PCI COmpliance Release 1.6.3 API
August 06, 2025
With this release of PCI Compliance release, we have introduced the following API enhancements.
PCI Compliance API Versioning Support
We have scheduled API versioning for End-of-Support (EOS) and End-of-Life (EOL). We recommend migrating to the latest versions of these APIs to ensure continued compatibility, support, and access to the latest features and security enhancements.
Impacted APIs
The following is the impacted API:
To support your understanding, definitions of key terms such as End-of-Support (EOS) and End-of-Life (EOL) are given here, explaining the lifecycle of each endpoint.
End-of-Support for an API version signifies the point at which Qualys will no longer actively maintain or enhance that specific version. While the API may continue to function, it will not receive new features, performance improvements, or security updates. This phase is intended to provide a grace period for API consumers to migrate to newer versions.
Implications of End-of-Support
- No New Features: The API version will not receive any further functional enhancements or new capabilities.
- Limited Bug Fixes: Critical security vulnerabilities may be addressed case-by-case, but general bug fixes for non-critical issues will stop.
- No Performance Improvements: Optimization efforts focus solely on newer API versions.
- Reduced Support Channels: Technical support for issues related to this specific API version may become limited, and users are strongly recommended to upgrade.
- No Guarantees of Reliability: While the API may remain operational, Qualys offers no guarantees regarding its continued reliability beyond the EOS date.
End-of-life is the final stage in which an API version is officially retired and completely decommissioned. After the EOL date, the API will no longer be available, and any calls to it will result in errors. This marks the complete discontinuation of service for that specific API version.
Implications of End-of-Life
- API Decommissioning: The API endpoint for this version is shut down and will no longer accept requests.
- Complete Service Stoppage: All functionalities provided by this API version will cease to exist.
- Error Responses: Any attempt to call the EOL API results in HTTP error codes, such as 404 Not Found or 410 Gone, or similar error messages.
- No Support: All forms of support, documentation, and resources related to this API version will be discontinued.
Vuln List API: Updated API Response for Vuln List API
| New or Updated API | Updated |
| API Endpoint | /pci/vuln/list? apiVersion: V1 |
| EOS: February 2026 | |
| EOL: August 2026 | |
| API Endpoint (New Version) |
/pci/vuln/list? apiVersion: V2 |
| Method | GET |
| DTD or XSD Changes | NA |
The Vuln List API (/pci/vuln/list) generates the list of vulnerabilities found for PCI Merchant account.
We have upgraded this API to a new version — V2, to show the response code 200 when no vulnerabilities are found for the PCI Merchant account. Earlier, we displayed the response code 400 when no vulnerabilities were found for the PCI merchant account.
Authentication: The Vuln List API use the PCI Merchant username and password as basic authentication.
Sample: Generate the list of Vulnerabilities for PCI Merchant AccountSample: Generate the list of Vulnerabilities for PCI Merchant Account
API Request
curl -X GET 'localhost:8080/pci/vuln/list?' -H 'Content-Type: application/json apiVersion: V2'
API Response
{
"responseApiVersion": "V2",
"data": {
"totalCount": 0,
"merchantVulnList": []
}
}