Api/components/search returns all projects even outside of your org

Hello,

We use Sonarcloud.io in our organization and we were looking to automate some of the tasks we do (e.g projects settings, since there is no way to do them globally like in Sonarqube) Hence, we started playing with the API. One of the odd things we came across, was that the https://sonarcloud.io/web_api/api/components API returns projects that were not part of our org. We are using a token with Org owner permissions, so we were expecting that projects would be filtered by our org. Instead, none of our 54 projects came back as part of the first 100 projs in the result.

By chance, we clicked on the “Show internal API” filter, and discover there is an option marked as internal, to pass the organization. That worked and did what we needed.

But why is that the default behavior? I have not tried, so I would assume that even I can see others org’s projs, I won’t be able to do much since I would need permissions on those orgs. Why is organization filter is marked as internal? Doesn’t it make sense for this to be part of the public API?

Just making sure we are not missing anything here and we are using the API properly.

Thanks,
Janier

Janier

1 Like

You’re not missing anything, it’s just our web API is a bit rough around the edges, to say the least. We are aware of the issue, have had several internal discussions around the APIs marked “internal”. There is nothing concrete yet, but we definitely want to improve in this area in the not too distant future.

1 Like

Thank you Janos. Really appreciate your honesty. We will keep using the organization filter since it is solving our problem now.

This is a great product and I know the API would get better as well.

Janier