Connector Release 2.18 API
June 29, 2026
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. In these API Release Notes, <qualys_gateway_url> is used in the sample API requests.
All endpoints require a QAS Bearer JWT token issued by the Qualys identity service.
Authorization: Bearer <qas-jwt-token>
Requests with a missing or invalid token return 401 Unauthorized. The token carries tenant identity (customerUuid, customerIntId) and is used to scope all data access automatically - you cannot access another tenant's data.
Service Accounts API
A service account represents a cloud provider account (e.g., a GCP project, AWS account, or Azure subscription) that Flexscan is authorized to scan. You must register a service account before configuring or scanning it.
Register Service Account
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/service-accounts/register |
| Method | POST |
| DTD or XSD changes | Not Applicable |
This API registers a service account with the Qualys connector service and enables it for snapshot-based scanning.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| accountId | Mandatory | String | Cloud account identifier - GCP project ID, AWS account ID, or Azure subscription ID |
| cloudType | Mandatory | String | Cloud provider: GCP, AWS, or AZURE (case-insensitive) |
Sample - Register a GCP Service AccountSample - Register a GCP Service Account
API Request
curl -X POST \
'<qualys_gateway_url>/flexscan-api/rest/v1/service-accounts/register' \
-H 'Authorization: Bearer <qas-jwt-token>' \
-H 'Content-Type: application/json' \
-d '{
"accountId": "my-gcp-project-123",
"cloudType": "GCP"
}'
API Response
{
"data": {
"accountId": "my-gcp-project-XXX",
"status": "REGISTERED",
"registeredAt": "2026-05-28T11:30:00"
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Sample - Register an Azure Service AccountSample - Register an Azure Service Account
API Request
curl -X POST \
'<qualys_gateway_url>/flexscan-api/rest/v1/service-accounts/register' \
-H 'Authorization: Bearer <qas-jwt-token>' \
-H 'Content-Type: application/json' \
-d '{
"accountId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"cloudType": "AZURE"
}'
API Response
{
"data": {
"accountId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"status": "REGISTERED",
"registeredAt": "2026-05-28T11:30:00"
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Deregister Service Account
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/service-accounts/deregister |
| Method | DELETE |
| DTD or XSD changes | Not Applicable |
This API deregisters a service account from the Qualys connector service.
This API removes only the connector registration, it does not delete the cloud infrastructure.
When you trigger the Deregister API, the service account setup for the enabled regions will be removed. However, the associated subnets and VPCs will not be deleted automatically. You will need to manually delete the subnets and VPCs a few hours after the Deregister API completes.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| accountId | Mandatory | String | Cloud account identifier to deregister |
| cloudType | Mandatory | String | Cloud provider: GCP, AWS, or AZURE (case-insensitive) |
Sample - Deregister a Service AccountSample - Deregister a Service Account
API Request
curl -X DELETE \
'<qualys_gateway_url>/flexscan-api/rest/v1/service-accounts/deregister' \
-H 'Authorization: Bearer <qas-jwt-token>' \
-H 'Content-Type: application/json' \
-d '{
"accountId": "my-gcp-project-XXX",
"cloudType": "GCP"
}'
API Response
{
"data": {
"accountId": "my-gcp-project-XXX",
"status": "DEREGISTERED",
"deregisteredAt": "2026-05-28T11:35:00"
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:35:00Z"
}
}
Setup Service Account
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/service-accounts/setup |
| Method | POST |
| DTD or XSD changes | Not Applicable |
This API configures scan settings for a registered service account. It updates the scan configuration (regions, scan interval, resource types, scan types, tag filters) and provisions per-region infrastructure by publishing SETUP_REGION events.
If you remove any region(s) as part of a setup modification, the subnet associated with the removed region’s infrastructure will not be deleted automatically. You will need to manually delete the subnet for the removed region a few hours after the region removal process completes.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| accountId | Mandatory | String | Service account identifier (must be in REGISTERED state) |
| regions | Mandatory | Array of String | Cloud regions to enable for scanning (e.g.,["us-east1", "eastus"]) |
| scanInterval | Optional | Integer | Scan interval in hours. Range: 24–720. |
| resourceTypes | Optional | Array of String | Resource types to scan. Allowed value: vm. |
| vmScanTypes | Optional | Array of String | VM scan types. Options: os, sca (case-insensitive). |
| mustHaveTags | Optional | Array of String | Resources must have ALL of these tags (AND logic). Format: "key=value" |
| atLeastOneTag | Optional | Array of String | Resources must have AT LEAST ONE of these tags (OR logic). Format: "key=value" |
| noneOfTheTag | Optional | Array of String | Resources with ANY of these tags are excluded. Format: "key=value" |
All string list parameters are automatically converted to lowercase. For SCA scan types, the os parameter must also be included.
Currently, these input parameters are referred to as tags, but in GCP they are called labels.
Tag Behavior: If a tag parameter is set to an empty array ([]) or null, no filtering is applied for that parameter. When all three tag parameters are empty or null, all resources are scanned.
Tag Format Examples by Cloud:
- AWS: "Environment=Production", "Owner:PlatformTeam" (both equals and colon separators are supported)
- Azure: "environment=production", "owner=platform-team" (keys are case-sensitive)
- GCP: "environment=production", "owner=platform-team" (only the equals separator is supported)
Sample - Setup a Service Account with Tag FiltersSample - Setup a Service Account with Tag Filters
API Request
curl -X POST \
'<qualys_gateway_url>/flexscan-api/rest/v1/service-accounts/setup' \
-H 'Authorization: Bearer <qas-jwt-token>' \
-H 'Content-Type: application/json' \
-d '{
"accountId": "my-gcp-project-XXX",
"regions": ["us-east1", "us-west1"],
"scanInterval": 24,
"resourceTypes": ["vm"],
"vmScanTypes": ["os"],
"mustHaveTags": ["env=production"],
"atLeastOneTag": ["team=platform", "team=infra"],
"noneOfTheTag": ["ignore=true"]
}'
API Response
{
"data": {
"status": "ACCEPTED",
"accountId": "my-gcp-project-XXX",
"cloudType": "GCP",
"previousRegions": ["us-west1"],
"currentRegions": ["us-east1", "us-west1"],
"addedRegions": ["us-east1"],
"removedRegions": [],
"scanInterval": 24,
"resourceTypes": ["vm"],
"vmScanTypes": ["os"],
"mustHaveTags": ["env=production"],
"atLeastOneTag": ["team=platform", "team=infra"],
"noneOfTheTag": ["ignore=true"]
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
List Service Accounts
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/service-accounts |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API lists all service accounts belonging to the authenticated customer, with pagination.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| page | Optional | Integer | Page number (1-based). Default: 1 |
| limit | Optional | Integer | Items per page. Range: 1–100. Default: 25 |
| sort | Optional | String | Sort field and direction. Format: field,direction.Default: createdAt,desc |
Sample - List Service AccountsSample - List Service Accounts
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/service-accounts?page=1&limit=25&sort=createdAt,desc' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": [
{
"accountId": "my-gcp-project-123",
"cloudType": "GCP",
"customerUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"connectorUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"portalUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"regions": ["us-east1", "us-west1"],
"state": "REGISTERED",
"createdAt": "2026-05-01T10:00:00",
"updatedAt": "2026-05-28T11:30:00"
}
],
"errors": [],
"meta": {
"page": 1,
"limit": 25,
"total": 5,
"timestamp": "2026-05-28T11:30:00Z"
}
}
Get Service Account
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/service-accounts/{accountId} |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API retrieves a specific service account by its identifier.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| accountId | Mandatory | String (path) | Service account identifier |
Sample - List Service AccountsSample - List Service Accounts
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/service-accounts/my-gcp-project' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"accountId": "my-gcp-project",
"cloudType": "GCP",
"customerUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"connectorUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"portalUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"regions": ["us-east1", "us-west1"],
"state": "REGISTERED",
"createdAt": "2026-05-01T10:00:00",
"updatedAt": "2026-05-28T11:30:00"
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Get Service Account State
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/service-accounts/{accountId}/state |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API retrieves the current provisioning state and per-region cloudInfo for a service account.
The state is scoped to the authenticated customer's tenant - you cannot query another customer's accounts.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| accountId | Mandatory | String (path) | Service account identifier |
Sample - List Service AccountsSample - List Service Accounts
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/service-accounts/my-gcp-project-123/state' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"accountId": "my-gcp-project-123",
"cloudType": "GCP",
"state": "REGISTERED",
"cloudInfo": {
"us-east1": {
"vnetId": "/subscriptions/.../virtualNetworks/qualys-vnet-eastus",
"storageAccountName": "qualysstore123"
}
}
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Target Accounts API
A target account is a child cloud account, or subscription scoped under a parent service account (e.g., an AWS member account in an AWS Organization, or an Azure target subscription). Target accounts inherit infrastructure from the parent service account but can have independent scan configurations.
Setup Target Account
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/target-accounts/setup |
| Method | POST |
| DTD or XSD changes | Not Applicable |
This API configures scan settings for a target account. Updates only the target account record - does not modify the parent service account or trigger new infrastructure provisioning.
Validation Rules
- Target account regions must be a subset of (or equal to) the parent service account's configured regions.
- vmScanTypes must be a subset of the parent service account's vmScanTypes.
- If the parent service account has ["os"], the target may specify ["os"] but not ["os", "sca"].
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| accountId | Mandatory | String (path) | Target account identifier |
| regions | Mandatory | Array of String | Regions to scan - must be subset of parent service account's regions |
| scanInterval | Optional | Integer | Scan interval in hours. Range: 24–720. Default: 24 |
| resourceTypes | Optional | Array of String | Resource types to scan. Allowed value: vm. Default: ["vm"] |
| vmScanTypes | Optional | Array of String | VM scan types. Options: os, sca, secret. Must be subset of parent service account's vmScanTypes. Default: ["os"] |
| mustHaveTags | Optional | Array of String | Resources must have ALL of these tags (AND logic). Format: "key=value" |
| atLeastOneTag | Optional | Array of String | Resources must have AT LEAST ONE of these tags (OR logic). Format: "key=value" |
| noneOfTheTag | Optional | Array of String | Resources with ANY of these tags are excluded. Format: "key=value" |
Tag Behavior: If a tag parameter is set to an empty array ([]) or null, no filtering is applied for that parameter. When all three tag parameters are empty or null, all resources are included in the scan.
Currently, these parameters are referred to as tags, however, in GCP they are called labels.
Target Account Tag Fallback: For target accounts, null tag values inherit the configuration from the parent service account. Setting a tag parameter to an empty array ([]) overrides the parent configuration and disables filtering for that parameter.
Tag Format Examples by Cloud:
- AWS: "Environment=Production", "Owner:PlatformTeam" (supports both equals (
=) and colon (:) separators) - Azure: "environment=production", "owner=platform-team" (keys are case-sensitive)
- GCP: "environment=production", "owner=platform-team" (only the equals (
=) separator is supported)
Sample - Setup a Target AccountSample - Setup a Target Account
API Request
curl -X POST \
'<qualys_gateway_url>/flexscan-api/rest/v1/target-accounts/setup' \
-H 'Authorization: Bearer <qas-jwt-token>' \
-H 'Content-Type: application/json' \
-d '{
"accountId": "target-xxxxxxxx",
"regions": ["us-east1"],
"scanInterval": 48,
"resourceTypes": ["vm"],
"vmScanTypes": ["os"],
"mustHaveTags": ["env=staging"]
}'
API Response
{
"data": {
"status": "ACCEPTED",
"accountId": "target-xxxxxxxxx",
"serviceAccountId": "my-gcp-project-123",
"cloudType": "GCP",
"previousRegions": [],
"currentRegions": ["us-east1"],
"addedRegions": ["us-east1"],
"removedRegions": [],
"scanInterval": 48,
"resourceTypes": ["vm"],
"vmScanTypes": ["os"],
"mustHaveTags": ["env=staging"],
"atLeastOneTag": null,
"noneOfTheTag": null
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
List Target Accounts
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/target-accounts |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API lists target accounts belonging to the authenticated customer. Always scoped to the JWT tenant - you cannot access another customer's data. Supports optional filters.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| serviceAccountId | Optional | String | Filter by parent service account ID |
| cloudType | Optional | String | Filter by cloud type: AWS, AZURE, GCP, or OCI (case-insensitive) |
| state | Optional | String | Filter by parent service account state: REGISTERED, ACTIVE, INACTIVE, ERROR |
| page | Optional | Integer | Page number (1-based). Default: 1 |
| limit | Optional | Integer | Items per page. Range: 1–100. Default: 25 |
| sort | Optional | String | Sort field and direction. Default: createdAt,desc |
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/target-accounts?serviceAccountId=my-gcp-project-123&page=1&limit=25' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": [
{
"accountId": "target-xxxxxxx",
"serviceAccountId": "my-gcp-project-xxxxxxx",
"cloudType": "GCP",
"customerUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"connectorUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"portalUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"regions": ["us-east1", "us-west1"],
"serviceAccountState": "REGISTERED",
"createdAt": "2026-05-01T10:00:00",
"updatedAt": "2026-05-28T11:30:00"
}
],
"errors": [],
"meta": {
"page": 1,
"limit": 25,
"total": 3,
"timestamp": "2026-05-28T11:30:00Z"
}
}
Get Target Account
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/target-accounts/{accountId} |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API retrieves a specific target account by its identifier, including parent service account details.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| accountId | Mandatory | String (path) | Target account identifier |
Sample - Get a Target AccountSample - Get a Target Account
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/target-accounts/target-account-456' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"accountId": "target-xxxxxxx",
"serviceAccountId": "my-gcp-projectxxxx",
"cloudType": "GCP",
"customerUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"connectorUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"portalUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"regions": ["us-east1", "us-west1"],
"createdAt": "2026-05-01T10:00:00",
"updatedAt": "2026-05-28T11:30:00",
"serviceAccount": {
"accountId": "my-gcp-project-123",
"cloudType": "GCP",
"state": "REGISTERED",
"regions": ["us-east1", "us-west1"]
}
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Get Target Account State
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/target-accounts/{accountId}/state |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API retrieves the provisioning state and per-region cloudInfo for a target account. State is derived from the parent service account. Scoped to the authenticated customer.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| accountId | Mandatory | String (path) | Target account identifier |
Sample - Get Target Account StateSample - Get Target Account State
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/target-accounts/target-account-456' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"accountId": "target-account-xxxx",
"cloudType": "GCP",
"state": "REGISTERED",
"cloudInfo": {
"us-east1": {
"vnetId": "/subscriptions/.../virtualNetworks/qualys-vnet-eastus",
"storageAccountName": "qualysstore123"
}
}
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Scan Logs API
Provides read-only access to scan status records. Each record represents a single VM/resource scan attempt. Sensitive internal fields (resultFileName, correlationIds) are excluded by default.
List Scan Logs
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/scan/logs |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API lists all scan status records for the authenticated customer, paginated and sorted by last update time.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| page | Optional | Integer | Page number (1-based). Default: 1 |
| limit | Optional | Integer | Items per page. Range: 1–500. Default: 100 |
| sort | Optional | String | Sort field and direction. Default: updatedAt,desc |
Sample - List Scan LogsSample - List Scan Logs
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/scan/logs?page=1&limit=100&sort=updatedAt,desc' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": [
{
"scanUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"cloudType": "GCP",
"resourceId": "projects/my-project/zones/us-west1-a/instances/my-vm",
"resourceName": "my-vm",
"resourceType": "VM",
"customerUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"portalUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"serviceAccountId": "my-gcp-projectxxxx",
"targetAccountId": "target-accountxxxxx",
"targetRegion": "us-west1",
"targetZone": "us-west1-a",
"scannerPlatform": "LINUX",
"storageCount": 1,
"scanPriority": 1,
"scanAttempts": 1,
"scanType": "OS",
"scanStatus": "COMPLETED",
"expiresAt": "2026-06-04T11:30:00",
"stateReason": null,
"createdAt": "2026-05-28T10:00:00",
"updatedAt": "2026-05-28T11:30:00"
}
],
"errors": [],
"meta": {
"page": 1,
"limit": 100,
"total": 540,
"timestamp": "2026-05-28T11:30:00Z"
}
}
Get Scan Logs
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/scan/logs/{scanUuid} |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API retrieves a single scan log record by its UUID. Use includeDetails=true to include internal diagnostic fields.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| scanUuid | Mandatory | UUID (path) | Scan record UUID (primary key) |
| includeDetails | Optional | Boolean | Include resultFileName and correlationIds in the response. Default: false |
Sample - Get Scan Logs without DetailsSample - Get Scan Logs without Details
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/scan/logs/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"scanUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"cloudType": "GCP",
"resourceId": "projects/my-project/zones/us-west1-a/instances/my-vm",
"resourceName": "my-vm",
"resourceType": "VM",
"customerUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"portalUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"serviceAccountId": "my-gcp-project-XXX",
"targetAccountId": "target-account-XXXXX",
"targetRegion": "us-west1",
"targetZone": "us-west1-a",
"scannerPlatform": "LINUX",
"storageCount": 1,
"scanPriority": 1,
"scanAttempts": 2,
"scanType": "OS",
"scanStatus": "COMPLETED",
"expiresAt": "2026-06-04T11:30:00",
"stateReason": null,
"createdAt": "2026-05-28T10:00:00",
"updatedAt": "2026-05-28T11:30:00"
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Sample - Get Scan Logs with DetailsSample - Get Scan Logs with Details
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/scan/logs/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?includeDetails=true' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"scanUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"... (all fields from above) ...",
"resultFileName": "GCP/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/my-gcp-project-XXX/f184d531-ScanResult.json",
"correlationIds": "[\"corr-001\",\"corr-002\"]"
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Audit Trail API
Provides visibility into the execution history of the scan workflow. Events are stored in OpenSearch; resource state is cross-referenced from the Oracle database (RESOURCE_SCAN_STATUS).
Get Resource Audit Trail
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/audit/resource/{scanUuid} |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API returns the complete audit trail for a scanned resource across all its workflows. Looks up the resource by scanUuid, validates customer ownership, then queries OpenSearch for all workflow events linked to that resource.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| scanUuid | Mandatory | UUID (path) | Scan record UUID — primary key from the scan logs API |
Sample - Get Resource Audit TrailSample - Get Resource Audit Trail
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/audit/resource/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"scanUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"resourceId": "projects/my-project/zones/us-west1-a/instances/XXXXXX",
"resourceName": "my-vm",
"resourceType": "VM",
"cloudType": "GCP",
"serviceAccountId": "my-gcp-project-XXXXX",
"accountId": "target-account-XXXX",
"region": "us-west1",
"zone": "us-west1-a",
"scannerPlatform": "LINUX",
"scanStatus": "COMPLETED",
"correlationIds": ["gcp-scan-corr-001", "gcp-scan-corr-002"],
"totalWorkflows": 2,
"totalEvents": 16,
"createdAt": "2026-05-28T10:00:00",
"updatedAt": "2026-05-28T11:30:00",
"workflows": [
{
"correlationId": "gcp-scan-corr-001",
"eventCategory": "SCAN",
"status": "SUCCESS",
"startedAt": "2026-05-28T10:00:00Z",
"lastEventAt": "2026-05-28T11:00:00Z",
"totalEvents": 8,
"events": [
{
"eventId": "evt-001",
"eventType": "ROOT",
"stepType": "ROOT",
"status": "SUCCESS",
"receivedAt": "2026-05-28T10:00:00Z",
"sequenceNumber": 1
}
]
}
]
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
Get Workflow Timeline
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/audit/workflows/{correlationId} |
| Method | GET |
| DTD or XSD changes | Not Applicable |
This API returns the complete ordered event chain for a single workflow identified by its correlation ID. Events are sorted by receivedAt and sequenceNumber.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| correlationId | Mandatory | String (path) | Workflow correlation ID (obtained from the audit trail or scan log) |
Sample - Get Resource Audit TrailSample - Get Resource Audit Trail
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/audit/workflows/gcp-scan-corr-001' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"correlationId": "gcp-scan-corr-001",
"eventCategory": "SCAN",
"cloudType": "GCP",
"serviceAccountId": "my-gcp-project-XXXX",
"status": "SUCCESS",
"startedAt": "2026-05-28T10:00:00Z",
"lastEventAt": "2026-05-28T11:00:00Z",
"totalEvents": 8,
"events": [
{
"eventId": "evt-001",
"eventType": "ROOT",
"stepType": "ROOT",
"status": "SUCCESS",
"receivedAt": "2026-05-28T10:00:00Z",
"sequenceNumber": 1,
"details": {}
},
{
"eventId": "evt-002",
"eventType": "DISCOVER_TARGET_VMS",
"stepType": "DISCOVER_TARGET_VMS",
"status": "SUCCESS",
"receivedAt": "2026-05-28T10:05:00Z",
"sequenceNumber": 2,
"details": {}
}
]
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}
List Workflows
| New or Updated API | New |
| API Endpoint (New) | /flexscan-api/rest/v1/audit/workflows |
| Method | GET |
| DTD or XSD changes | Not Applicable |
Lists workflows with optional filters. Results are returned most-recent-first by receivedAt.
Input parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| status | Optional | String | Filter by workflow status: SUCCESS, FAILED, IN_PROGRESS, MAX_RETRIES_EXCEEDED (case-insensitive) |
| eventCategory | Optional | String | Filter by category: DISCOVERY, SNAPSHOT, SCAN, MANAGEMENT (case-insensitive) |
| serviceAccountId | Optional | String | Filter by service account ID |
| cloudType | Optional | String | Filter by cloud provider: AWS, AZURE, GCP, OCI (case-insensitive) |
| stepType | Optional | String | Filter by step/event type (e.g., ROOT, DISCOVER_TARGET_VMS) (case-insensitive) |
| page | Optional | Integer | Page number (1-based). Default: 1 |
| limit | Optional | Integer | Items per page. Range: 1–500. Default: 100 |
Sample - List Scan Workflows for a Service AccountSample - List Scan Workflows for a Service Account
API Request
curl -X GET \ '<qualys_gateway_url>/flexscan-api/rest/v1/audit/workflows?serviceAccountId=my-gcp-project-XXXX&eventCategory=SCAN&status=SUCCESS&page=1&limit=100' \ -H 'Authorization: Bearer <qas-jwt-token>'
API Response
{
"data": {
"workflows": [
{
"correlationId": "gcp-scan-corr-001",
"eventCategory": "SCAN",
"cloudType": "GCP",
"serviceAccountId": "my-gcp-project-123",
"status": "SUCCESS",
"totalEvents": 8,
"startedAt": "2026-05-28T10:00:00Z",
"lastEventAt": "2026-05-28T11:00:00Z"
}
],
"total": 150,
"page": 1,
"limit": 100
},
"errors": [],
"meta": {
"timestamp": "2026-05-28T11:30:00Z"
}
}