Skip to main content


Sonatype REST APIs

Using REST API calls, the IQ Server provides functionality to create and update applications, as well as retrieve values for policy violations.

These APIs have been designed for system-to-system functionality; however, examples are provided using the HTTP client cURL. Following along, you can initiate the described API REST request via the command line tool.

While most of our examples for using REST APIs demonstrate referencing components/packages in the Maven format, Sonatype IQ Server also supports several other formats. For more information, go to Referencing Package URL (purl) and Component Identifiers

REST APIs Versioning

Sonatype REST APIs are versioned. This page represents the most recent version. If you plan to use any of these, we highly recommend updating to the latest version of the IQ Server to ensure compatibility.

Security Threats Associated with REST APIs

Consider taking appropriate measures to prevent security issues such as Injection and Cross-Site Scripting (XSS) when using the responses of the APIs.

API Rate Limits for SaaS Environments

To ensure optimal utilization of resources and prevent performance degradation, the REST API usage in Sonatype SaaS offerings is subject to rate limiting.

API requests rate limits:1,500 per IP per 5-minute period

When rate limits are exceeded, the SaaS service will return a 429 error code with the following message:

Rate limit exceeded. Please wait 5 minutes. If this is a recurring issue please reach out to your administrator or contact your Sonatype support representative.