Web API

SonarQube Cloud provides a web API to access its functionalities from applications.

The web services composing the web API are documented within SonarQube Cloud, through the URL https://sonarcloud.io/web_api. You can also access the web API documentation from the top bar in Cloud by selecting the help button:

You can find the Web API under the help menu in the upper right-hand corner of your SonarQube Cloud UI.

Authenticating to the Web API

Administrative web services are secured and require the user to have specific permissions.

To authenticate to the Web API, we recommend that you use the bearer authentication scheme. With this scheme, a SonarQube Cloud token is used:

A token is generated in SonarQube Cloud UI. see:
- From the Team plan: Managing Scoped Organization Tokens.
- With the Free plan: Managing Personal Access Tokens.
The token is provided through the Authorization: Bearer <myToken> header. See Sample API request below.

Sending an API request

To make a request, you need to find the HTTP method and the right path for the operation that you want to use.

It’s highly recommended to use form data parameters when making POST requests to the Web API. If you use URI query parameters instead then these parameters won’t be securely passed to the endpoint.

Content-Type header

Unless the Sonar Web API endpoint specifications list a specific Content-Type value, your request should use the following Content-Type header:

Content-Type: application/x-www-form-urlencoded

This is the default Content-Type value set by most tools and libraries, such as curl and Python’s requests module, but you should check their documentation for proper usage.

Sample API request

If, for example, you want to use the Web API to extract measures, you can make a "GET MEASURES" call to the SonarQube Cloud /api/measures endpoint in order to extract measures of a given metric for a given project. For this example, a possible request and response are shown below.

Sample request

curl --request GET \
  --url 'https://sonarcloud.io/api/measures/component?metricKeys=ncloc%2Ccode_smells%2Ccomplexity&component=my_project_key' \
  --header 'Authorization: Bearer my_token'

Sample response

{
   "component": {
      "id": "id",
      "key": "my_project_key",
      "name": "my_project_name",
      "qualifier": "TRK",
      "measures": [
         {
            "metric": "complexity",
            "value": "4214"
         },
         {
            "metric": "code_smells",
            "value": "8595",
            "bestValue": false
         },
         {
            "metric": "ncloc",
            "value": "51667"
         }
      ]
   }
}

Taking into account the API rate limiting

Some of SonarQube Cloud’s APIs are rate-limited in order to ensure that we can continue to deliver the service smoothly and with optimum performance. In most cases, you should take this into account when automating tasks and processes by using the SonarQube Cloud Web API.

Your API calls will fail with a 429 status code when the rate limit has been reached. If this happens, wait a few minutes before retrying the operation.

PreviousMonorepo support NextWebhooks

Last updated 13 days ago

Was this helpful?