SonarCloud APIs

We are currently planning to integrate SonarCloud APIs as part of our Scan Vault implementation. To ensure smooth and efficient integration, could you please help clarify the following:Which API we can use ?

  • Is there any API throttling or rate limiting in place?
  • If yes, what is the maximum number of requests allowed (per minute/hour/day)?
  • Are there any differences in rate limits based on the type of authentication used (e.g., token vs. OAuth)?
  • Are there any best practices or recommendations to avoid hitting the rate limits?
  • Is there a way to monitor or receive alerts when approaching the rate limit?

SonarQube Cloud enforces API rate limiting to prevent abuse. Although specific thresholds aren’t published, keeping your requests below 1,000 per minute should avoid any issues. These limits apply regardless of authentication method. If you exceed the rate limit, you’ll receive HTTP 429 response codes.