REST APIs
Sonatype REST APIs
Using REST API calls, Sonatype IQ Server provides functionality to create and update applications, as well as retrieve values for policy violations.
These APIs have been designed for system-to-system functionality; however, examples are provided using the HTTP client cURL. Following along, you can initiate the described API REST request via the command line tool.
While most of our examples for using REST APIs demonstrate referencing components/packages in the Maven format, Sonatype IQ Server also supports several other formats. For more information, go to Referencing Package URL (purl) and Component Identifiers.
REST APIs Versioning
Sonatype REST APIs are versioned. This page represents the most recent version. If you plan to use any of these, we highly recommend updating to the latest version of the IQ Server to ensure compatibility.
Security Threats associated with REST APIs
Consider taking appropriate measures to prevent security issues such as Injection and Cross-Site Scripting (XSS) when using the responses of the APIs.
API Rate Limits for SaaS Environments
To ensure optimal utilization of resources and prevent performance degradation, the REST API usage in Sonatype SaaS offerings is subject to rate limiting.
API requests rate limits: 1,500 per IP per 5 minute period
When rate limits are exceeded, Sonatype IQ Server will return a 429 error code with the following message:
Rate limit exceeded. Please wait 5 minutes. If this is a recurring issue please reach out to your administrator or contact your Sonatype support representative.
Available APIs:
- Accessing REST APIs via Reverse Proxy Authentication
- Advanced Search REST API - v2
- Application Categories REST API - v2
- Application REST API - v2
- Atlassian Crowd REST API - v2
- Authorization Configuration (aka Role Membership) REST API - v2
- Component Claim REST API - v2
- Component Details REST API - v2
- Component Evaluation REST APIs - v2
- Component Labels REST API - v2
- Component Remediation REST API - v2
- Component Search REST APIs - v2
- Components in Quarantine REST API - v2
- Component Versions REST API - v2
- Configuration REST API - v2
- Cross-Stage Policy Violation REST API - v2
- CycloneDx REST API - v2
- Data Retention Policy REST API - v2
- Experimental - Repository Results View REST API
- Experimental - Vulnerability Analysis Details (VEX) REST API
- Feature Configuration REST API - v2
- Firewall REST API - v2
- HTTP Proxy Server Configuration REST API - v2
- JIRA Configuration REST API - v2
- License Legal REST API - v2
- Mail REST API - v2
- Manifest Evaluation REST API - v2
- Organizations REST API - v2
- Policy Violation REST API - v2
- Policy Waiver REST API - v2
- Product License REST API - v2
- Promote Scan REST API - v2
- Release Component from Quarantine REST API - v2
- Report-related REST APIs - v2
- Reverse Proxy Authentication Configuration REST API - v2
- Role REST API - v2
- SAML REST API - v2
- Security Vulnerability Override API - v2
- Source Control Configuration REST API - v2
- Source Control Evaluation REST API - v2
- Source Control REST API - v2
- SPDX REST API - v2
- Success Metrics Data REST API - v2
- Third-Party Scan REST API - v2
- User REST API - v2
- User Token REST API - v2
- Vulnerability Custom Attributes REST API - experimental
- Vulnerability Details REST API - v2
- Vulnerability Group REST API - experimental