A few Patch Management features are available through REST APIs. You can use the Swagger tool to access the REST APIs we support. You cannot use Patch Management APIs with the Free License.
Note: Patch Management APIs support fetching a maximum of 10,000 records only.
Values of the query parameters must be encoded. URL encoding conversion to ASCII character set is required to ensure characters are transmitted correctly. The URLs contain characters that might not be in the ASCII character, so the URL must be converted into a valid ASCII format. Encoding the URL replaces the unsafe ASCII characters with a % followed by two hexadecimal digits. Because a URL must not contain spaces, the encoding replaces a space with a plus sign (+) or %20.
Swagger is a widely-adopted specification for programmatically describing REST APIs. The Swagger UI provides all the details about the APIs and how to invoke them. This includes the HTTP verbs (GET, POST, PUT, etc.), the URL paths, allowable parameters and types, etc.
You can directly access the Swagger UI from the following URL:
http://gateway.<QualysURL>/apidocs/pm/v1#/
For example, if your account is on US Platform 2
https://gateway.qg2.apps.qualys.com/apidocs/pm/v1#/
Qualys maintains multiple platforms. The Qualys URL that you should use for API requests depends on the platform where your account is located. To identify your Qualys platform and get the API URL, visit: https://www.qualys.com/platform-identification/.
Authentication to the Qualys Enterprise TruRisk™ Platform is necessary before you try the APIs.
1. Enter the username and password.
2. Select the Permissions check box and click Login.
3. Copy the token and paste it into the Value box.
4. Click Authorize.
You can now use the APIs using the Swagger UI.
You can use QQL tokens in your API requests. Click here to view the supported tokens.
Note: The API rate limit is ten times per hour per customer for the Get Assets Report, Get Deployment Job Progress Report, Get List of Generated Reports, Get Patches Report, and Get Report in CSV Format Patch Reports APIs.
For other APIs, the rate limit is as mentioned in your subscription. If it's not defined in the subscription, the default rate limit per subscription per API is 300 calls per hour.
The response codes of the Patch Management public APIs are as per the API standards. It enables you to understand incorrect or invalid request values better. As a result, you can troubleshoot and fix the API requests to get the correct response. If you provide incorrect base URL or incorrect query parameters, you get the 404 response code. If you provide invalid input parameters, you get a 400 response code.