API change history

Track changes made to the REST APIs across product versions.

v9.0.3.1

Table 1. Change history in Scan Management APIs
API group	API name	HTTPs method	Parameter name	Change
Scan management	Deleting a folder item	DELETE		NEW: Deletes a folder item in the Scans view.
Scan management	Uploading recorded login data	POST		NEW: Uploads the manual explore data that is stored in an *.htd file as a recorded login sequence to a content scan job, and sets the Login Method for the content scan job to "Recorded Login".

Table 2. Change history from Application Security Management API version 1.0.6 to version 1.0.7
API group	API name	HTTPs method	Parameter name	Change
Application Security Management	applications	PUT /applications/{appId}/	comments	UPDATED: Adds comments to a single app and returns the new comment object.
Application Security Management	issues	POST /issues/{issueId}/application/{appId}/comments		NEW: Adds a comment to a single issue.
Application Security Management	issues	POST issues/reports/securitydetails	body/config/issueConfig/issueAttributeConfig body/config/applicationAttributeConfig	NEW: Adds issue attributes to generated reports. NEW: Adds application attributes to generated reports.
Application Security Management	issuetypes	GET /issuetypes/{issuetype}/standards/{standard name}	issueTypeId	NEW: Retrieves the list of sections that the issue type belongs to
Application Security Management	issuetypes	GET /issuetypes/{issueTypeId}	issueTypeId	NEW: Retrieves an issue type.

v9.0.3

Table 3. Change history from Application Security Management API version 1.0.5 to version 1.0.6.
API group	API name	POST/GET	Parameter name	Change
Application Security Management	applications	GET /applications	properties issuesquery	NEW: Queries computed properties and defines the scope for other queries. Currently limited to specifying a standard id, and section id. NEW: Selects applications that have issues that fall within the defined standard.
Application Security Management	issues	GET /issues GET /issues/details GET /issues/details_v2	properties appId	UPDATED: Queries computer properties and defines the scope for other queries. Currently limited to specifying a standard id, and section id. DEPRECATED: Use newer version instead. Get issues details in HTML format packaged into a single zip file. Version 2 includes the ability to do AND operations on queries.
Application Security Management	issues	GET /issues/{issueId}/application/{appId}/aboutthisissue	issueId appId	NEW: Gets the About this Issue details in HTML format.
Application Security Management	issues	POST /issues/details_v2/xml POST /issues/reports/regulatorycompliance POST /issues/reports/industrystandard POST /issues/reports/securitydetails	appId body	NEW: Gets the issue details in XML format for the application. NEW: This is a JSON object that contains the list of IssueIds and Queries.
Application Security Management	issues	GET /issues/reports/{id}/status GET /issues/reports/{id}	id	NEW: Gets the status of the report job. NEW: Gets the report.
Application Security Management	issuetypes	GET /issuetypes/{issueTypeLookup}/fixrecommendation	issueTypeLookup	NEW: Gets the fix recommendation in html format for a given issue type ID.
Application Security Management	scanners	GET /scanners/{scannerId}/icon GET /scanners	scannerId includeUnregisteredScanners	NEW: Gets the icon for a given scanner. NEW: Gets a list of scanners.
Application Security Management
Application Security Management	standards	GET /standards		NEW: Gets the list and details about the supported compliance standards
Application Security Management	standards	GET /standards/{standardId}/sections	standardId	NEW: Gets the list and details about the sections of a particular standard
Application Security Management	summaries	GET /summaries/apps/count GET /summaries/apps	properties issuesQuery issuegroup	NEW: Queries computed properties and defines the scope for other queries. Currently limited to specifying a standard id, and section id. NEW: Selects only applications that contain issues with the specified attribute names. NEW: Specifies the issue attribute to group by.
Application Security Management	summaries	GET /summaries/issues/count_v2 GET /summaries/issues/count GET /summaries/issues_v2 GET /summaries/issues	properties	NEW: Queries computed properties and defines the scope for other queries. Currently limited to specifying a standard id, and section id. DEPRECATED: Use GET /summaries/issues/count_v2 instead. NEW: Queries computed properties and defines the scope for other queries. DEPRECATED: Use GET /summaries/issues/issues_v2 instead.

v9.0.2.1 iFix1

Table 4. Change history in Scan Management APIs
API name	POST/GET	Parameter name	Change
Requesting a collection of folders			UPDATE: The returned XML file now returns the list of users. Added new example code.
Requesting a single folder			UPDATE: The returned XML file now returns the list of users. Added new example code.
Requesting a collection of folder items			UPDATE: The returned XML file now returns the list of users. Added new example code.
Requesting a single folder item			UPDATE: The returned XML file now returns the list of users. Added new example code.
Updating the association of a scan to an application	POST		NEW: This REST API returns an updated XML file with a new appid value.

v9.0.2.1

Table 5. Change history from Application Security Management API version 1.0.4 to version 1.0.5.
API group	API name	POST/GET	Parameter name	Change
Application Security Management	issueimport	POST /issueimport/{appID}/{scannerId}	uploadedfile	UPDATED: The error code for a user who does not have permission to import was changed from a 401 'unauthorized' to a 403 'forbidden' message.
Application Security Management	summaries/issues	GET /summaries/issues	query	UPDATED - Added support for date range in query. DEPRECATED - Use /summaries/issues_v2 instead, which has same functionality but uses improved syntax.
Application Security Management	summaries/issues	GET /summaries/issues	appquery	UPDATED - Added support for querying using application attributes. DEPRECATED - Use /summaries/issues_v2 instead, which has same functionality but uses improved syntax.
Application Security Management	summaries/issues_v2	GET /summaries/issues_v2	query, appquery	NEW - Same functionality as old version of the API, but uses improved query syntax.
Application Security Management	summaries/issues/count	GET /summaries/issues/count	query	UPDATED - Added support for date range in query. DEPRECATED - Use /summaries/issues/count_v2 instead, which has the same functionality but uses improved syntax.
Application Security Management	summaries/issues/count_v2	GET /summaries/issues/count_v2	query	NEW - Same functionality as old version of the API, but uses improved query syntax.
Application Security Management	issues	GET /issues	query	UPDATED - Added support for date range in query.
Application Security Management	issuetypes	GET /issuetypes GET /issuetypes/{issueTypeLookup}/advisory GET /issuetypes/{issueTypeLookup}/fixrecommendation		NEW
Application Security Management	applications	GET /applications/{appId}/activities		NEW
Application Security Management	issueimport	GET /issueimport/currentstatus		NEW - Now also returning number of deleted issues
Application Security Management	issues	GET /issues/details_v2/xml GET /issues/{issueId}/application/{appId}/aboutthisissue GET /issues/{issueId}/application/{appId}		NEW - Issue details in XML and HTML format. NEW - When getting the issue, the response includes links to advisory and fix recommendation.
Application Security Management	currentuser_v2	GET /currentuser_v2		NEW - Returns user permissions
Application Security Management	login	POST /login		NEW - now returns `isDASTScanningEnabled: true`, when user has a scanning license.

v9.0.2 iFix1

Table 6. Change history from Application Security Management API version 1.0.3 to version 1.0.4. New Defect Tracking System Integration API version 1.0.1
API group	API name	POST/GET	Parameter name	Change
Application Security Management	usertypes	GET /usertypes		New: Gets the list of user types.
Application Security Management	consoleusers	GET /consoleusers GET /consoleusers/{userId} POST /consoleusers		Updated: Returns email and usertypes ID. New: {userId} has been added. New
Defect Tracking System Integration	projects	GET /projects		New: Projects of a defect tracking system
Defect Tracking System Integration	defectTypes	GET /defectTypes		New: Defect types of a project
Defect Tracking System Integration	fields	GET /fields		New: Fields of a defect type
Defect Tracking System Integration (JIRA only)	users	GET /users		New: Users of a project
Defect Tracking System Integration (JIRA only)	groups	GET /groups		New: Groups defined in a project
Defect Tracking System Integration (JIRA only)	components	GET /components		New: Components of a project
Defect Tracking System Integration	defects	POST /defects POST /defects/attachments POST /defects/links		New: Defects of a defect tracking system

v9.0.2

Table 7. Change history from Application Security Management API version 1.0.2 to version 1.0.3
API name	POST/GET	Parameter name	Change
appimport issueimport	POST /appimport POST /issueimport/{appId}/{scannerId}		The POST REST API calls to /appimport and /issueimport/{appId}/{scannerId} no longer wait for the import operation to complete before returning a status. These calls will return after the server reads the uploaded file. A successful response is indicated by a 202 'Accepted' response and a location header. The location header contains a URL value for /appimport/currentstatus and /issueimport/currentstatus. A calling application can poll these URL values to determine the state of the issue import process.
issueimport	GET /issueimport/currentstatus		Two new fields can be used by a calling application: complete, which is a Boolean value that indicates whether the import is completed (either successfully or with errors). message, which is a localized message from the server that indicates the status of the import.
version	GET /version/dastclient		New: Version information
currentusr	GET /currentuser		New: Identity of the current user
dashboard	GET /dashboard		New: Export dashboard raw data in Excel format.
issues	GET /issues	query	A new issue status of 'New' has been added. Previous queries that used 'status=open' must be changed to 'status=new,status=open', to yield the same results.
issues	GET /issues/details		Export multiple issues with details to HTML files (zipped)
summaries	GET /summaries/issues	query	A new issue status of 'New' has been added. Previous queries that used 'status=open' must be changed to 'status=new,status=open', to yield the same results.
summaries	GET /summaries/issues/count	query	A new issue status of 'New' has been added. Previous queries that used 'status=open' must be changed to 'status=new,status=open', to yield the same results.

v9.0.1.1

Table 8. Change history from Application Security Management API version 1.0.1 to version 1.0.2
API name	POST/GET	Parameter name	Change
issueimport	POST /issueimport/{appId}/{scannerId}	scanName	The parameter used to be passed as a query string but is now passed as a form parameter.