Skip to main content

API Updates

REST / SOAP / ODATA API

Category	Updates	Details
REST API	API Clients using REST	As part of the integration with our new Access Control, Cookie-based authentication is no longer supported and all API Clients must use Token-based authentication.
SOAP API	API Clients using SOAP	As part of the integration with our new Access Control system, the following authentication and authorization changes are introduced: The SOAP Login/logout APIs are no longer supported Authentication should be done using REST API (Token-based Authentication) Subsequent SOAP requests should include the access token in the HTTP header The parameter "SessionID" is no longer in use
ODATA API	API Clients using ODATA

CxSAST/CxOSA APIs

General

Category	Updates	Details
CxSAST API	Overview of the CxSAST (REST) API	The CxSAST (REST) API provides the ability to manage all CxSAST related tasks. For more information, see CxSAST / CxOSA APIs - CxSAST, below.
CxOSA API	Overview of the CxOSA (REST) API	The CxOSA (REST) API provides the ability to manage all CxOSA related tasks. For more information, see CxSAST / CxOSA APIs - CxOSA, below.

CxSAST

Category	Updates	Details
API Versioning	Versioning was introduced to the CxSAST API in v8.6.0. The latest CxSAST APIs for v9.3.0 are installed with the most up to date API versions
New API Functionality	REST API to get the Best Fix Location
	REST API to update the engine scan settings	This allows updating the following fields: Engine Name URI Minimum LOC Maximum LOC Block engine (flag) Maximum concurrent Scans
	REST API to update result labels	This allows to update the following fields: Change state Change severity Change user assignment Add comment
Updated API Functionality	None
Updated API Documentation	None
CxREST API - Swagger		Login is required for exploring the CxSAST (REST) API through Swagger. To navigate to the relevant login page, click the login / authorize button.

Management & Orchestration APIs

Analytics (OData & REST)

Category	Updates	Details
API Versioning	Versioning was introduced to the Analytics (OData) in v8.8.0. The latest Analytics (REST) APIs in v9.3.0 are installed with the latest API version.	In order to use different versions of the Analytics API you will need to specify the desired API version (Headers Content-Type) for each API call.
Updated API Functionality	APIs have been updated in accordance with latest Analytics API library version.
CxAnalytics API - Swagger

Remediation Intelligence

Category	Updates	Details
API Versioning	Versioning was introduced to the Remediation Intelligence API in v9.0.0. The latest Remediation Intelligence APIs in v9.2.0 are installed with the latest API version.	In order to use different versions of the Policy Management API you will need to specify the desired API version (Headers Content-Type) for each API call.
New Functionality	A new functionality has been added to the latest Remediation Intelligence API library version for the API set.
Updated Functionality	Various APIs have been updated in accordance with the latest Remediation Intelligence API library version.
Policy Management API - Swagger		Login is required for exploring the Remediation Intelligence (REST) API through Swagger. To navigate to the relevant login page, click the login / authorize button.

Policy Management

Category	Update	Details
API Versioning	Versioning was introduced to the Policy Management API in v8.8.0. The latest Policy Management APIs in v9.2.0 are installed with the latest API version.	In order to use different versions of the Policy Management API you will need to specify the desired API version (Headers Content-Type) for each API call.
New Functionality	A new functionality has been added to the latest Policy Management API library version for the API set.
Updated Functionality	Various APIs have been updated in accordance with latest Policy Management API library version.
Policy Management API - Swagger

Platform Services APIs

General

Category	Updates	Details
Access Control API	Overview of the Access Control (REST) API	The Access Control (REST) API provides the ability to manage all user/team management and access control setting tasks. For more information, see Platform Services APIs - Access Control, below.

Access Control

Category	Updates	Details
API Versioning	Versioning was introduced to the Access Control API in v1.5.0. The latest Access Control APIs in v2.0.0 are installed with the latest API version (i.e., v=1.0).	In order to use different versions of the Access Control API you will need to specify the desired API version (Headers Content-Type) for each API call.
New API Functionality
Updated API Functionality	Various APIs have been updated in accordance with the latest Access Control API library version.
Access Control API - Swagger	To access a live Swagger environment navigate to: http://<ServerName>:<Port>/cxarm/dashboardapi/swagger/index/html (e.g., http://localhost:8080/cxrestapi/auth/swagger/index.html).	Login is required for exploring the Access Control (REST) API through Swagger. To navigate to the relevant login page, click the login / authorize button.

CxEngine

Category	Feature / Change	Details
Application Security
Engine Configurations	Scans relevant languages only according to the selected preset.	If the preset is relevant for specific languages only, the scan does not parse other languages.
Engine Deployment	Engine on Linux	Introducing CxEngine on Docker Linux.
Engine Server
Languages/Frameworks	Kotlin (Server Side)	This version adds and updates support for the latest versions of the Kotlin Server Side frameworks, Ktor and Vert.X. Support for the following framework features has been added to Ktor: Routing with FreeMarker Template Split Mustache template engine from the Ktor Framework Support for the following framework feature has been added to Vertx.X: Queries Type Inferences Resolving Rule link Views with ViewCalls Routing with Template Additional generic support has been added: Support additional Kotlin constructs required for Spring
Languages/Frameworks	Apex	This version adds and updates support for the latest versions of Apex that can be activated with the Engine Flag NEW_APEX. Support for the following language features has been added: Support property setter methods Support DML Statements Support Switch statements (No DOM representation) Support MemberAccess Object.class Support named parameters in ObjectCreate Support multiple statements in getter Support Unary Expressions (DOM Representation) Support Apex in UAST Support List literal declarations (No DOM representation) Support Annotations in Interfaces and Enums Support Associative Arrays Support triggers Support Default Constructor Support Class "Implements" ( No Dom Representation) Improved the following queries: Reflected_XSS after UAST adoption Stored_XSS after UAST adoption SOQL_SOSL_Injection after UAST adoption Second_Order_SOQL_SOSL_Injection after UAST adoption CRUD_Delete after UAST adoption FLS_Create after UAST adoption FLS_Create_Partial after UAST adoption FLS_Update after UAST adoption FLS_Update_Partial after UAST adoption
Languages/Frameworks	JavaScript	This version adds and updates support on EcmaScript for JavaScript support EcmaScript 2017 (ES8) EcmaScript 2018 (ES9) EcmaScript 2019 (ES10)
Languages/Frameworks	Logs	Added new metrics in logs for the scans. Scan coverage by lines.
Vulnerability Queries (Full List)	Vulnerability Queries	Vulnerability Queries for this version.
Vulnerability Queries (New and Updated)	New and updated vulnerability descriptions	New and updated vulnerability descriptions for this version – giving more detailed guidance for code remediation.
Vulnerability Queries for Presets	Vulnerability Queries according to Presets	Vulnerability Queries according to Presets for this version.

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.