Public API
The public API lets you create teams, projects, and obtain a list of Qodana Cloud and Qodana Self-Hosted organization users using your build pipelines. This feature is available only under the Ultimate Plus license.
Prerequisites
The public API requires an organization API token for authentication purposes.
Before using the public API, make sure that the following requirements were met:
To create and manage an organization API token, you should have access to an existing Qodana Cloud organization under the
OwnerorAdminrole.To learn how to create organizations, see the Create an organization chapter.
Your Qodana Cloud organization is licensed under the Ultimate Plus license of Qodana.
To generate an organization API token, use the API token tab of your organization settings.
For API request examples provided in this section, replace the
{qodana_cloud_url}placeholder with your base URL, i.e. withqodana.cloudfor Qodana Cloud, or using your custom base URL in case of Qodana Self-Hosted.
In this section, an organization API token value is referred to as $permanent_organization_token.
Create teams and projects
To create a new team (if applicable) along with a project and obtain a project token, send a POST request to the https://{qodana_cloud_url}/api/v1/public/organizations/projects endpoint and provide the team and project names, for example:
The teamName parameter provides a string non-nullable name of the team that you would like to create. In case a team with such name already exists, creation of a new team will be skipped. Under the projectName parameter, provide a string non-nullable name of the project that you would like to create. In case a project with such name already exists, creation of a new project will be skipped.
The endpoint provides the responses with the following HTTP codes:
Response code | Description and examples |
|---|---|
| Returns a project token for an existing project within an existing team:
HTTP/2 200 OK
date: Wed, 24 Sep 2025 10:35:13 GMT
content-type: application/json
x-request-id: vbf3up0ktfm6b25o
vary: Origin
content-length: 178
x-http2-stream-id: 3
{
"projectToken": "{TheProjectTokenValue}"
}
|
| Creates a new team (if applicable) and a new project within the team, generates and returns a project token for a newly created project:
HTTP/2 201 Created
date: Wed, 24 Sep 2025 10:33:37 GMT
content-type: application/json
x-request-id: nrkvy1od9m3ohb9u
vary: Origin
content-length: 178
x-http2-stream-id: 3
{
"projectToken": "{TheProjectTokenValue}"
}
|
| Bad request response returns if the public API is disabled for a specific environment:
HTTP/2 400 Bad Request
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89ztzxra5ptt3vio
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "public_api_disabled",
"details": "Public API is disabled"
}
This returns if the number of projects in the Qodana Cloud organization exceeds 5000:
HTTP/2 400 Bad Request
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89ztzxra5ptt3vio
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "too_many_projects_for_organization",
"details": "Creation of the project failed because of reaching the limit of projects per organization"
}
|
| Unauthorized access occurs if an API token was not provided:
HTTP/2 401 Unauthorized
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89zthxrm5pxt9phi
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "no_auth",
"details": "User is not authorized"
}
|
| Access forbidden. This returns in case the API token is no longer valid:
HTTP/2 403 Forbidden
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89zthxrm5pxt9phi
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "no_permission",
"details": "Invalid organization API token"
}
This returns in case the Qodana Cloud organization cannot use the public API feature:
HTTP/2 403 Forbidden
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89zthxrm5pxt9phi
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "no_permission",
"details": "User has no public_api_create_or_get_project_token permission"
}
|
| Endpoint not found |
| The internal server error returns if a project token could not be created:
HTTP/2 500 Internal Server Error
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89zthxrm5pxt9phi
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "project_token_creation_failed",
"details": "Creation of the project token failed because of an internal error"
}
|
Get a list of organization users
To get a list of users of a specific Qodana Cloud organization in a paginated form, send a GET request using the https://{qodana_cloud_url}/api/v1/public/organizations/users endpoint, for example:
Parameters
You can customize your requests using the following optional parameters.
Parameter | Type | Description |
|---|---|---|
| Integer | Limit the number of users in the returned list |
| Number | Set the offset for the returned list to |
| String | Sort the order. Accepts |
| String | Return a list of entries that contain a specified substring in the |
For example, this request returns ten user entries starting from the second entry only if those contain abc in the email or displayName fields and sorts the selected list in descending order:
Responses
The https://{qodana_cloud_url}/api/v1/public/organizations/users endpoint responds as described in the table:
Response code | Description and examples |
|---|---|
| Returns a list of organization users for a specified Qodana Cloud organization:
HTTP/2 200 OK
date: Wed, 24 Sep 2025 10:39:06 GMT
content-type: application/json
x-request-id: 7vrrlorq2ocrz957
vary: Origin
content-length: 514
x-http2-stream-id: 3
{
"count": 3, // The number of entries retrieved
"next": 3, // The `offset` value to fetch the next chunk of entries
"prev": 0, // The offset from the first entry
"items": [
{
"id": "GoKgG",
"email": "email-address1@example.com",
"displayName": "email-address1@example.com",
"role": "OWNER", // Qodana Cloud role
"isActive": true,
"isSsoManaged": false, // SSO feature is disabled
"invitationId": "G4O3Y" //
},
{
"id": "bvWmV",
"email": "email-address2@example.com",
"displayName": "email-address2@example.com",
"role": "VIEWER",
"isActive": false,
"isSsoManaged": false
},
{
"id": "NG4kY",
"email": "email-address3@example.com",
"displayName": "email-address3@example.com",
"role": "VIEWER",
"isActive": false,
"isSsoManaged": false,
"invitationId": "bLmWV"
}
]
}
|
| The public API is disabled:
HTTP/2 400 Bad Request
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89ztzxra5ptt3vio
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "public_api_disabled",
"details": "Public API is disabled"
}
|
| Unauthorized access occurs if an API token was not provided:
HTTP/2 401 Unauthorized
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89zthxrm5pxt9phi
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "no_auth",
"details": "User is not authorized"
}
|
| Access forbidden. This returns in case an API token is no longer valid:
HTTP/2 403 Forbidden
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89zthxrm5pxt9phi
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "no_permission",
"details": "Invalid organization API token"
}
This returns in case the Qodana Cloud organization cannot use the public API feature:
HTTP/2 403 Forbidden
date: Wed, 24 Sep 2025 10:36:37 GMT
content-type: application/json
x-request-id: 89zthxrm5pxt9phi
vary: Origin
content-length: 67
x-http2-stream-id: 3
{
"name": "no_permission",
"details": "User has no public_api_get_organization_users permission"
}
|
| Endpoint not found |