Getting Started with Patch Management APIs

A few Patch Management features are available through REST APIs. You can use Swagger tool to access the REST APIs we support. You cannot use Patch Management APIs with the Free License.

Note: Patch Management APIs support fetching a maximum of 10,000 records only.

Values of the query parameters must be encoded. URL encoding conversion to ASCII character set is required to ensure characters are transmitted correctly. The URLs contain characters that might not be in the ASCII character, so the URL must be converted into a valid ASCII format. Encoding the URL replaces the unsafe ASCII characters with a % followed by two hexadecimal digits. Because a URL must not contain spaces, the encoding replaces a space with a plus sign (+) or %20.

Accessing APIs Using Swagger

Swagger is a widely-adopted specification for programmatically describing REST APIs. The Swagger UI provides all the details about the APIs and how to invoke them. This includes information like the HTTP verbs to use (GET, POST, PUT, etc.), the URL paths, allowable parameters and types, and so on.

You can directly access the Swagger UI from the following URL:


For example, if your account is on US Platform 2

Qualys Platforms

Qualys maintains multiple platforms. The Qualys URL that you should use for API requests depends on the platform where your account is located. To identify your Qualys platform and get the API URL, visit:

Do I need to Authenticate to use the Swagger UI?

Authentication to the Qualys Cloud Platform is necessary before you try out the APIs.

1. Enter the username and password.

2. Select the  Permissions check box and click Login.

3. Copy the token and paste it into the Value box.

4. Click Authorize.

You can now use the APIs using the Swagger UI.

Using token values in the API calls

You can use QQL tokens in your API requests. Click here to view the supported tokens.

Note: For Patch Reports APIs, the API rate limit is 10 times per hour per customer. For more information, refer to Get Assets ReportGet Deployment Job Progress ReportGet List of Generated ReportsGet Patches Report, and Get Report in CSV Format.

For other APIs, the rate limit is as mentioned in your subscription. If it's not defined in the subscription, the default rate limit per subscription per API is 300 calls per hour.