On this page
Web API
Documentation
SonarQube provides web API to access its functionalities from applications. The web services composing the web API are documented within SonarQube, by URL. You can also access the Web API documentation from the top bar in SonarQube:
Note that the Web API V2 will gradually replace the Web API as endpoints get deprecated and replaced.
Authentication
Administrative web services are secured and require the user to have specific permissions. In order to be authenticated, the user must provide credentials as described below.
User token
This is the recommended way. Benefits are described on the page Generating and using tokens.
SonarQube supports the bearer authentication scheme:
Alternatively, you can use the basic scheme with an empty password:
HTTP Basic Access
Login and password are sent via the standard HTTP Basic fields:
Users who authenticate in the web application through an OAuth provider, for instance, GitHub or Bitbucket, don't have credentials and can't use HTTP Basic mode. They must generate and use tokens.
Web API deprecation policy
The goal of the deprecation policy is to make sure that users are aware of what is changing and have time to adjust before a component of the API is dropped at a given planned date.
The Web API deprecation policy states that:
- An API component must be deprecated before being dropped. Furthermore, if the underlying feature is not being dropped, a replacement component must immediately be provided.
- A deprecated API component must be fully supported until its drop (For instance the implementation of a deprecated method can't be replaced by throwing a new UnsupportedOperationException()).
- The API release cycle is tied to the SonarQube release cycle.
- If an API component is deprecated in version X.Y, this component is planned to be dropped in version (X+1).0. For example, a component deprecated in the 10.x version is kept until the 10.x LTS version: it will be dropped in the 11.0 version.
Under special circumstances, for example, when there are security vulnerabilities that need to be addressed, we might make an exception and drop the deprecated API component earlier.
This leads to the following policy recommendations for API users:
- Regularly monitor the deprecation of API components and check if you’re currently using them. See Monitoring the deprecated API components.
- If you're currently using deprecated API components:
- Don't add new uses of it.
- Make the necessary updates in your next few releases so you’re ready for any breaking changes after the next LTS release.