Problem with WebAPI

I’m attempting to run a curl command against this endpoint to begin work with it, however, I’m getting failures.

Here is the curl command I am running:
curl -u user_token: https://site/api/measures/component?metricKeys=ncloc,complexity,violations&componentKey=PROJECT

I receive back the following error:
{“errors”:[{“msg”:“Either ‘componentId’ or ‘componentKey’ must be provided”}]}

I’ve tried “component”, “componentKey”, and “componentId” and none seem to work.

Please help. Let me know what I’m missing.


Welcome to the community!

I’ve moved your post to a new thread since it was only tangentially related to the thread you added it to.

Double-checking the Web API docs, I have the feeling that the error message might be a little out of date. I’m seeing component as a valid parameter key. Since you say you’ve tried that, then I have to assume the value you provided wasn’t accurate.

Have you tried this via the UI? The best way to master the API is to perform the desired action via the UI and eavesdrop to see which calls the UI made to accomplish the action.


Thank you for the quick response. I still cannot get the curl command I attempted to work, but I have managed to programatically hit the endpoint successfully.
I’m guessing uriencode() somehow fixed my problem.

What are the available metricKeys?

In the documentation, I see ncloc,complexity,violations listed as examples but I am not sure what other options are available.

What other options are available/possible?


Check api/metrics/search. There are hundreds in core IIRC, and the list can be expanded by plugins, so it’s not worth trying to give you an list here.


I was able to pull the vulnerabilities, however, the API responds with a numerical value for this MetricKey.
How do I extrapolate what the alphabetical value (A,B,C,D,E) of this field should be from this information?


Numeric to alphabetic is a simple 1-to-1 translation. Unfortunately, I don’t remember the direction (whether A is 1 or 5) but it should be easy to decode by comparing your project dashboard to the results.


Here is an example of output from the API that I’m getting:

[{‘metric’: ‘vulnerabilities’, ‘value’: ‘2325’, ‘periods’: [{‘index’: 1, ‘value’: ‘-14’, ‘bestValue’: False}], ‘bestValue’: False}]

On the front-end, this project is given a “D” rating but I don’t see where in the API I should be seeing a corresponding number for the “D” rating.


This is apples-and-oranges. The Vulnerabilities metric is a count of open Vulnerability issues. The Security Rating is a letter grade. It’s quite natural that one’s value doesn’t make sense in context of the other’s scale. There should have been some data in what you got from the metrics web service, but the docs should also help.