openapi: 3.1.0
info:
title: SonarCloud API
description: >-
The SonarCloud API provides HTTP endpoints for programmatic interaction
with SonarCloud — Sonar's cloud-based code quality and security analysis
service. It enables management of organizations, projects, quality gates,
issues, and analysis integrations with GitHub, GitLab, Bitbucket, and
Azure DevOps. Token-based authentication is required for all endpoints.
version: 1.0.0
contact:
name: SonarSource
url: https://community.sonarsource.com/
license:
name: GNU Lesser General Public License v3.0
url: https://www.gnu.org/licenses/lgpl-3.0.html
servers:
- url: https://sonarcloud.io/api
description: SonarCloud API
paths:
/organizations/search:
get:
operationId: searchOrganizations
summary: Search Organizations
description: >-
Search for organizations on SonarCloud. Organizations are the top-level
entity in SonarCloud, grouping projects from a DevOps platform account
(GitHub, GitLab, Bitbucket, or Azure DevOps).
tags:
- Organizations
parameters:
- name: q
in: query
description: Search query to filter organizations by name or key
schema:
type: string
- name: p
in: query
description: Page number
schema:
type: integer
default: 1
- name: ps
in: query
description: Page size (max 500)
schema:
type: integer
default: 25
security:
- bearerAuth: []
responses:
'200':
description: Successfully retrieved organizations
content:
application/json:
schema:
$ref: '#/components/schemas/OrganizationSearchResponse'
'401':
description: Unauthorized
/projects/search:
get:
operationId: searchProjects
summary: Search Projects
description: >-
Search for projects within an organization on SonarCloud. Returns
project details including last analysis date, quality gate status,
and language breakdown.
tags:
- Projects
parameters:
- name: organization
in: query
required: true
description: Organization key
schema:
type: string
- name: q
in: query
description: Search query for project name or key
schema:
type: string
- name: qualitygate
in: query
description: Filter by quality gate name
schema:
type: string
- name: p
in: query
description: Page number
schema:
type: integer
default: 1
- name: ps
in: query
description: Page size
schema:
type: integer
default: 100
security:
- bearerAuth: []
responses:
'200':
description: Successfully retrieved projects
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectSearchResponse'
'401':
description: Unauthorized
/issues/search:
get:
operationId: searchIssues
summary: Search Issues
description: >-
Search for code issues across projects in an organization. Supports
filtering by severity, type, status, assignee, rule, language,
component, and date ranges.
tags:
- Issues
parameters:
- name: organization
in: query
description: Organization key to scope the search
schema:
type: string
- name: componentKeys
in: query
description: Comma-separated component keys to scope the search
schema:
type: string
- name: severities
in: query
description: Comma-separated severities
schema:
type: string
- name: types
in: query
description: Comma-separated issue types
schema:
type: string
- name: statuses
in: query
description: Comma-separated statuses
schema:
type: string
- name: resolved
in: query
description: Filter by resolution status
schema:
type: boolean
- name: rules
in: query
description: Comma-separated rule keys
schema:
type: string
- name: p
in: query
description: Page number
schema:
type: integer
default: 1
- name: ps
in: query
description: Page size
schema:
type: integer
default: 100
security:
- bearerAuth: []
responses:
'200':
description: Successfully retrieved issues
content:
application/json:
schema:
$ref: '#/components/schemas/IssueSearchResponse'
'401':
description: Unauthorized
/qualitygates/list:
get:
operationId: listQualityGates
summary: List Quality Gates
description: >-
List all quality gates for an organization. Quality gates define
the conditions a project must meet to pass the clean code standard.
tags:
- Quality Gates
parameters:
- name: organization
in: query
required: true
description: Organization key
schema:
type: string
security:
- bearerAuth: []
responses:
'200':
description: Successfully retrieved quality gates
content:
application/json:
schema:
$ref: '#/components/schemas/QualityGateListResponse'
'401':
description: Unauthorized
/qualitygates/project_status:
get:
operationId: getQualityGateStatus
summary: Get Quality Gate Status
description: >-
Get the quality gate status for a project or pull request analysis.
Returns overall OK/ERROR status and individual condition results.
tags:
- Quality Gates
parameters:
- name: projectKey
in: query
description: Project key
schema:
type: string
- name: analysisId
in: query
description: Analysis ID
schema:
type: string
- name: branch
in: query
description: Branch name
schema:
type: string
- name: pullRequest
in: query
description: Pull request number
schema:
type: string
security:
- bearerAuth: []
responses:
'200':
description: Successfully retrieved quality gate status
content:
application/json:
schema:
$ref: '#/components/schemas/QualityGateStatus'
'401':
description: Unauthorized
/measures/component:
get:
operationId: getComponentMeasures
summary: Get Component Measures
description: >-
Get metric measures for a component. Returns values for requested
metric keys including coverage, bugs, vulnerabilities, code smells,
duplications, technical debt, and ratings.
tags:
- Measures
parameters:
- name: component
in: query
required: true
description: Component key
schema:
type: string
- name: metricKeys
in: query
required: true
description: Comma-separated metric keys
schema:
type: string
- name: branch
in: query
description: Branch name
schema:
type: string
- name: pullRequest
in: query
description: Pull request number
schema:
type: string
security:
- bearerAuth: []
responses:
'200':
description: Successfully retrieved component measures
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentMeasuresResponse'
'401':
description: Unauthorized
/user_tokens/search:
get:
operationId: searchUserTokens
summary: Search User Tokens
description: >-
List the user tokens associated with the authenticated user account.
Returns token names and creation dates (not the actual token values).
tags:
- User Tokens
security:
- bearerAuth: []
responses:
'200':
description: Successfully retrieved user tokens
content:
application/json:
schema:
$ref: '#/components/schemas/UserTokenSearchResponse'
'401':
description: Unauthorized
/user_tokens/generate:
post:
operationId: generateUserToken
summary: Generate User Token
description: >-
Generate a new user token for API authentication. The token value
is returned only once and must be stored securely. Tokens can be
scoped to specific organizations.
tags:
- User Tokens
security:
- bearerAuth: []
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Token name
organizationKey:
type: string
description: Scope token to a specific organization
responses:
'200':
description: Token generated successfully
content:
application/json:
schema:
$ref: '#/components/schemas/UserToken'
'400':
description: Bad request
'401':
description: Unauthorized
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
description: >-
SonarCloud user token. Generate at https://sonarcloud.io/account/security.
Pass as Bearer token or as basic auth username with empty password.
schemas:
OrganizationSearchResponse:
type: object
properties:
paging:
$ref: '#/components/schemas/Paging'
organizations:
type: array
items:
$ref: '#/components/schemas/Organization'
Organization:
type: object
properties:
key:
type: string
description: Organization key (unique identifier)
name:
type: string
description: Organization display name
guarded:
type: boolean
description: Whether the organization is guarded (cannot be deleted)
visibility:
type: string
enum: [public, private]
subscription:
type: string
enum: [FREE, PAID]
alm:
type: object
properties:
key:
type: string
enum: [github, gitlab, bitbucket, azure]
url:
type: string
description: Connected DevOps platform
ProjectSearchResponse:
type: object
properties:
paging:
$ref: '#/components/schemas/Paging'
components:
type: array
items:
$ref: '#/components/schemas/Project'
Project:
type: object
properties:
key:
type: string
description: Project key
name:
type: string
description: Project display name
qualifier:
type: string
enum: [TRK, APP, VW]
visibility:
type: string
enum: [public, private]
lastAnalysisDate:
type: string
format: date-time
revision:
type: string
organization:
type: string
description: Organization key
IssueSearchResponse:
type: object
properties:
paging:
$ref: '#/components/schemas/Paging'
issues:
type: array
items:
$ref: '#/components/schemas/Issue'
Issue:
type: object
properties:
key:
type: string
rule:
type: string
severity:
type: string
enum: [INFO, MINOR, MAJOR, CRITICAL, BLOCKER]
component:
type: string
project:
type: string
organization:
type: string
line:
type: integer
status:
type: string
enum: [OPEN, CONFIRMED, REOPENED, RESOLVED, CLOSED]
resolution:
type: string
enum: [FIXED, FALSE-POSITIVE, WONTFIX, REMOVED]
type:
type: string
enum: [CODE_SMELL, BUG, VULNERABILITY, SECURITY_HOTSPOT]
message:
type: string
author:
type: string
assignee:
type: string
creationDate:
type: string
format: date-time
updateDate:
type: string
format: date-time
tags:
type: array
items:
type: string
effort:
type: string
QualityGateListResponse:
type: object
properties:
qualitygates:
type: array
items:
$ref: '#/components/schemas/QualityGate'
default:
type: integer
QualityGate:
type: object
properties:
id:
type: string
name:
type: string
isDefault:
type: boolean
isBuiltIn:
type: boolean
conditions:
type: array
items:
type: object
properties:
id:
type: string
metric:
type: string
op:
type: string
enum: [LT, GT]
error:
type: string
QualityGateStatus:
type: object
properties:
projectStatus:
type: object
properties:
status:
type: string
enum: [OK, ERROR, NONE]
conditions:
type: array
items:
type: object
properties:
status:
type: string
enum: [OK, ERROR, NO_VALUE]
metricKey:
type: string
comparator:
type: string
errorThreshold:
type: string
actualValue:
type: string
ComponentMeasuresResponse:
type: object
properties:
component:
type: object
properties:
key:
type: string
name:
type: string
organization:
type: string
measures:
type: array
items:
type: object
properties:
metric:
type: string
value:
type: string
bestValue:
type: boolean
UserTokenSearchResponse:
type: object
properties:
login:
type: string
userTokens:
type: array
items:
type: object
properties:
name:
type: string
createdAt:
type: string
format: date-time
UserToken:
type: object
properties:
login:
type: string
name:
type: string
token:
type: string
description: Token value — only returned once at generation time
createdAt:
type: string
format: date-time
Paging:
type: object
properties:
pageIndex:
type: integer
pageSize:
type: integer
total:
type: integer
tags:
- name: Issues
description: Code issue search and management
- name: Measures
description: Component metrics and measurement data
- name: Organizations
description: Organization management and discovery
- name: Projects
description: Project search and management within organizations
- name: Quality Gates
description: Quality gate configuration and status
- name: User Tokens
description: API token generation and management