, integrated SCA tools, and environments that depend on high-volume access to the most accurate component and vulnerability data available.
Smaller teams and hobbyists can continue using Sonatype OSS Index without charge. The component-based limits mean you can scan the same components as often as you like, which enables full DevOps best practices without penalty. Usage only scales as you add more applications and developers — in other words, at true enterprise scale.
Need help?
If you're running into issues, check out the integrations or contact us.