Not able to get SCA API's

I am trying to call the SonarCloud SCA API to fetch vulnerability information, but I’m unable to get it working in Postman.

I’m using the following endpoint as the base URL:

https://sonarcloud.io/sca/risk-reports?component=crest-test-1_project-1&riskType=VULNERABILITY

I’m also using the token generated from the SonarCloud UI with:

Authorization: Bearer <token>

However, the request is not working, and the documentation below does not clearly explain how to use the SCA API or what the correct base URL should be:

https://api-docs.sonarsource.com/sonarqube-cloud/default/public-dependencyservice-v1-0

Can someone please help me understand:

• What is the correct SCA API base URL?

• How to authenticate properly?

• How to correctly call the API to get vulnerability information?

Thank you!

web_api_v2 SonarQube Cloud web_api

Hey there.

You’ll need to use https://api.sonarcloud.io/ rather than https://sonarcloud.io for these requests. So:

https://api.sonarcloud.io/sca/risk-reports?component=crest-test-1_project-1&riskType=VULNERABILITY

Hey Colin,

Thanks for sharing updated url
can you please help me understand diffrance between API v1 and v2, because v1 is still operational as far as i know. Also what is api.sonarcloud.io why not only sonarcloud.io

I am trying to create integraion where i will collect all the data from sonarcloud so asking because i have to choose version.

Web API v2 is the future replacement for Web API v1, offering closer alignment with modern RESTful conventions, whereas Web API v1 did not consistently follow established REST patterns.

The transition to v2 is occurring incrementally, with individual endpoints being migrated over time.

Currently, Web API v1 is accessible at sonarcloud.io/api/, while Web API v2 uses the endpoint api.sonarcloud.io.