Qodana 2026.1 Help

Qodana Cloud API

The Qodana Cloud API lets you create teams, projects, obtain a list of Qodana Cloud and Qodana Self-Hosted organization users and Insights data using your build pipelines. This API is available on the Ultimate Plus license. To learn more about available Qodana licenses, visit the Subscription Options and Pricing page. You can also request a demo.

Prerequisites

The Qodana Cloud API requires an organization API token for authentication purposes.

Before using the Qodana Cloud API, make sure that the following requirements were met:

  • To create and manage an organization API token, you should have access to an existing Qodana Cloud organization under the Owner or Admin role.

    To learn how to create organizations, see the Create an organization chapter.

  • Your Qodana Cloud organization is licensed under the Ultimate Plus license of Qodana.

  • To generate an organization API token, use the API token tab of your organization settings. This token should be referred in requests as the $permanent_organization_token authorization header, i.e.:

    -H "Authorization: Bearer $permanent_organization_token"

  • All API request examples provided in this section require that you use either the https://qodana.cloud URL for Qodana Cloud or your custom base URL in case of Qodana Self-Hosted. For simplicity, the Qodana Cloud URL is used.

Teams and projects

Create teams and projects

To create a new team (if applicable) along with a project and get a project token, send the request:

POST https://qodana.cloud/api/v1/public/organizations/projects

Here is the description of the request body:

Parameter

Type

Description

Example value

teamName

String

Non-nullable name of the team to create. If exists, creation will be skipped

My team name

projectName

String

Non-nullable name of the project to create. If exists, creation will be skipped

My project name

The endpoint provides the responses with the following HTTP codes:

Response code

Description and examples

200

Returns a project token for an existing project within an existing team:

HTTP/2 200 OK date: Wed, 24 Sep 2025 10:35:13 GMT content-type: application/json x-request-id: vbf3up0ktfm6b25o vary: Origin content-length: 178 x-http2-stream-id: 3   { "projectToken": "{TheProjectTokenValue}" }

201

Creates a new team (if applicable) and a new project within the team, generates and returns a project token for a newly created project:

HTTP/2 201 Created date: Wed, 24 Sep 2025 10:33:37 GMT content-type: application/json x-request-id: nrkvy1od9m3ohb9u vary: Origin content-length: 178 x-http2-stream-id: 3   { "projectToken": "{TheProjectTokenValue}" }

400

Bad request response returns if the Qodana Cloud API is disabled for a specific environment:

HTTP/2 400 Bad Request date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89ztzxra5ptt3vio vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "PUBLIC_API_DISABLED", "details": "Public API is disabled" }

This returns if the number of projects in the Qodana Cloud organization exceeds 5000:

HTTP/2 400 Bad Request date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89ztzxra5ptt3vio vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "TOO_MANY_PROJECTS_FOR_ORGANIZATION", "details": "Creation of the project failed because of reaching the limit of projects per organization" }

401

Unauthorized access occurs if an API token was not provided:

HTTP/2 401 Unauthorized date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_AUTH", "details": "User is not authorized" }

403

Access forbidden.

This returns in case the API token is no longer valid:

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PERMISSION", "details": "Invalid organization API token" }

This returns in case the Qodana Cloud organization cannot use the Qodana Cloud API feature:

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PERMISSION", "details": "User has no public_api_create_or_get_project_token permission" }

404

Endpoint not found

500

The internal server error returns if a project token could not be created:

HTTP/2 500 Internal Server Error date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "PROJECT_TOKEN_CREATION_FAILED", "details": "Creation of the project token failed because of an internal error" }

Get project metadata by project name

To get project metadata for the default branch of a project, send the request with a Qodana Cloud project name:

GET https://qodana.cloud/api/v1/public/organizations/projects?projectName={projectName}

Here is the description of accepted parameters:

Parameter

Type

Required

Description

Example value

projectName

String

No

Name of the project to retrieve

My Awesome Project

Here is the description of responses:

Response code

Description and examples

200

Returns a JSON object containing project metadata:

HTTP/2 200 OK date: Wed, 24 Sep 2025 10:35:13 GMT content-type: application/json x-request-id: vbf3up0ktfm6b25o vary: Origin content-length: 178 x-http2-stream-id: 3   { "id": "proj_123", "name": "My Awesome Project", "teamId": "team_456", "teamName": "Dev Team A", "defaultBranchName": "main", "latestFullScanReport": { "id": "report_789", "timestamp":"2026-05-28T14:34:52.935342Z", "licenseAudit": { "isPassed": true, "isEnabled": true }, "codeCoverage": { "percentage": 85, "isEnabled": true }, "inspections": [ { "id": "insp_12345", "name": "Security Scan", "severity": "HIGH", "baseline": 10, "actual": 5 } ] } }

400

HTTP/2 400 Bad Request date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89ztzxra5ptt3vio vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "VALIDATION_FAILED", "details": "Invalid projectName: must be a non-empty string." }

401

HTTP/2 401 Unauthorized date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_CREDENTIALS_PROVIDED", "details": "API token is required." }

403

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PERMISSION", "details": "User does not have permission to view projects." }

404

HTTP/2 404 Not Found date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PROJECT", "details": "Project 'nonexistent-project' not found." }

Get project metadata by project ID

Get project metadata by sending a request containing a project ID:

GET https://qodana.cloud/api/v1/public/organizations/projects/{projectID}

You can customize your requests using the following optional parameter:

Parameter

Type

Required

Description

Example value

projectId

String

Yes

ID of the project

proj_123

Here is the description of responses:

Response code

Description and examples

200

Returns a JSON object containing project metadata:

HTTP/2 200 OK date: Wed, 24 Sep 2025 10:35:13 GMT content-type: application/json x-request-id: vbf3up0ktfm6b25o vary: Origin content-length: 178 x-http2-stream-id: 3   { "id": "proj_123", "name": "My Awesome Project", "teamId": "team_456", "teamName": "Dev Team A", "defaultBranchName": "main", "latestFullScanReport": { "id": "report_789", "timestamp":"2026-05-28T14:34:52.935342Z", "licenseAudit": { "isPassed": true, "isEnabled": true }, "codeCoverage": { "percentage": 85, "isEnabled": true }, "inspections": [ { "id": "insp_12345", "name": "Security Scan", "severity": "HIGH", "baseline": 10, "actual": 5 } ] } }

400

HTTP/2 400 Bad Request date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89ztzxra5ptt3vio vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "VALIDATION_FAILED", "details": "Invalid projectId: must be a non-empty string." }

401

HTTP/2 401 Unauthorized date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_CREDENTIALS_PROVIDED", "details": "API token is required." }

403

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PERMISSION", "details": "User does not have permission to view this project." }

404

HTTP/2 404 Not Found date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PROJECT", "details": "Project with ID 'proj_999' not found." }

Users

To list users of a specific Qodana Cloud organization in a paginated form, send the request:

GET https://qodana.cloud/api/v1/public/organizations/users

You can customize your requests using the following optional parameters.

Parameter

Type

Description

limit

Integer

Limit the number of users in the returned list

offset

Number

Set the offset for the returned list to N. For example, 1 means that the list will start from the second user

order

String

Sets the sort order users' email addresses. Accepts DESC for descending order or ASC for ascending order. By default, lists are sorted in ascending order

search

String

Return a list of entries that contain a specified substring in the email or displayName fields

For example, this request returns ten user entries starting from the second entry only if those contain abc in the email or displayName fields and sorts the selected list in descending order:

curl -X GET \ "https://qodana.cloud/api/v1/public/organizations/users?limit=10&offset=1&order=DESC&search=abc" \ -H "Authorization: Bearer $permanent_organization_token"

This endpoint responds as described in the table:

Response code

Description and examples

200

Returns a list of organization users for a specified Qodana Cloud organization:

HTTP/2 200 OK date: Wed, 24 Sep 2025 10:39:06 GMT content-type: application/json x-request-id: 7vrrlorq2ocrz957 vary: Origin content-length: 514 x-http2-stream-id: 3   { "count": 3, // The number of entries retrieved "next": 3, // The `offset` value to fetch the next chunk of entries "prev": 0, // The offset from the first entry "items": [ { "id": "GoKgG", "email": "email-address1@example.com", "displayName": "email-address1@example.com", "role": "OWNER", // Qodana Cloud role "isActive": true, "isSsoManaged": false, // SSO feature is disabled "invitationId": "G4O3Y", "invitationUrl": "https://qodana.cloud/invite/G4O3Y" }, { "id": "bvWmV", "email": "email-address2@example.com", "displayName": "email-address2@example.com", "role": "VIEWER", "isActive": false, "isSsoManaged": false }, { "id": "NG4kY", "email": "email-address3@example.com", "displayName": "email-address3@example.com", "role": "VIEWER", "isActive": false, "isSsoManaged": false, "invitationId": "bLmWV", "invitationUrl": "https://qodana.cloud/invite/bLmWV" } ] }

400

The Qodana Cloud API is disabled:

HTTP/2 400 Bad Request date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89ztzxra5ptt3vio vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "PUBLIC_API_DISABLED", "details": "Public API is disabled" }

401

Unauthorized access occurs if an API token was not provided:

HTTP/2 401 Unauthorized date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_AUTH", "details": "User is not authorized" }

403

Access forbidden.

This returns in case an API token is no longer valid:

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PERMISSION", "details": "Invalid organization API token" }

This returns in case the Qodana Cloud organization cannot use the Qodana Cloud API feature:

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PERMISSION", "details": "User has no public_api_get_organization_users permission" }

Inspections

List all inspections including FlexInspect inspections used by an organization by sending the request:

GET https://qodana.cloud/api/v1/public/organizations/inspections

This endpoint does not provide any parameters.

Here is the description of responses:

Response code

Description and examples

200

Returns a list of inspections:

HTTP/2 200 OK date: Wed, 24 Sep 2025 10:39:06 GMT content-type: application/json x-request-id: 7vrrlorq2ocrz957 vary: Origin content-length: 514 x-http2-stream-id: 3   { "inspections": [ { "id": "insp_12345", "name": "Security Scan" }, { "id": "insp_67890", "name": "Code Quality" } ] }

400

HTTP/2 400 Bad Request date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89ztzxra5ptt3vio vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "VALIDATION_FAILED", "details": "Invalid query parameter." }

401

HTTP/2 401 Unauthorized date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_AUTH", "details": "Authentication required to access inspections." }

403

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PERMISSION", "details": "Invalid organization API token" }

Insights

Project Insights

To retrieve project insights, send the request:

POST https://qodana.cloud/api/v1/public/organizations/project-insights/query

Here is the description of the request body:

Parameter

Type

Required

Description

Example value

includeProjectIds

array[string]

No

List of project IDs to include in the query

["proj_123", "proj_456"]

includeInspectionIds

array[string]

No

List of inspection IDs to include in the query

["insp_123", "insp_456"]

includeTeamIds

array[string]

No

List of team IDs to include in the query

["team_123", "team_456"]

timeRange

object

No

Time range for the query. Contains start and end timestamps

{"start": "2026-01-01T00:00:00Z", "end": "2026-05-12T00:00:00Z"}

Here is the description of responses:

Response code

Description and examples

200

A list of projects with scan data for the given timestamp, where one entry exists for each unique combination of project ID and timestamp. If no time range is specified, entries at the latest timestamp are returned:

HTTP/2 200 OK date: Wed, 24 Sep 2025 10:39:06 GMT content-type: application/json x-request-id: 7vrrlorq2ocrz957 vary: Origin content-length: 514 x-http2-stream-id: 3   { "projects": [ { "id": "proj_123", "name": "My Awesome Project", "teamId": "team_456", "teamName": "Dev Team A", "codeCoverage": { "percentage": 85, "isEnabled": true }, "licenseAudit": { "isPassed": true, "isEnabled": true }, "severityToActualProblems": { "info": 5, "low": 10, "moderate": 3, "high": 1, "critical": 0, "total": 19 }, "severityToBaselineProblems": { "info": 8, "low": 12, "moderate": 5, "high": 2, "critical": 0, "total": 27 }, "timestamp": "2026-05-12T00:00:00Z" } ] }

400

HTTP/2 400 Bad Request date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89ztzxra5ptt3vio vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_FILTER_SELECTION", "details": "At least one filter (includeProjectIds, includeInspectionIds, or includeTeamIds) must be provided." }

401

HTTP/2 401 Unauthorized date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "INVALID_TOKEN", "details": "The provided API token is expired or invalid." }

403

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "FEATURE_NOT_SUPPORTED", "details": "Project insights are not enabled for this organization." }

Inspection Insights

To retrieve inspection insights, send the request:

POST https://qodana.cloud/api/v1/public/organizations/inspection-insights/query

Here is the description of the request body:

Parameter

Type

Required

Description

Example value

includeProjectIds

array[string]

No

List of project IDs to include in the query

["proj_123", "proj_456"]

includeInspectionIds

array[string]

No

List of inspection IDs to include in the query

["insp_123", "insp_456"]

includeTeamIds

array[string]

No

List of team IDs to include in the query

["team_123", "team_456"]

timeRange

object

No

Time range for the query. Contains start and end timestamps

{"start": "2026-01-01T00:00:00Z", "end": "2026-05-12T00:00:00Z"}

Here is the description of responses:

Response code

Description and examples

200

A list of inspections counts, where one entry exists for each unique combination of inspection ID, name, severity, baseline, actual and timestamp. If a time range is specified, entries for 10 equally distant timestamps within the range are returned. If no time range is specified, entries at the latest timestamp are returned.

HTTP/2 200 OK date: Wed, 24 Sep 2025 10:39:06 GMT content-type: application/json x-request-id: 7vrrlorq2ocrz957 vary: Origin content-length: 514 x-http2-stream-id: 3   { "inspections": [ { "id": "insp_12345", "name": "Security Scan", "severity": "HIGH", "baseline": 10, "actual": 5, "timestamp": "2026-05-12T00:00:00Z" }, { "id": "insp_67890", "name": "Code Quality", "severity": "MODERATE", "baseline": 20, "actual": 15, "timestamp": "2026-05-12T00:00:00Z" } ] }

400

HTTP/2 400 Bad Request date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89ztzxra5ptt3vio vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "VALIDATION_FAILED", "details": "Invalid timeRange: 'end' must be after 'start'." }

401

HTTP/2 401 Unauthorized date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_CREDENTIALS_PROVIDED", "details": "Authentication token is missing or invalid." }

403

HTTP/2 403 Forbidden date: Wed, 24 Sep 2025 10:36:37 GMT content-type: application/json x-request-id: 89zthxrm5pxt9phi vary: Origin content-length: 67 x-http2-stream-id: 3   { "name": "NO_PERMISSION", "details": "User does not have permission to query inspection insights." }
03 June 2026
Structural search