We use Sonarcloud.io in our organization and we were looking to automate some of the tasks we do (e.g projects settings, since there is no way to do them globally like in Sonarqube) Hence, we started playing with the API. One of the odd things we came across, was that the https://sonarcloud.io/web_api/api/components API returns projects that were not part of our org. We are using a token with Org owner permissions, so we were expecting that projects would be filtered by our org. Instead, none of our 54 projects came back as part of the first 100 projs in the result.
By chance, we clicked on the “Show internal API” filter, and discover there is an option marked as internal, to pass the organization. That worked and did what we needed.
But why is that the default behavior? I have not tried, so I would assume that even I can see others org’s projs, I won’t be able to do much since I would need permissions on those orgs. Why is organization filter is marked as internal? Doesn’t it make sense for this to be part of the public API?
Just making sure we are not missing anything here and we are using the API properly.