Do I need an AI API key for Open Code Review?

For L1 and local scans, no — Ollama runs locally for free. For L3 Deep Scan and heal, you need an API key from one of 8 supported providers. GLM (智谱) is completely free.

What is Detect & Heal in Open Code Review?

OCR's core differentiator: 'ocr scan' detects AI-specific issues, 'ocr heal' auto-fixes them. Other tools just tell you what's wrong — OCR fixes it for you with AI-generated patches.

What programming languages does Open Code Review support?

TypeScript, JavaScript, Python, Java, Go, Kotlin, and Rust. Each language has its own AI-specific defect detector for hallucinated packages, broken patterns, and deprecated APIs.

How is Open Code Review different from ESLint or SonarQube?

ESLint checks code style and SonarQube finds traditional bugs. Open Code Review detects AI-specific issues (hallucinated packages, phantom dependencies, stale APIs) that traditional tools miss, and auto-fixes them with AI.

REST API Reference

v1 · Last updated: 2026-03-24

The Open Code Review Cloud API lets you manage licenses, submit code scans, and retrieve reports programmatically. All responses are JSON.

#Authentication

Most endpoints require a Bearer token. Obtain one via /api/auth/login, then include it in your request headers:

http

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Security Note

Never expose tokens in client-side code. Use environment variables or a secret manager. Tokens expire after 24 hours.

#Base URL

text

https://cloud.opencodereview.com

All endpoint paths are relative to this base URL.

#Rate Limits

API requests are rate-limited. Exceeding the limit returns HTTP 429 with a Retry-After header.

Plan	Rate	Daily	Scans
Free	60 requests/min	1,000/day	10 scans/day
Team	300 requests/min	10,000/day	100 scans/day
Enterprise	Custom	Custom	Unlimited

Responses include X-RateLimit-Remaining and X-RateLimit-Reset headers.

#Authentication

#Licenses

#Scans

#Reports

#Users

#Usage

#Error Codes

All error responses follow a consistent format:

json

{
  "error": {
    "code": 401,
    "message": "Invalid or expired access token",
    "details": null
  }
}

Code	Name	Description
400	Bad Request	Invalid request body or parameters
401	Unauthorized	Missing or invalid access token
403	Forbidden	Insufficient permissions for this action
404	Not Found	Resource not found
409	Conflict	Resource already exists (e.g., duplicate email)
429	Too Many Requests	Rate limit exceeded. Retry after the Retry-After header value.
500	Internal Error	Unexpected server error

#SDK Quick Start

Quick examples in popular languages to get you started.

JSNode.js / TypeScript

typescript

const res = await fetch('https://cloud.opencodereview.com/api/scans', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.OCR_TOKEN}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    repositoryUrl: 'https://github.com/your/repo',
    level: 'l3',
  }),
});

const scan = await res.json();
console.log('Scan ID:', scan.id);

PyPython

python

import requests, os

resp = requests.post(
    "https://cloud.opencodereview.com/api/scans",
    headers={"Authorization": f"Bearer {os.environ['OCR_TOKEN']}"},
    json={
        "repositoryUrl": "https://github.com/your/repo",
        "level": "l3",
    },
)

scan = resp.json()
print(f"Scan ID: {scan['id']}")

$cURL

shell

# Submit a scan
curl -X POST https://cloud.opencodereview.com/api/scans \
  -H "Authorization: Bearer $OCR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"repositoryUrl":"https://github.com/your/repo","level":"l3"}'

# Poll for results
curl https://cloud.opencodereview.com/api/scans/scan_abc123 \
  -H "Authorization: Bearer $OCR_TOKEN"

REST API Reference

#Authentication

#Base URL

#Rate Limits

#Authentication

#Licenses

#Scans

#Reports

#Users

#Usage

#Error Codes

#SDK Quick Start

JSNode.js / TypeScript

PyPython

$cURL

Ready to get started?