LogoLogo
API DocumentationIntegrationsPlexTrac.com
  • Product Documentation
    • Using This Site
    • Security Advisories
    • Deployment and Maintenance Policy
    • Supported Applications
  • PlexTrac Modules
    • Dashboard
    • Clients
      • Clients Components
      • Creating a Client
      • Managing Clients
      • Managing Client Users
      • Adding Assets to a Client
      • Managing Assets
    • Schedule
      • Schedule Components
      • Creating an Engagement
      • Requesting an Engagement
      • Managing Engagements
      • Engagement Status
    • Assessments
      • Assessment Components
      • Managing Questionnaires
      • Starting an Assessment
      • Taking an Assessment
      • Reviewing an Assessment
      • Submitting an Assessment
    • Reports
      • Report Components
      • Creating a Report
      • Adding from NarrativesDB
      • Editing a Report
      • Using Short Codes in Reports
      • Findings
        • Creating a Finding
        • Collaborative Editing
        • Importing Findings from a File
        • CSV Findings Templates
          • Using Report Findings CSV Template
        • Importing Findings via an Integration
        • Importing Findings from WriteupsDB
        • Finding Status
        • Creating Jira Tickets
        • CVSS Scoring
        • Affected Assets
      • Importing a Report
      • Exporting a Report
    • Priorities
      • Priorities Components
      • Creating a Priority
      • Linking Findings and Assets
      • Managing Priorities
      • Priorities Metrics
    • Content Library
      • Types of Repositories
      • NarrativesDB
        • NarrativesDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Managing Sections
        • Creating a Section
      • WriteupsDB
        • WriteupsDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Writeup
        • Copying a Writeup
        • Adding to a Report
        • Importing via CSV Template
      • RunbooksDB
        • RunbooksDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Procedure
        • Creating a Technique
        • Creating a Tactic
        • Creating a Methodology
    • Analytics
      • Findings
      • Assets
      • Runbooks
      • Trends & SLAs
    • Runbooks
      • Managing Engagements
        • Starting an Engagement
        • Submitting an Engagement
      • Managing Test Plans
        • Creating a Test Plan
        • Exporting a Test Plan
  • Tenant Management
    • Account Management
      • Profile (Personal Settings)
        • Managing User Profile
        • Managing Password
        • Setting Up Two-Factor Authentication
      • Account Admin
        • Tenant Settings
          • Account Information
          • General Settings
          • Email Settings
          • Tags Settings
          • Service-Level Agreements (SLAs)
          • Short Codes
        • Customizations
          • Layouts
          • Templates
            • Report Templates
            • Export Templates
            • Style Guides
          • Theme
        • Automations
          • Risk Scoring
            • Creating Equations
            • Managing Priority Equations
          • Parser Actions
        • Integrations & Webhooks
          • Integrations (API)
            • Cobalt
            • Edgescan
            • HackerOne
            • Jira
            • ServiceNow
            • Tenable Vulnerability Management
            • Tenable Security Center
          • Webhooks
        • Security & User Management
          • Audit Log
          • Security
            • Authentication Methods
              • OAuth/OpenID Setup
                • Microsoft Entra ID
                • Google OAuth
                • Okta
                • OpenID Connect
              • SAML Setup
            • General Authentication Settings
            • Authorization
            • Role Based Access (RBAC)
              • Custom Roles
            • Classification Tiers
          • Users
            • Adding Users
            • Managing Users
        • Licensing
          • Licensing
          • Priorities
          • Plex AI
            • Using AI
        • White Labeling
      • Help Center
      • Logout
    • Integrations and File Imports
      • Acunetix
      • BlindSPOT
      • Burp Suite
      • Checkmarx
      • Core Impact
      • HCL AppScan
      • Invicti
      • Nessus
      • Nexpose
      • Nipper
      • Nmap (Assets)
      • Nmap Vulners NSE
      • Nodeware
      • NodeZero
      • OpenVAS
      • OWASP ZAP
      • Pentera
      • Qualys (VM Parser)
      • Qualys (Web App Scanner)
      • RapidFire
      • Scythe
      • Veracode
  • API Documentation
    • Overview
    • Concept Definitions
    • Getting Started
    • Retrieving Parameter IDs
    • Object Structures
      • Client Object
      • Report Object
      • Finding Object
      • Asset Object
      • Evidence Object
    • Use Cases
    • API Change Policy
      • API Change Log
    • Webhooks
      • Webhook Payload Structure
      • Verifying Sender Requests
Powered by GitBook

Resources

  • Privacy Policy
  • Terms of Use
  • Vulnerability Policy

© 2025 PlexTrac, Inc. All rights reserved.

On this page
  • Deprecations
  • Additional Information By Release
  • Breaking Changes
  • Additional Information By Release

Was this helpful?

Export as PDF
  1. API Documentation
  2. API Change Policy

API Change Log

The page shows which endpoints will be impacted, providing ample time and warning for affected users to transition to an alternative solution. Users may need to update their code, adjust settings, or search for a different endpoint. Staying up-to-date with API changes is essential to ensure the proper functioning of applications.

  • Deprecation refers to the process of phasing out or discontinuing an API. PlexTrac will no longer support it, even though it may still be operational.

  • Sunsetting means that the API will be removed and not function.

  • Breaking Changes are modifications that render current solutions ineffective, causing existing code or integrations to fail or produce incorrect results, even if the endpoint itself is not changing.

Deprecations

The following table serves as a quick reference guide to all the changes made, offering a concise summary for easy navigation. Each entry is designed to provide a snapshot of the modifications, enabling users to grasp the key points quickly.

After the table, expandable sections divided by release are included for those seeking more in-depth information. By clicking on these sections, users can access detailed explanations, context, and additional insights related to each change.

APIs below will be removed from the codebase on the posted Sunset Date.

API
Route
Deprecation Date
Sunset Date - Release

GET /api/v1/clients/analytics/export

April 6, 2023 - 1.51

GET /api/v1/flaws

April 6, 2023 - 1.51

Get Client Flaws

GET /api/v1/client/{clientID}/topFlaws

April 6, 2023 - 1.51

Get Multiple Client Flaws

POST /api/v1/clients/topFlaws

April 6, 2023 - 1.51

GET /api/v1/clients/findings

April 6, 2023 - 1.51

Get Analytics Bootstrap Findings

GET /api/v1/clients/analytics/bootstrap

May 8, 2023 - 1.53

GET /api/v1/client/{clientID}/analytics/flaws/aging

February 24, 2023

May 30, 2023 - 1.54

GET /api/v1/client/{clientID}/analytics/flaws/{status}

February 24, 2023

May 30, 2023 - 1.54

GET /api/v1/tenant/analytics

February 24, 2023

May 30, 2023 - 1.54

GET /api/v1/tenant/analytics/findings/{status}

February 24, 2023

May 30, 2023 - 1.54

GET /api/v1/client/{clientID}/analytics

February 24, 2023

May 30, 2023 - 1.54

Retrieve Analytics Assets - Suggestion

POST /api/v2/clients/analytics/assets/suggestion

June 7, 2023

September 13, 2023 - 1.59

Import Client Assets v1

POST /api/v1/client/{clientId}/assets/import/{{source}}

August 15, 2022

November 7, 2023 - 1.61

Get Affected Assets by Finding

GET/api/v2/clients/{clientId}/reports/{reportId}/flaws/{flawId}/affected_assets

October 18, 2023

January 2, 2024 - 2.0

Add Findings from File Imports

POST /api/v1/client/{clientId}/report/{reportId}/import/{source}

October 31, 2023

February 21, 2024 - 2.2

Bulk Get Evidence

POST /api/v2/tenant/{{tenantId}}/client/{{clientId}}/report/{{reportId}}/finding/{{findingId}}/asset/evidence

November 27, 2023

January 30, 2024 - 2.1

List Client Assets

GET /api/v1/client/{clientID}/assets

September 13, 2024

December 3, 2024 - 2.12

Create Jira Ticket from Finding

POST /api/v1/client/{clientID}/report/{reportID}/flaw/{flawID}/createAndLinkJiraTicket

October 28, 2024

January 28, 2025 - 2.14

POST /api/v2/client/{clientId}/report/{reportId}/findings/createJiraTickets

October 28, 2024

January 28, 2025 - 2.14

Additional Information By Release

Release 1.53 - May 8, 2023

Deprecated endpoint name: Get Analytics Bootstrap Findings - GET /api/v1/clients/analytics/bootstrap

Context: Deprecating legacy bootstrap implementation of analytics.

Replacement: none

Release 1.51 - April 6, 2023

Deprecated endpoint name: GET /api/v1/clients/analytics/export

Context: The legacy endpoint had poor performance and was no longer used by the PlexTrac frontend.

Replacement: none

-----

Deprecated endpoint name: GET /api/v1/flaws

Context: This endpoint was returning an empty array with no data.

Replacement:

These replacements provide similar functionality but don't retrieve all findings across an instance.

-----

Deprecated endpoint name: Get Client Flaws - GET /api/v1/client/{clientID}/topFlaws

Context: Deprecated in favor of v2 endpoint with similar functionality and better data fetching performance.

Replacement:

-----

Deprecated endpoint name: Get Multiple Client Flaws - POST /api/v1/clients/topFlaws

Context: Deprecated in favor of v2 endpoint with similar functionality and better data fetching performance.

Replacement:

-----

Deprecated endpoint name: GET /api/v1/clients/findings

Context: The v1 endpoint returned finding information for all clients across the tenant. This resulted in poor performance and was deprecated in favor of data segmentation by client to improve performance.

Replacement:

The replacement provides similar functionality but doesn't retrieve all findings across an instance.

Release 1.54 - May 30, 2023

Deprecated endpoint name: GET /api/v1/client/{clientID}/analytics

Context: Removing functionality to get data for a single client in favor of the more performant way of getting all data simultaneously.

Replacement:

  • POST /api/v1/clients/analytics

-----

Deprecated endpoint name: GET /api/v1/tenant/analytics/findings/{status}

Context: Deprecating legacy implementation of analytics.

Replacement:

  • GET /api/v2/tenant/analytics/findings/{status}

-----

Deprecated endpoint name: GET /api/v1/tenant/analytics

Context: Deprecating legacy implementation of analytics.

Replacement:

  • GET /api/v2/tenant/analytics

-----

Deprecated endpoint name: GET /api/v1/client/{clientID}/analytics/flaws/{status}

Context: Deprecating legacy implementation of analytics.

Replacement:

  • GET /api/v2/tenant/analytics/findings/{status}

-----

Deprecated endpoint name: GET /api/v1/client/{clientID}/analytics/flaws/aging

Context: Deprecating legacy implementation of analytics.

Replacement: none

Release 1.59 - September 13, 2023

Deprecated endpoint name: Retrieve Analytics Assets - Suggestion - POST /api/v2/clients/analytics/assets/suggestion

Context: Deprecating legacy implementation of analytics.

Replacement: none

Release 1.61 - November 7, 2023

Deprecated endpoint name: Import Client Assets v1 - POST /api/v1/client/{clientId}/assets/import/{source}

Context: This endpoint has been marked as deprecated in our Postman docs since adding the v2 endpoint with the same functionality, but was not planned for immediate removal.

Release 2.0 - January 2, 2023

Deprecated endpoint name: Get Affected Assets by Finding - GET/api/v2/clients/{clientId}/reports/{reportId}/flaws/{flawId}/affected_assets

Context: This endpoint returns a subset of the finding information regarding the affected assets. In order to minimize the number of endpoints we have to maintained, this is being deprecated in favor of using the endpoint that retrieves the entire finding, including the affected asset information from this endpoint.

Release 2.1 - January 30, 2023

Context: A bug in evidence handling was identified where the same evidence could be linked to multiple affected assets, leading to unintended modifications. As a result, the endpoint will be deprecated due to changes in the response, which now includes duplicate data for certain evidence objects. Acknowledging this modification and adjusting implementations accordingly before the endpoint is sunset is crucial.

Overview of Changes

Important: The response will change and contain seemingly duplicate evidence entries in version 1.62. The endpoint will be removed in version 1.63.

Release 2.2 - February 21, 2024

Context: This endpoint has a V2 that was created to fix performance issues. The V2 endpoint does not leave the HTTP request open throughout the entire import process, removing the possibility that the request could fail due to timeout errors on larger imports.

The V1 endpoint will be removed in favor of the V2 endpoint. Please read the differences between endpoints! Updating to the V2 endpoint is not as simple as replacing the route.

Release 2.12 - December 3, 2024

Context: This endpoint is being removed as it returns an unpaginated list of assets that can be very large and result in database errors.

Replacements: Depending on the need, the following could be used to retrieve assets:

  • - no child asset information

Release 2.14 - January 28, 2025

Context: The Jira integration has been updated to follow a new integration framework pattern. This includes a new set of API endpoints that will follow the pattern for all future integrations.


Context: The Jira integration has been updated to follow a new integration framework pattern. This includes a new set of API endpoints that will follow the pattern for all future integrations.

Breaking Changes

This section includes modifications in an API update incompatible with the previous version, potentially causing existing code or integrations to fail. Breaking changes can involve the removal of functionality, modification of behavior, changes in response structure or input requirements, and altering data types or values.

The following table serves as a quick reference guide to all the changes made, offering a concise summary for easy navigation. Each entry is designed to provide a snapshot of the modifications, enabling users to grasp the key points quickly.

After the table, expandable sections divided by release are included for those seeking more in-depth information. By clicking on these sections, users can access detailed explanations, context, and additional insights related to each change.

API
Route
Change
Change Date - Release

Get Security Role

GET /api/v2/tenants/{tenantId}/security/role/{roleId}

Update RBAC ID Values

August 21, 2023 - 1.58

Update Security Role Info

PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/info

Update RBAC ID Values

August 21, 2023 - 1.58

Update Security Role Permission

PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/permissions

Update RBAC ID Values

August 21, 2023 - 1.58

Add Role User

PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/users

Update RBAC ID Values

August 21, 2023 - 1.58

Remove Role User

DELETE /api/v2/tenants/{tenantId}/security/role/{roleId}/users/{userId}

Update RBAC ID Values

August 21, 2023 - 1.58

Delete Security Role

DELETE /api/v2/tenants/{tenantId}/security/role/{roleId}

Update RBAC ID Values

August 21, 2023 - 1.58

Get Finding

GET /api/v1/client/{{clientId}}/report/{{reportId}}/flaw/{{findingId}}

Decouple Finding/Assets

November 7, 2023 - 1.61

Additional Information By Release

Decouple Finding/Assets - November 7, 2023

Summary: This change has been carefully designed to enhance your experience by speeding up the delivery of a more concise data set. We are proactively contacting you to ensure that there will be no data disruption on your account.

Details:

Get Finding API Functionality: The Get Finding endpoint returns the finding information about the finding and related affected assets. The standard use case for this endpoint is to gather data relevant to the finding of the findingId specified in the request. Currently, the returned affected asset information also references relational data to other findings not specified in the request.

What's changing: This update modifies the data that will be returned using the Get Finding endpoint. We have increased performance and security by maintaining the findings and related assets and excluding the third level of data (data for every other finding related to each affected asset in the requested finding) in the returned data set. If you were using the Get Finding endpoint to access these findings related to an asset, please see the recommended routes below.

Impacted Endpoints:

Update RBAC ID Values - August 21, 2023

Summary: Replaces the randomly generated roleID with set values.

Details: Currently, the admin, standard, and analyst roleID are randomly generated when the tenancy is created. In the future, this will be a standard set value. Users must locate all occurrences of this variable and update the endpoint.

For example, with the admin role, change /api/v2/tenants/0/security/role/cl75q1auk00040yoff389h206 (random roleID value) to /api/v2/tenants/0/security/role/cljhc9ggj000008l99gkyai90 (the new standard value).

Release 1.58 will implement this modification, supporting the legacy and the new solution. Release 1.59 will no longer provide support for the legacy method.

The new set ID values for each default RBAC role are listed below.

  • ADMIN: cljhc9ggj000008l99gkyai90

  • STD_USER: cljhc9rvn000208l9g4lpai54

  • ANALYST: cljhc9yh1000308l9ar7j8mux

Impacted Endpoints:

  • GET /api/v2/tenants/{tenantId}/security/role/{roleId}

  • PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/info

  • PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/permissions

  • /api/v2/tenants/{tenantId}/security/role/{roleId}/users

  • DELETE /api/v2/tenants/{tenantId}/security/role/{roleId}/users/{userId}

  • DELETE /api/v2/tenants/{tenantId}/security/role/{roleId}

PreviousAPI Change PolicyNextWebhooks

Last updated 6 months ago

Was this helpful?

- POST /api/v2/clients/{clientId}/reports/{reportId}/findings

- POST /api/v2/client/{clientId}/findings

- POST /api/v2/client/{clientId}/findings

- POST /api/v2/client/{clientId}/findings

- POST /api/v2/client/{clientId}/findings

Replacement: - POST /api/v2/client/{clientId}/assets/import/{source}

Replacement: - GET /api/v1/client/{clientId}/report/{reportId}/flaw/{findingId}

Deprecated endpoint name: - POST /api/v2/tenant/{{tenantId}}/client/{{clientId}}/report/{{reportId}}/finding/{{findingId}}/asset/evidence

Replacement: - GET /api/v1/client/{{clientId}}/report/{{reportId}}/flaw/{{findingId}}/asset/{{assetId}}/scanoutput

Deprecated endpoint name: - POST /api/v1/client/{clientId}/report/{reportId}/import/{source}

vs

Replacement: - POST /api/v2/client/{clientId}/report/{reportId}/importAsync/{source}

Deprecated endpoint name: - GET /api/v1/client/{clientID}/assets

(all assets) + full related finding information

(client-specific assets) - only has a count of related findings with no finding information - no child assets information

(report-specific assets) + full related finding information and count of related findings + includes child asset information

Deprecated endpoint name: - POST /api/v1/client/{clientId}/report/{reportId}/flaw/{findingId}/createAndLinkJiraTicket

Replacements:

Deprecated endpoint name: - POST /api/v2/client/{clientId}/report/{reportId}/findings/createJiraTickets

Replacements:

Routes for Accessing Findings Related to an Asset: We understand that you might have specific requirements for other data needed. To address this, we have existing designated routes to get you access to findings related to an asset. The route will retrieve a single record, or for multiple records in a single request, use the route.

- GET /api/v1/client/{{clientId}}/report/{{reportId}}/flaw/{{findingId}}

Get Findings by Report
List Client Findings
List Client Findings
List Client Findings
List Client Findings
Import Client Assets v2
Get Finding
Bulk Get Evidence
Get Scanner Output
Add Findings from File Imports V1
Overview of Changes
V1 Description
V2 Description
Add Findings from File Imports V2
List Client Assets
Get Tenant Assets
Get Assets by Client
List Report Assets
Create and Link Jira Ticket to Finding
Create Jira Ticket from Findings
Bulk Create and Link Jira Tickets to Findings
Create Jira Ticket from Findings
Get Asset
List Client Assets
Get Finding