Web API
How to use SonarQube Cloud’s Web API.
SonarQube Cloud offers a Web API, allowing external applications to access its features. The base URL for accessing the API depends on whether you are using the SonarQube Cloud’s EU or US instance:
EU instance:
US instance:
The Web API V2 will gradually replace the Web API V1 as endpoints get deprecated and replaced.
Web API documentation
The SonarQube Cloud’s Web API v2 documentation is available here.
The web services composing the Web API v1 are documented within SonarQube Cloud, through the URL https://sonarcloud.io/web_api.
You can also access the Web API documentation from the top bar in Cloud by selecting the help button.
Authenticating to the Web API
Administrative web services are secured and require the user to have specific permissions.
To authenticate to the Web API, we recommend that you use the bearer authentication scheme. With this scheme, a SonarQube Cloud token is used:
The token is generated in SonarQube Cloud UI. See Managing Personal Access Tokens.
The token is provided through the
Authorization: Bearer <myToken>header. See Sample API request below.
Sending an API request
To make a request, you need to find the SonarQube Cloud API and the right path for the operation that you want to use. The following APIs are available:
Analysis
Authentication domain
Audit logs
AICA (AI Code Assurance)
Enterprises, Reports, Portfolios, Portfolio Permission Templates
Organizations
Projects
Quality Gates
SCA (Software Composition Analysis)
Software Quality Reports
Users and roles
Sample request
The code block below shows a request with cURL.
Where <domain> is:
For the EU instance:
sonarcloud.ioFor the US instance:
sonarqube.us
Example:
For more information about API request and response, see the SonarQube Cloud’s Web API v2 documentation.
To make a request, you need to find the HTTP method and the right path for the operation that you want to use.
It’s highly recommended to use form data parameters when making POST requests to the Web API. If you use URI query parameters instead then these parameters won’t be securely passed to the endpoint.
Content-Type header
Unless the Sonar Web API endpoint specifications list a specific Content-Type value, your request should use the following Content-Type header:
Content-Type: application/x-www-form-urlencoded
This is the default Content-Type value set by most tools and libraries, such as curl and Python’s requests module, but you should check their documentation for proper usage.
Sample API request
If, for example, you want to use the Web API to extract measures, you can make a "GET MEASURES" call to the SonarQube Cloud /api/measures endpoint in order to extract measures of a given metric for a given project. For this example, a possible request and response are shown below.
Sample request
Where <domain> is:
For the EU instance:
sonarcloud.ioFor the US instance:
sonarqube.us
Sample response
Taking into account the API rate limiting
Some of SonarQube Cloud’s APIs are rate-limited in order to ensure that we can continue to deliver the service smoothly and with optimum performance. In most cases, you should take this into account when automating tasks and processes by using the SonarQube Cloud Web API.
Your API calls will fail with a 429 status code when the rate limit has been reached. If this happens, wait a few minutes before retrying the operation.
Related pages
Last updated
Was this helpful?