Links

API Change Log

Users can view which endpoints will be impacted on the page to provide ample time and warning for affected users to transition to an alternative solution. Users may need to update their code, adjust settings, or search for a different endpoint. Staying up-to-date with API changes is essential to ensure the proper functioning of applications.
  • Deprecation refers to the process of phasing out or discontinuing an API. This means that the API will no longer be supported by PlexTrac, even though it may still be operational.
  • Sunsetting means that the API will be removed and not function.
  • Breaking Changes are modifications that render current solutions ineffective, causing existing code or integrations to fail or produce incorrect results, even if the endpoint itself is not changing.

Deprecations

These APIs will be removed from the codebase on the posted Sunset Date. Additional details for each API can be found in the summary table below.
API
Route
Deprecation Date
Sunset Date - Release
GET /api/v1/clients/analytics/export
April 6, 2023 - 1.51
GET /api/v1/flaws
April 6, 2023 - 1.51
Get Client Flaws
GET /api/v1/client/{clientID}/topFlaws
April 6, 2023 - 1.51
Get Multiple Client Flaws
POST /api/v1/clients/topFlaws
April 6, 2023 - 1.51
GET /api/v1/clients/findings
April 6, 2023 - 1.51
Get Analytics Bootstrap Findings
GET /api/v1/clients/analytics/bootstrap
May 8, 2023 - 1.53
GET /api/v1/client/{clientID}/analytics/flaws/aging
February 24, 2023
May 30, 2023 - 1.54
GET /api/v1/client/{clientID}/analytics/flaws/{status}
February 24, 2023
May 30, 2023 - 1.54
GET /api/v1/tenant/analytics
February 24, 2023
May 30, 2023 - 1.54
GET /api/v1/tenant/analytics/findings/{status}
February 24, 2023
May 30, 2023 - 1.54
GET /api/v1/client/{clientID}/analytics
February 24, 2023
May 30, 2023 - 1.54
Retrieve Analytics Assets - Suggestion
POST /api/v2/clients/analytics/assets/suggestion
June 7, 2023
September 13, 2023 - 1.59
Import Client Assets v1
POST /api/v1/client/{clientId}/assets/import/{{source}}
August 15, 2022
November 7, 2023 - 1.61
Get Affected Assets by Finding
GET/api/v2/clients/{clientId}/reports/{reportId}/flaws/{flawId}/affected_assets
October 18, 2023
January 2, 2024 - 2.0*
Add Findings from File Imports
POST /api/v1/client/{clientId}/report/{reportId}/import/{source}
October 31, 2023
February 21, 2024 - 2.2
Bulk Get Evidence
POST /api/v2/tenant/{{tenantId}}/client/{{clientId}}/report/{{reportId}}/finding/{{findingId}}/asset/evidence
November 27, 2023
January 30, 2024 - 2.1
*The 2.0 release will be rolled out in multiple phases. Cloud-hosted instances will begin on November 29th and continue through December, while on-premise customers will have access on January 2nd.
Release 1.51 - April 6, 2023
Deprecated endpoint name: GET /api/v1/clients/analytics/export
Context: The legacy endpoint had poor performance and was no longer used by the PlexTrac frontend.
Replacement: none
-----
Deprecated endpoint name: GET /api/v1/flaws
Context: This endpoint was returning an empty array with no data.
Replacement:
These replacements provide similar functionality but don't retrieve all findings across an instance.
-----
Deprecated endpoint name: Get Client Flaws - GET /api/v1/client/{clientID}/topFlaws
Context: Deprecated in favor of v2 endpoint with similar functionality and better data fetching performance.
Replacement:
-----
Deprecated endpoint name: Get Multiple Client Flaws - POST /api/v1/clients/topFlaws
Context: Deprecated in favor of v2 endpoint with similar functionality and better data fetching performance.
Replacement:
-----
Deprecated endpoint name: GET /api/v1/clients/findings
Context: The v1 endpoint returned finding information for all clients across the tenant. This resulted in poor performance and was deprecated in favor of data segmentation by client to improve performance.
Replacement:
The replacement provides similar functionality but doesn't retrieve all findings across an instance.
Release 1.53 - May 8, 2023
Deprecated endpoint name: Get Analytics Bootstrap Findings - GET /api/v1/clients/analytics/bootstrap
Context: Deprecating legacy bootstrap implementation of analytics.
Replacement: none
Release 1.54 - May 30, 2023
Deprecated endpoint name: GET /api/v1/client/{clientID}/analytics
Context: Removing functionality to get data for a single client in favor of the more performant way of getting all data simultaneously.
Replacement:
  • POST /api/v1/clients/analytics
-----
Deprecated endpoint name: GET /api/v1/tenant/analytics/findings/{status}
Context: Deprecating legacy implementation of analytics.
Replacement:
  • GET /api/v2/tenant/analytics/findings/{status}
-----
Deprecated endpoint name: GET /api/v1/tenant/analytics
Context: Deprecating legacy implementation of analytics.
Replacement:
  • GET /api/v2/tenant/analytics
-----
Deprecated endpoint name: GET /api/v1/client/{clientID}/analytics/flaws/{status}
Context: Deprecating legacy implementation of analytics.
Replacement:
  • GET /api/v2/tenant/analytics/findings/{status}
-----
Deprecated endpoint name: GET /api/v1/client/{clientID}/analytics/flaws/aging
Context: Deprecating legacy implementation of analytics.
Replacement: none
Release 1.59 - September 13, 2023
Deprecated endpoint name: Retrieve Analytics Assets - Suggestion - POST /api/v2/clients/analytics/assets/suggestion
Context: Deprecating legacy implementation of analytics.
Replacement: none
Release 1.61 - November 7, 2023
Deprecated endpoint name: Import Client Assets v1 - POST /api/v1/client/{clientId}/assets/import/{source}
Context: This endpoint has been marked as deprecated in our Postman docs since adding the v2 endpoint with the same functionality, but was not planned for immediate removal.
Replacement: Import Client Assets v2 - POST /api/v2/client/{clientId}/assets/import/{source}
Release 2.0 - January 2, 2023*
Deprecated endpoint name: Get Affected Assets by Finding - GET/api/v2/clients/{clientId}/reports/{reportId}/flaws/{flawId}/affected_assets
Context: This endpoint returns a subset of the finding information regarding the affected assets. In order to minimize the number of endpoints we have to maintained, this is being deprecated in favor of using the endpoint that retrieves the entire finding, including the affected asset information from this endpoint.
Replacement: Get Finding - GET /api/v1/client/{clientId}/report/{reportId}/flaw/{findingId}
Release 2.1 - January 30, 2023
Deprecated endpoint name: Bulk Get Evidence - POST /api/v2/tenant/{{tenantId}}/client/{{clientId}}/report/{{reportId}}/finding/{{findingId}}/asset/evidence
Context: A bug in evidence handling was identified where the same evidence could be linked to multiple affected assets, leading to unintended modifications. As a result, the endpoint will be deprecated due to changes in the response, which now includes duplicate data for certain evidence objects. Acknowledging this modification and adjusting implementations accordingly before the endpoint is sunset is crucial.
Overview of Changes
Important: The response will change and contain seemingly duplicate evidence entries in version 1.62. The endpoint will be removed in version 1.63.
Replacement: Get Scanner Output - GET /api/v1/client/{{clientId}}/report/{{reportId}}/flaw/{{findingId}}/asset/{{assetId}}/scanoutput
Release 2.2 - February 21, 2024
Deprecated endpoint name: Add Findings from File Imports V1 - POST /api/v1/client/{clientId}/report/{reportId}/import/{source}
Context: There is a V2 for this endpoint that was created to fix performance issues. The V2 endpoint does not leave the HTTP request open through the entire import process, removing the possibility for the request to fail due to timeout errors on larger imports.
The V1 endpoint will be removed in favor of the V2 endpoint. Please read the differences between endpoints! Updating to the V2 endpoint is not as simple as replacing the route.
Replacement: Add Findings from File Imports V2 - POST /api/v2/client/{clientId}/report/{reportId}/importAsync/{source}

Breaking Changes

This section includes modifications in an API update incompatible with the previous version, potentially causing existing code or integrations to fail. Breaking changes can involve the removal of functionality, modification of behavior, changes in response structure or input requirements, and altering data types or values.
API
Route
Change
Change Date - Release
Get Security Role
GET /api/v2/tenants/{tenantId}/security/role/{roleId}
Update RBAC ID Values
August 21, 2023 - 1.58
Update Security Role Info
PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/info
Update RBAC ID Values
August 21, 2023 - 1.58
Update Security Role Permission
PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/permissions
Update RBAC ID Values
August 21, 2023 - 1.58
Add Role User
PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/users
Update RBAC ID Values
August 21, 2023 - 1.58
Remove Role User
DELETE /api/v2/tenants/{tenantId}/security/role/{roleId}/users/{userId}
Update RBAC ID Values
August 21, 2023 - 1.58
Delete Security Role
DELETE /api/v2/tenants/{tenantId}/security/role/{roleId}
Update RBAC ID Values
August 21, 2023 - 1.58
Get Finding
GET /api/v1/client/{{clientId}}/report/{{reportId}}/flaw/{{findingId}}
Decouple Finding/Assets
November 7, 2023 - 1.61
Update RBAC ID Values - August 21, 2023
Summary: Replaces the randomly generated roleID with set values.
Details: Currently, the admin, standard, and analyst roleID are randomly generated when the tenancy is created. In the future, this will be a standard set value. Users must locate all occurrences of this variable and update the endpoint.
For example, with the admin role, change /api/v2/tenants/0/security/role/cl75q1auk00040yoff389h206 (random roleID value) to /api/v2/tenants/0/security/role/cljhc9ggj000008l99gkyai90 (the new standard value).
Release 1.58 will implement this modification, supporting the legacy and the new solution. Release 1.59 will no longer provide support for the legacy method.
The new set ID values for each default RBAC role are listed below.
  • ADMIN: cljhc9ggj000008l99gkyai90
  • STD_USER: cljhc9rvn000208l9g4lpai54
  • ANALYST: cljhc9yh1000308l9ar7j8mux
Impacted Endpoints:
  • GET /api/v2/tenants/{tenantId}/security/role/{roleId}
  • PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/info
  • PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/permissions
  • PUT /api/v2/tenants/{tenantId}/security/role/{roleId}/users
  • DELETE /api/v2/tenants/{tenantId}/security/role/{roleId}/users/{userId}
  • DELETE /api/v2/tenants/{tenantId}/security/role/{roleId}
Decouple Finding/Assets - November 7, 2023
Summary: This change has been carefully designed to enhance your experience by speeding up the delivery of a more concise data set. We are proactively contacting you to ensure that there will be no data disruption on your account.
Details:
Get Finding API Functionality: The Get Finding endpoint returns the finding information about the finding and related affected assets. The standard use case for this endpoint is gather data relevant to the finding of the findingId specified in the request. Currently the affected asset information returned, also references relational data to other findings not specified in the request.
What's changing: This update is a modification of the data that will be returned using the Get Finding endpoint. We have increased performance and security by maintaining the findings and related assets and excluding the third level of data (data for every other finding related to each of those affected assets in the requested finding) in the returned data set. If you were using the Get Finding endpoint to access these findings related to an asset, please see the recommended routes below.
Routes for Accessing Findings Related to an Asset: We understand that you might have specific requirements for other data needed. To address this, we have existing designated routes to get you access to findings related to an asset. The Get Asset route will retrieve a single record, or for multiple records in a single request, use the List Client Assets route.
Impacted Endpoints:
  • Get Finding - GET /api/v1/client/{{clientId}}/report/{{reportId}}/flaw/{{findingId}}