SonarCloud | Advanced setup | Web API

On this page

Web API

SonarCloud provides a web API to access its functionalities from applications. The web services composing the web API are documented within SonarCloud, through the URL https://sonarcloud.io/web_api. You can also access the web API documentation from the top bar in Cloud by selecting the help button:

User tokens

This is the recommended way to access the Web API.

User tokens are used to authenticate to SonarCloud so that you can perform analyses or invoke web services, such as the Web API. User tokens use bearer authentication which means that you (the “bearer”) can pass the token instead of your usual login. The token is sent via the login field of HTTP authentication, without any password.

For detailed information on user tokens and authentication, see User accounts.

Sample API request

To make a request, you need to find the HTTP method and the right path for the operation that you want to use. 

Navigate to the SonarCloud Web API and look for the /api/measures endpoint.  

Using this, you can make a “GET MEASURES” call to extract measures for any given project/component. 

A sample curl command should look something like this: 

curl --request GET \
  --url 'https://sonarcloud.io/api/measures/component?metricKeys=ncloc%2Ccode_smells%2Ccomplexity&component=my_project_key' \
  --header 'Authorization: Bearer my_token' 

Sample response:

{
   "component": {
      "id": "id",
      "key": "my_project_key",
      "name": "my_project_name",
      "qualifier": "TRK",
      "measures": [
         {
            "metric": "complexity",
            "value": "4214"
         },
         {
            "metric": "code_smells",
            "value": "8595",
            "bestValue": false
         },
         {
            "metric": "ncloc",
            "value": "51667"
         }
      ]
   }
}

API rate limiting

Some of SonarCloud's APIs are rate-limited in order to ensure that we can continue to deliver the service smoothly and with optimum performance. In most cases, you should take this into account when automating tasks and processes by using the SonarCloud Web API. 

Your API calls will fail with a 429 status code when the rate limit has been reached. If this happens, wait a few minutes before retrying the operation. 

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License