SonarCloud API - improvment opportunities

I’m using SonarCloud APIs and I detected some problems / opportunities of improvments :

  1. The parameters are not the same between APIs. For example, the projects can be named project (api/project_branches/list), componentKeys (api/issues/search) , projectKey (api/hotspots/search), etc.
    => It would be better to use the same parameter name for all the time

  2. The doc does not provide all the values for the parameters. For example, the parameter metricKeys of the API Measure only provide the values ncloc,complexity,violations but more are available in reality.

  3. The API project_badges is not working. I tested several other API but this one return a message it is not able to find the project. Here is the souce code :

url = “

query = {

“project” : projectKey,

“branch” : branchKey,

“metric” : “security_rating”,

“p” : 1,

“ps” : 500


r = requests.get(


params = query,



return r

Agreed, the public API could use some TLC, and unifying the parameters names would be a solid improvement. This would have to be done with backward compatibility in mind so everyone that is using the API will not have to rewrite all their scripts overnight. Maybe sonarcloud could notify customers monthly if they use deprecated parameters during a multi months transition period.

Some other improvements for the API:

  • provide a Python SDK, this would increase adoption of the web API by making it easier to write automation scripts.
  • publish a terraform provider. There are many settings that are not shareable, so configuration as code would be much better than clicking around for organizations with many projects.

Hi @Seb421

Thanks for your feedback.

We are aware of the naming convention issue for the parameter. We have some long-term plans to improve that.

About the 3. point, have you check the documentation for this API. If your project is private you must provide a token. You can also get those URLs from the project page information:[project key]

Let me know if you need more helps.


Hi Mathieu
sorry for my late answer. yes, I read the documentation and provided the right data, even for this private project (you can see in my code above the token is provided). I tested many other sonar API with success but this one is not working. The respond code is 200 and a SVG is created but with the message “Project not found” inside.

Are you sure to request the badge using this format:

Token is part of the query parameter. This is the only authentication mechanism in this API.

I tried many ways: token in the query, as auth in the GET request. I even tried in the url like you proposed but still the same message.

1 Like

What kind of token did you use? The only one that is going to work is the one that you get from the project information page.

I used the token generated here. It is working with the other sonar APIs.

This is not the correct token to use. The token is self-generated and exposed on the project information page.

Thank you. It is now working for a project.

My goal was to generate a report of all the projects using the badges and I don’t want to store the token of each project in my source code. Is there a way to get the project token from an API ?

For example, the API “” returns some information for each project. It could return the token project.

You could also use the for that matter.

the API qualitygates/project_status does not provide all the information I need.

I will use a combination of several API to get the information I need:

  • measures/component : security_rating, reliability_rating, sqale_rating, coverage
  • qualitygates/project_status : quality gate status
  • project_branches/list : bugs, vulnerabilities, codeSmells

By the way, is there a way to get the metric for the new code instead of the overall code ?

A full list of metrics can be found using this API:
Anything starting with new is targeting the new code.