Enterprise TruRisk™ Platform Release 10.39 API
June 8, 2026
In the API Release Notes, <qualys_base_url> is used as a sample API request to represent the API server URL. To learn more about the API server URL for your environment, refer to the Know Your Qualys API Server URL section.
API versioning is supported across Qualys APIs. To learn more about versioning standards and deprecation timelines, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.
Qualys Vulnerability Management (VM)
Support for CVSSv4.0 Base Score in KnowledgeBase and Report Template
With this feature, we have provided support to CVSS4.0 in the following APIs, which provide enhanced vulnerability scoring with greater precision and contextual relevance. This helps to deliver accurate and standardized vulnerability insights by providing CVSSv4.0 in the KnowledgeBase and enabling dynamic search operations, improving risk prioritization and automation efficiency. Enhances reporting flexibility and integration through API-driven report templates, reducing manual effort and enabling consistent, scalable security reporting for host and scan-based findings.
KnowledgeBase API:
| New or Updated API | Updated |
| API Endpoint | /api/4.0/fo/knowledge_base/vuln/ |
| Method | GET, POST |
| DTD or XSD changes | Yes |
You can view the list of CVSS4.0 details in the response for a single QID.
API Request
curl --location '<qualys_base_url>/api/4.0/fo/knowledge_base/vuln/?action=list&details=All&ids=913768' \ --header 'Content-Type: test/xml' \ --header 'X-Requested-With: test' \ --header 'Accept-Encoding: *' \ --header 'Authorization: Bearer<JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE KNOWLEDGE\_BASE\_VULN\_LIST\_OUTPUT SYSTEM "<qualys_base_url>/api/4.0/fo/knowledge\_base/vuln/knowledge\_base\_vuln\_list\_…
<RESPONSE>
<DATETIME>2025-09-29T12:59:24Z</DATETIME>
<VULN_LIST>
<VULN>
<QID>913768</QID>
<VULN_TYPE>Vulnerability</VULN_TYPE>
<SEVERITY_LEVEL>4</SEVERITY_LEVEL>
<TITLE>
<![CDATA[Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (57590)]]>
</TITLE>
<CATEGORY>CBL-Mariner</CATEGORY>
<LAST_SERVICE_MODIFICATION_DATETIME>2025-07-02T12:07:47Z</LAST_SERVICE_MODIFICATION_DATETIME>
<PUBLISHED_DATETIME>2025-03-20T15:08:30Z</PUBLISHED_DATETIME>
<CODE_MODIFIED_DATETIME>2025-03-20T15:08:30Z</CODE_MODIFIED_DATETIME>
<PATCHABLE>1</PATCHABLE>
<PATCH_PUBLISHED_DATE>2025-03-12T00:00:00Z</PATCH_PUBLISHED_DATE>
<SOFTWARE_LIST>
<SOFTWARE>
<PRODUCT>
<![CDATA[cbl_mariner_2]]>
</PRODUCT>
<VENDOR>
<![CDATA[microsoft]]>
</VENDOR>
</SOFTWARE>
</SOFTWARE_LIST>
<VENDOR_REFERENCE_LIST>
<VENDOR_REFERENCE>
<ID>
<![CDATA[Mariner_2.0_57590]]>
</ID>
<URL>
<![CDATA[https://github.com/microsoft/CBL-Mariner/tree/2.0]]>
</URL>
</VENDOR_REFERENCE>
</VENDOR_REFERENCE_LIST>
<CVE_LIST>
<CVE>
<ID>
<![CDATA[CVE-2025-1744]]>
</ID>
<URL>
<![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1744]]>
</URL>
</CVE>
</CVE_LIST>
<DIAGNOSIS>
<![CDATA[CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for binutils to fix the vulnerabilities.<BR><BR><P>QID Detection Logic (Authenticated):<BR>QID utilizes the target system's package manager, such as "rpm", to enumerate packages and map them with vendor advisories to identify vulnerable versions.<BR>]]>
</DIAGNOSIS>
<CONSEQUENCE>
<![CDATA[Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.]]>
</CONSEQUENCE>
<SOLUTION>
<![CDATA[<P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF="https://github.com/microsoft/CBL-Mariner/tree/2.0" TARGET="\_blank">https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P><P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P><A HREF="https://github.com/microsoft/CBL-Mariner/tree/2.0" TARGET="\_blank">57590:CBL-Mariner Linux 2\\\\.0</A>]]>
</SOLUTION>
<CVSS>
<BASE source="service">5.4</BASE>
<TEMPORAL>4.0</TEMPORAL>
<VECTOR_STRING>CVSS:2.0/AV:A/AC:M/Au:M/C:N/I:C/A:P/E:U/RL:OF/RC:C</VECTOR_STRING>
<ACCESS>
<VECTOR>2</VECTOR>
<COMPLEXITY>2</COMPLEXITY>
</ACCESS>
<IMPACT>
<CONFIDENTIALITY>1</CONFIDENTIALITY>
<INTEGRITY>3</INTEGRITY>
<AVAILABILITY>2</AVAILABILITY>
</IMPACT>
<AUTHENTICATION>3</AUTHENTICATION>
<EXPLOITABILITY>1</EXPLOITABILITY>
<REMEDIATION_LEVEL>1</REMEDIATION_LEVEL>
<REPORT_CONFIDENCE>3</REPORT_CONFIDENCE>
</CVSS>
<CVSS_V3>
<BASE>9.8</BASE>
<TEMPORAL>8.5</TEMPORAL>
<VECTOR_STRING>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</VECTOR_STRING>
<CVSS3_VERSION>3.1</CVSS3_VERSION>
<ATTACK>
<VECTOR>1</VECTOR>
<COMPLEXITY>1</COMPLEXITY>
</ATTACK>
<IMPACT>
<CONFIDENTIALITY>3</CONFIDENTIALITY>
<INTEGRITY>3</INTEGRITY>
<AVAILABILITY>3</AVAILABILITY>
</IMPACT>
<PRIVILEGES_REQUIRED>1</PRIVILEGES_REQUIRED>
<USER_INTERACTION>1</USER_INTERACTION>
<SCOPE>1</SCOPE>
<EXPLOIT_CODE_MATURITY>1</EXPLOIT_CODE_MATURITY>
<REMEDIATION_LEVEL>1</REMEDIATION_LEVEL>
<REPORT_CONFIDENCE>3</REPORT_CONFIDENCE>
</CVSS_V3>
<CVSS_V4>
<BASE>10.0</BASE>
<VECTOR_STRING>CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H</VECTOR_STRING>
<CVSS4_VERSION>4.0</CVSS4_VERSION>
<ATTACK>
<VECTOR>1</VECTOR>
<COMPLEXITY>1</COMPLEXITY>
<REQUIREMENT>1</REQUIREMENT>
</ATTACK>
<IMPACT>
<VULNERABLE>
<CONFIDENTIALITY>3</CONFIDENTIALITY>
<INTEGRITY>3</INTEGRITY>
<AVAILABILITY>3</AVAILABILITY>
</VULNERABLE>
<SUBSEQUENT>
<CONFIDENTIALITY>3</CONFIDENTIALITY>
<INTEGRITY>3</INTEGRITY>
<AVAILABILITY>3</AVAILABILITY>
</SUBSEQUENT>
</IMPACT>
<PRIVILEGES_REQUIRED>1</PRIVILEGES_REQUIRED>
<USER_INTERACTION>1</USER_INTERACTION>
</CVSS_V4>
<PCI_FLAG>1</PCI_FLAG>
<THREAT_INTELLIGENCE>
<THREAT_INTEL id="4">
<![CDATA[High_Lateral_Movement]]>
</THREAT_INTEL>
<THREAT_INTEL id="15">
<![CDATA[Remote_Code_Execution]]>
</THREAT_INTEL>
</THREAT_INTELLIGENCE>
<DISCOVERY>
<REMOTE>0</REMOTE>
<AUTH_TYPE_LIST>
<AUTH_TYPE>Unix</AUTH_TYPE>
</AUTH_TYPE_LIST>
<ADDITIONAL_INFO>Patch Available</ADDITIONAL_INFO>
</DISCOVERY>
</VULN>
</VULN_LIST>
</RESPONSE>undefined</KNOWLEDGE_BASE_VULN_LIST_OUTPUT>
A DTD for KnowledgeBase API has been added.
<platform API server>/api/4.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output.dtd
DTD output for KnowledgeBase API is as follows:
DTD Output
<!-- QUALYS KNOWLEDGE_BASE_VULN_LIST_OUTPUT DTD -->
<!ELEMENT KNOWLEDGE_BASE_VULN_LIST_OUTPUT (REQUEST?,RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (VULN_LIST|ID_SET)?, WARNING?)>
<!-- DATETIME already defined -->
<!ELEMENT VULN_LIST (VULN*)>
<!ELEMENT VULN (QID, VULN_TYPE, SEVERITY_LEVEL, TITLE, CATEGORY?,TECHNOLOGY?, DETECTION_INFO?,
LAST_CUSTOMIZATION?, LAST_SERVICE_MODIFICATION_DATETIME?, PUBLISHED_DATETIME, CODE_MODIFIED_DATETIME?,
BUGTRAQ_LIST?, PATCHABLE, PATCH_PUBLISHED_DATE?, SOFTWARE_LIST?, VENDOR_REFERENCE_LIST?, CVE_LIST?,
DIAGNOSIS?, DIAGNOSIS_COMMENT?, CONSEQUENCE?, CONSEQUENCE_COMMENT?,
SOLUTION?, SOLUTION_COMMENT?, COMPLIANCE_LIST?, CORRELATION?, CVSS?, CVSS_V3?, CVSS_V4?, PCI_FLAG?, AUTOMATIC_PCI_FAIL?, PCI_REASONS?, THREAT_INTELLIGENCE?, SUPPORTED_MODULES?, DISCOVERY, IS_DISABLED?, CHANGE_LOG_LIST? )>
<!ELEMENT QID (#PCDATA)>
<!ELEMENT VULN_TYPE (#PCDATA)>
<!ELEMENT SEVERITY_LEVEL (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT CATEGORY (#PCDATA)>
<!ELEMENT TECHNOLOGY (#PCDATA)>
<!ELEMENT DETECTION_INFO (#PCDATA)>
<!ELEMENT LAST_CUSTOMIZATION (DATETIME, USER_LOGIN?)>
<!-- USER_LOGIN already defined (no USER_LOGIN for OVAL Vulns) -->
<!ELEMENT LAST_SERVICE_MODIFICATION_DATETIME (#PCDATA)>
<!ELEMENT PUBLISHED_DATETIME (#PCDATA)>
<!ELEMENT CODE_MODIFIED_DATETIME (#PCDATA)>
<!ELEMENT BUGTRAQ_LIST (BUGTRAQ+)>
<!ELEMENT BUGTRAQ (ID, URL)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT PATCHABLE (#PCDATA)>
<!ELEMENT PATCH_PUBLISHED_DATE (#PCDATA)>
<!ELEMENT SOFTWARE_LIST (SOFTWARE+)>
<!ELEMENT SOFTWARE (PRODUCT, VENDOR)>
<!ELEMENT PRODUCT (#PCDATA)>
<!ELEMENT VENDOR (#PCDATA)>
<!ELEMENT VENDOR_REFERENCE_LIST (VENDOR_REFERENCE+)>
<!ELEMENT VENDOR_REFERENCE (ID, URL)>
<!ELEMENT CVE_LIST (CVE+)>
<!ELEMENT CVE (ID, URL)>
<!-- ID, URL already defined -->
<!ELEMENT DIAGNOSIS (#PCDATA)>
<!ELEMENT DIAGNOSIS_COMMENT (#PCDATA)>
<!ELEMENT CONSEQUENCE (#PCDATA)>
<!ELEMENT CONSEQUENCE_COMMENT (#PCDATA)>
<!ELEMENT SOLUTION (#PCDATA)>
<!ELEMENT SOLUTION_COMMENT (#PCDATA)>
<!ELEMENT COMPLIANCE_LIST (COMPLIANCE+)>
<!ELEMENT COMPLIANCE (TYPE, SECTION, DESCRIPTION)>
<!ELEMENT TYPE (#PCDATA)>
<!ELEMENT SECTION (#PCDATA)>
<!ELEMENT DESCRIPTION (#PCDATA)>
<!ELEMENT CORRELATION (EXPLOITS?, MALWARE?)>
<!ELEMENT EXPLOITS (EXPLT_SRC+)>
<!ELEMENT EXPLT_SRC (SRC_NAME, EXPLT_LIST)>
<!ELEMENT SRC_NAME (#PCDATA)>
<!ELEMENT EXPLT_LIST (EXPLT+)>
<!ELEMENT EXPLT (REF, DESC, LINK?)>
<!ELEMENT REF (#PCDATA)>
<!ELEMENT DESC (#PCDATA)>
<!ELEMENT LINK (#PCDATA)>
<!ELEMENT MALWARE (MW_SRC+)>
<!ELEMENT MW_SRC (SRC_NAME, MW_LIST)>
<!ELEMENT MW_LIST (MW_INFO+)>
<!ELEMENT MW_INFO (MW_ID, MW_TYPE?, MW_PLATFORM?, MW_ALIAS?, MW_RATING?, MW_LINK?)>
<!ELEMENT MW_ID (#PCDATA)>
<!ELEMENT MW_TYPE (#PCDATA)>
<!ELEMENT MW_PLATFORM (#PCDATA)>
<!ELEMENT MW_ALIAS (#PCDATA)>
<!ELEMENT MW_RATING (#PCDATA)>
<!ELEMENT MW_LINK (#PCDATA)>
<!ELEMENT CVSS (BASE?, TEMPORAL?, VECTOR_STRING?, ACCESS?, IMPACT?, AUTHENTICATION?,
EXPLOITABILITY?, REMEDIATION_LEVEL?, REPORT_CONFIDENCE?)>
<!ELEMENT BASE (#PCDATA)>
<!ATTLIST BASE source CDATA #IMPLIED>
<!ELEMENT TEMPORAL (#PCDATA)>
<!ELEMENT VECTOR_STRING (#PCDATA)>
<!ELEMENT CVSS3_VERSION (#PCDATA)>
<!ELEMENT ACCESS (VECTOR?, COMPLEXITY?)>
<!ELEMENT VECTOR (#PCDATA)>
<!ELEMENT COMPLEXITY (#PCDATA)>
<!ELEMENT ATTACK (VECTOR?, COMPLEXITY?, REQUIREMENT?)>
<!ELEMENT IMPACT ((CONFIDENTIALITY?, INTEGRITY?, AVAILABILITY?) | (VULNERABLE?, SUBSEQUENT?))>
<!ELEMENT CONFIDENTIALITY (#PCDATA)>
<!ELEMENT INTEGRITY (#PCDATA)>
<!ELEMENT AVAILABILITY (#PCDATA)>
<!ELEMENT AUTHENTICATION (#PCDATA)>
<!ELEMENT EXPLOITABILITY (#PCDATA)>
<!ELEMENT REMEDIATION_LEVEL (#PCDATA)>
<!ELEMENT REPORT_CONFIDENCE (#PCDATA)>
<!ELEMENT CVSS_V3 (BASE?, TEMPORAL?, VECTOR_STRING?, CVSS3_VERSION?, ATTACK?, IMPACT?, PRIVILEGES_REQUIRED?, USER_INTERACTION?, SCOPE?,
EXPLOIT_CODE_MATURITY?, REMEDIATION_LEVEL?, REPORT_CONFIDENCE?)>
<!ELEMENT PRIVILEGES_REQUIRED (#PCDATA)>
<!ELEMENT USER_INTERACTION (#PCDATA)>
<!ELEMENT SCOPE (#PCDATA)>
<!ELEMENT EXPLOIT_CODE_MATURITY (#PCDATA)>
<!ELEMENT CVSS_V4 (
BASE?, VECTOR_STRING?, CVSS4_VERSION?,
ATTACK?, IMPACT?,
PRIVILEGES_REQUIRED?, USER_INTERACTION?,
EXPLOIT_CODE_MATURITY?, REQUIREMENTS?, MODIFIED?,
SAFETY?, AUTOMATABLE?, PROVIDER_URGENCY?,
VALUE_DENSITY?, VULNERABILITY_RESPONSE_EFFORT?
)>
<!ELEMENT CVSS4_VERSION (#PCDATA)>
<!-- ATTACK for CVSS v4 has extra REQUIREMENT -->
<!ELEMENT REQUIREMENT (#PCDATA)>
<!-- IMPACT for CVSS v4 -->
<!ELEMENT VULNERABLE (CONFIDENTIALITY?, INTEGRITY?, AVAILABILITY?)>
<!ELEMENT SUBSEQUENT (CONFIDENTIALITY?, INTEGRITY?, AVAILABILITY?)>
<!ELEMENT REQUIREMENTS (CONFIDENTIALITY?, INTEGRITY?, AVAILABILITY?)>
<!ELEMENT MODIFIED (ATTACK?, IMPACT?, PRIVILEGES_REQUIRED?, USER_INTERACTION?)>
<!ELEMENT SAFETY (#PCDATA)>
<!ELEMENT AUTOMATABLE (#PCDATA)>
<!ELEMENT PROVIDER_URGENCY (#PCDATA)>
<!ELEMENT VALUE_DENSITY (#PCDATA)>
<!ELEMENT VULNERABILITY_RESPONSE_EFFORT (#PCDATA)>
<!ELEMENT PCI_FLAG (#PCDATA)>
<!ELEMENT AUTOMATIC_PCI_FAIL (#PCDATA)>
<!ELEMENT PCI_REASONS (PCI_REASON+)>
<!ELEMENT PCI_REASON (#PCDATA)>
<!ELEMENT THREAT_INTELLIGENCE (THREAT_INTEL+)>
<!ELEMENT THREAT_INTEL (#PCDATA)>
<!ATTLIST THREAT_INTEL
id CDATA #REQUIRED>
<!ELEMENT SUPPORTED_MODULES (#PCDATA)>
<!ELEMENT DISCOVERY (REMOTE, AUTH_TYPE_LIST?, ADDITIONAL_INFO?)>
<!ELEMENT REMOTE (#PCDATA)>
<!ELEMENT AUTH_TYPE_LIST (AUTH_TYPE+)>
<!ELEMENT AUTH_TYPE (#PCDATA)>
<!ELEMENT ADDITIONAL_INFO (#PCDATA)>
<!ELEMENT IS_DISABLED (#PCDATA)>
<!ELEMENT CHANGE_LOG_LIST (CHANGE_LOG_INFO+)>
<!ELEMENT CHANGE_LOG_INFO (CHANGE_DATE, COMMENTS)>
<!ELEMENT CHANGE_DATE (#PCDATA)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT ID_SET ((ID|ID_RANGE)+)>
<!-- ID already defined -->
<!ELEMENT ID_RANGE (#PCDATA)>
<!ELEMENT WARNING (CODE?, TEXT, URL?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!-- URL already defined -->
<!-- EOF -->
Dynamic Search Lists API:
| New or Updated API | Updated |
| API Endpoint | /api/3.0/fo/qid/search_list/dynamic/ |
| Method | GET, POST |
| DTD or XSD changes | Yes |
You can perform actions such as create, update, and list. Two new elements, cvss4_base and cvss4_base_operand, are introduced in DTD output and input parameters.
Input ParametersInput Parameters
| Parameter | Required/Optional | Data Type | Description |
|---|---|---|---|
| cvss4_base={value} | Optional | Integer | CVSS4 base score value assigned to the CVEs by NIST (matches greater than or less than the value) |
| cvss4_base_operand={value} |
Optional | Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss4_base" parameter along with the "cvss4_base_operand" parameter in the API request. |
Sample - Create a dynamic searchSample - Create a dynamic search
API Request
curl --location '<qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/' \
--header 'X-Requested-With: Curl' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer<JWT Token>' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Dynamic SL to Test CVSS V4 Phase 2 via API 11' \
--data-urlencode 'global=1' \
--data-urlencode 'cvss4_base=5' \
--data-urlencode 'cvss4_base_operand=2'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-09T06:04:59Z</DATETIME>
<TEXT>New search list created successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>6331504</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Update a dynamic searchSample - Update a dynamic search
API Request
curl --location '<qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/' \ --header 'X-Requested-With: Curl' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Bearer<JWT Token>' \ --data-urlencode 'action=update' \ --data-urlencode 'title=Dynamic SL to Test CVSS V4 Phase 2 via API' \ --data-urlencode 'id=6331504' \ --data-urlencode 'global=1' \ --data-urlencode 'cvss4_base=3' \ --data-urlencode 'cvss4_base_operand=1'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.p04.eng.sjc01.qualys.com/api/3.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2025-12-09T09:25:34Z</DATETIME> <TEXT>search list updated successfully</TEXT> <ITEM_LIST> <ITEM> <KEY>ID</KEY> <VALUE>6331504</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN>
Sample - List Dynamic searchSample - List Dynamic search
API Request
curl --location '<qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/?action=list&ids=6331504&show_qids=0' \
--header 'Content-Type: test/xml' \
--header 'X-Requested-With: test' \
--header 'Authorization: Bearer<JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE DYNAMIC_SEARCH_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd">
<DYNAMIC_SEARCH_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-12-09T07:01:26Z</DATETIME>
<DYNAMIC_LISTS>
<DYNAMIC_LIST>
<ID>6331504</ID>
<TITLE>
<![CDATA[Dynamic SL to Test CVSS V4 Phase 2 via API 11]]>
</TITLE>
<GLOBAL>Yes</GLOBAL>
<OWNER>
<![CDATA[user name (vmdrxaz7)]]>
</OWNER>
<CREATED>2025-12-09T06:04:59Z</CREATED>
<MODIFIED_BY>
<![CDATA[user name (vmdrxaz7)]]>
</MODIFIED_BY>
<MODIFIED>2025-12-09T06:04:59Z</MODIFIED>
<CRITERIA>
<DISCOVERY_METHOD>
<![CDATA[All]]>
</DISCOVERY_METHOD>
<CVSS4_BASE_SCORE>
<![CDATA[5]]>
</CVSS4_BASE_SCORE>
<CVSS4_BASE_SCORE_OPERAND>
<![CDATA[2]]>
</CVSS4_BASE_SCORE_OPERAND>
<CVSS4_VERSION>4</CVSS4_VERSION>
</CRITERIA>
</DYNAMIC_LIST>
</DYNAMIC_LISTS>
</RESPONSE>
</DYNAMIC_SEARCH_LIST_OUTPUT>
DTD OutputDTD Output
A DTD for KnowledgeBase API has been added.
<platform API server>/api/3.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd
DTD output for KnowledgeBase API is as follows:
DTD Output
<!-- QUALYS DYNAMIC_SEARCH_LIST_OUTPUT DTD -->
<!ELEMENT DYNAMIC_SEARCH_LIST_OUTPUT (REQUEST?,RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, DYNAMIC_LISTS?)>
<!ELEMENT DYNAMIC_LISTS (DYNAMIC_LIST+)>
<!ELEMENT DYNAMIC_LIST (ID, TITLE, GLOBAL, OWNER, CREATED?, MODIFIED_BY?, MODIFIED?, QIDS?, CRITERIA, OPTION_PROFILES?, REPORT_TEMPLATES?, REMEDIATION_POLICIES?, DISTRIBUTION_GROUPS?, COMMENTS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT GLOBAL (#PCDATA)>
<!ELEMENT OWNER (#PCDATA)>
<!ELEMENT CREATED (#PCDATA)>
<!ELEMENT MODIFIED_BY (#PCDATA)>
<!ELEMENT MODIFIED (#PCDATA)>
<!ELEMENT QIDS (QID+)>
<!ELEMENT QID (#PCDATA)>
<!ELEMENT CRITERIA (VULNERABILITY_TITLE?, DISCOVERY_METHOD?, AUTHENTICATION_TYPE?, USER_CONFIGURATION?, CATEGORY?, CONFIRMED_SEVERITY?, POTENTIAL_SEVERITY?, INFORMATION_SEVERITY?, VENDOR?, PRODUCT?, CVSS_BASE_SCORE?, CVSS_TEMPORAL_SCORE?, CVSS3_BASE_SCORE?, CVSS3_TEMPORAL_SCORE?, CVSS_ACCESS_VECTOR?, PATCH_AVAILABLE?, VIRTUAL_PATCH_AVAILABLE?, CVE_ID?, CVE_ID_FILTER?, CPE?, EXPLOITABILITY?, ASSOCIATED_MALWARE?, VENDOR_REFERENCE?, BUGTRAQ_ID?, VULNERABILITY_DETAILS?, SUPPORTED_MODULES?, CLOUD_AGENT_SCAN_TYPE? ,COMPLIANCE_DETAILS?, COMPLIANCE_TYPE?, QUALYS_TOP_20?, OTHER?, NETWORK_ACCESS?, PROVIDER?, CVSS_BASE_SCORE_OPERAND?, CVSS_TEMPORAL_SCORE_OPERAND?, CVSS3_BASE_SCORE_OPERAND?, CVSS3_TEMPORAL_SCORE_OPERAND?, CVSS3_VERSION?, CVSS4_BASE_SCORE?, CVSS4_BASE_SCORE_OPERAND?, CVSS4_VERSION?, USER_MODIFIED?, PUBLISHED?, SERVICE_MODIFIED? )>
<!ELEMENT VULNERABILITY_TITLE (#PCDATA)>
<!ELEMENT DISCOVERY_METHOD (#PCDATA)>
<!ELEMENT AUTHENTICATION_TYPE (#PCDATA)>
<!ELEMENT USER_CONFIGURATION (#PCDATA)>
<!ELEMENT CATEGORY (#PCDATA)>
<!ELEMENT CONFIRMED_SEVERITY (#PCDATA)>
<!ELEMENT POTENTIAL_SEVERITY (#PCDATA)>
<!ELEMENT INFORMATION_SEVERITY (#PCDATA)>
<!ELEMENT VENDOR (#PCDATA)>
<!ELEMENT PRODUCT (#PCDATA)>
<!ELEMENT CVSS_BASE_SCORE (#PCDATA)>
<!ELEMENT CVSS_TEMPORAL_SCORE (#PCDATA)>
<!ELEMENT CVSS_ACCESS_VECTOR (#PCDATA)>
<!ELEMENT PATCH_AVAILABLE (#PCDATA)>
<!ELEMENT VIRTUAL_PATCH_AVAILABLE (#PCDATA)>
<!ELEMENT CVE_ID (#PCDATA)>
<!ELEMENT CVE_ID_FILTER (#PCDATA)>
<!ELEMENT EXPLOITABILITY (#PCDATA)>
<!ELEMENT ASSOCIATED_MALWARE (#PCDATA)>
<!ELEMENT VENDOR_REFERENCE (#PCDATA)>
<!ELEMENT BUGTRAQ_ID (#PCDATA)>
<!ELEMENT VULNERABILITY_DETAILS (#PCDATA)>
<!ELEMENT SUPPORTED_MODULES (#PCDATA)>
<!ELEMENT CLOUD_AGENT_SCAN_TYPE (#PCDATA)>
<!ELEMENT COMPLIANCE_DETAILS (#PCDATA)>
<!ELEMENT COMPLIANCE_TYPE (#PCDATA)>
<!ELEMENT QUALYS_TOP_20 (#PCDATA)>
<!ELEMENT OTHER (#PCDATA)>
<!ELEMENT NETWORK_ACCESS (#PCDATA)>
<!ELEMENT PROVIDER (#PCDATA)>
<!ELEMENT CVSS_BASE_SCORE_OPERAND (#PCDATA)>
<!ELEMENT CVSS_TEMPORAL_SCORE_OPERAND (#PCDATA)>
<!ELEMENT CVSS3_BASE_SCORE (#PCDATA)>
<!ELEMENT CVSS3_TEMPORAL_SCORE (#PCDATA)>
<!ELEMENT CVSS3_BASE_SCORE_OPERAND (#PCDATA)>
<!ELEMENT CVSS3_TEMPORAL_SCORE_OPERAND (#PCDATA)>
<!ELEMENT CVSS3_VERSION (#PCDATA)>
<!ELEMENT CVSS4_BASE_SCORE (#PCDATA)>
<!ELEMENT CVSS4_BASE_SCORE_OPERAND (#PCDATA)>
<!ELEMENT CVSS4_VERSION (#PCDATA)>
<!ELEMENT OPTION_PROFILES (OPTION_PROFILE+)>
<!ELEMENT OPTION_PROFILE (ID, TITLE)>
<!ELEMENT REPORT_TEMPLATES (REPORT_TEMPLATE+)>
<!ELEMENT REPORT_TEMPLATE (ID, TITLE)>
<!ELEMENT REMEDIATION_POLICIES (REMEDIATION_POLICY+)>
<!ELEMENT REMEDIATION_POLICY (ID, TITLE)>
<!ELEMENT DISTRIBUTION_GROUPS (DISTRIBUTION_GROUP+)>
<!ELEMENT DISTRIBUTION_GROUP (NAME)>
<!ELEMENT NAME (#PCDATA)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT USER_MODIFIED (#PCDATA)>
<!ELEMENT PUBLISHED (#PCDATA)>
<!ELEMENT SERVICE_MODIFIED (#PCDATA)>
<!ELEMENT CPE (#PCDATA)>
<!-- EOF -->
Scan Template API:
| New or Updated API | Updated |
| API Endpoint | /api/4.0/fo/report/template/scan/ |
| EOS Timeline: December 2026 | |
| EOL Timeline: June 2027 | |
| API Endpoint (New Version) |
/api/7.0/fo/report/template/scan/ |
| Method | POST |
| DTD or XSD changes | No |
You can create, update, and export the report template. This action can be performed with both host-based and scan-based findings.
Samples - Scan Report Template for Host Based Findings
Sample - Create a scan report templateSample - Create a scan report template
API Request
curl --location '
<qualys_base_url>/api/7.0/fo/report/template/scan/?action=create&report_format=xml' \
--header 'Accept: */*' \
--header 'X-Requested-With: curl' \
--header 'content-type: text/xml' \
--header 'Authorization: Bearer <JWT Token>' \
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/7.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2026-04-16T05:16:42Z</DATETIME>
<TEXT>Scan Report Template(s) Successfully Created.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>10104919</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Update a scan report templateSample - Update a scan report template
API Request
curl --location '<qualys_base_url>/api/7.0/fo/report/template/scan/?action=update&report_format=xml&template_id=10066129' \
--header 'Accept: */*' \
--header 'X-Requested-With: curl' \
--header 'content-type: text/xml' \
--header 'Authorization: Bearer <JWT Token>' \
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/7.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2026-04-16T05:24:49Z</DATETIME>
<TEXT>Scan Report Template Successfully Updated.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>10066129</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Export a scan report templateSample - Export a scan report template
API Request
curl --location '<qualys_base_url>/api/7.0/fo/report/template/scan/?action=export&report_format=xml&template_id=10066129' \
--header 'X-Requested-With: curl' \
--header 'Authorization: Bearer
<JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE REPORTTEMPLATE SYSTEM "<qualys_base_url>/api/7.0/fo/report/template/scan/scanreporttemplate_info.dtd">
<REPORTTEMPLATE>
<SCANTEMPLATE>
<TITLE>
<INFO key="template_id">
<![CDATA[10066129]]>
</INFO>
<INFO key="title">
<![CDATA[TEST1]]>
</INFO>
<INFO key="owner">
<![CDATA[3766154]]>
</INFO>
</TITLE>
<TARGET>
<INFO key="scan_selection">
<![CDATA[HostBased]]>
</INFO>
<INFO key="include_trending">
<![CDATA[0]]>
</INFO>
<INFO key="asset_groups">
<![CDATA[]]>
</INFO>
<INFO key="network">
<![CDATA[-100]]>
</INFO>
<INFO key="ips">
<![CDATA[xx.xxx.xx.xxx-xx.xxx.xx.xxx,xx.xx.xx.xx,xx.xx.xx.xxx-xx.xx.xx.xxx,xx.xxx.xx.xxx,xx.xxx.xxx.xx]]>
</INFO>
<INFO key="host_with_cloud_agents">
<![CDATA[all]]>
</INFO>
<INFO key="fqdns">
<![CDATA[]]>
</INFO>
</TARGET>
<DISPLAY>
<INFO key="graph_business_risk">
<![CDATA[0]]>
</INFO>
<INFO key="graph_vuln_over_time">
<![CDATA[0]]>
</INFO>
<INFO key="display_text_summary">
<![CDATA[1]]>
</INFO>
<INFO key="graph_status">
<![CDATA[0]]>
</INFO>
<INFO key="graph_potential_status">
<![CDATA[0]]>
</INFO>
<INFO key="graph_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_potential_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_ig_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_categories">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_vulns">
<![CDATA[0]]>
</INFO>
<INFO key="graph_os">
<![CDATA[0]]>
</INFO>
<INFO key="graph_services">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_ports">
<![CDATA[0]]>
</INFO>
<INFO key="display_custom_footer">
<![CDATA[0]]>
</INFO>
<INFO key="display_custom_footer_text">
<![CDATA[]]>
</INFO>
<INFO key="sort_by">
<![CDATA[host]]>
</INFO>
<INFO key="cvss">
<![CDATA[cvssv4]]>
</INFO>
<INFO key="host_details">
<![CDATA[1]]>
</INFO>
<INFO key="host_ag_details">
<![CDATA[1]]>
</INFO>
<INFO key="qualys_system_ids">
<![CDATA[1]]>
</INFO>
<INFO key="include_text_summary">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_threat">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_impact">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_solution">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_vpatch">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_compliance">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_exploit">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_malware">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_results">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_appendix">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_account_id">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_reopened">
<![CDATA[0]]>
</INFO>
<INFO key="metadata_ec2_instances">
<![CDATA[1]]>
</INFO>
<INFO key="cloud_provider_metadata">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_detection_logic">
<![CDATA[0]]>
</INFO>
<INFO key="include_trurisk_details">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_detection_source">
<![CDATA[1]]>
</INFO>
<INFO key="trurisk_elimination_status">
<![CDATA[1]]>
</INFO>
<INFO key="mitre_attack_details">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_deep_scan_results">
<![CDATA[0]]>
</INFO>
</DISPLAY>
<FILTER>
<INFO key="selective_vulns">
<![CDATA[complete]]>
</INFO>
<INFO key="search_list_ids">
<![CDATA[]]>
</INFO>
<INFO key="exclude_qid_option">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_search_list_ids">
<![CDATA[]]>
</INFO>
<INFO key="included_os">
<![CDATA[ALL]]>
</INFO>
<INFO key="status_new">
<![CDATA[1]]>
</INFO>
<INFO key="status_active">
<![CDATA[1]]>
</INFO>
<INFO key="status_reopen">
<![CDATA[1]]>
</INFO>
<INFO key="status_fixed">
<![CDATA[0]]>
</INFO>
<INFO key="vuln_active">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="vuln_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="potential_active">
<![CDATA[0]]>
</INFO>
<INFO key="potential_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="potential_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="ig_active">
<![CDATA[0]]>
</INFO>
<INFO key="ig_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="ig_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="display_non_running_kernels">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_non_running_kernel">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_non_running_services">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_superceded_patches">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_qids_not_exploitable_due_to_configuration">
<![CDATA[0]]>
</INFO>
<INFO key="categories_list">
<![CDATA[ALL]]>
</INFO>
<INFO key="qds_score_min">
<![CDATA[]]>
</INFO>
<INFO key="qds_score_max">
<![CDATA[]]>
</INFO>
<INFO key="exclude_kpatch_cve">
<![CDATA[0]]>
</INFO>
</FILTER>
<SERVICESPORTS>
<INFO key="required_services">
<![CDATA[]]>
</INFO>
<INFO key="unauthorized_services">
<![CDATA[]]>
</INFO>
<INFO key="services_info">
<![CDATA[]]>
</INFO>
<INFO key="required_ports">
<![CDATA[]]>
</INFO>
<INFO key="unauthorized_ports">
<![CDATA[]]>
</INFO>
</SERVICESPORTS>
<USERACCESS>
<INFO key="global">
<![CDATA[1]]>
</INFO>
<INFO key="report_access_users">
<![CDATA[]]>
</INFO>
</USERACCESS>
</SCANTEMPLATE>
</REPORTTEMPLATE>
Samples - Scan Report Template for Scan Based Findings
Sample - Create a scan report templateSample - Create a scan report template
API Request
curl --location '
<qualys_base_url>/api/7.0/fo/report/template/scan/?action=create&report_format=xml' \
--header 'Accept: */*' \
--header 'X-Requested-With: curl' \
--header 'content-type: text/xml' \
--header 'Authorization: Bearer <JWT Token>' \
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/7.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2026-04-16T05:30:16Z</DATETIME>
<TEXT>Scan Report Template(s) Successfully Created.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>10104953</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Update a scan report templateSample - Update a scan report template
API Request
curl --location '
<qualys_base_url>/api/7.0/fo/report/template/scan/?action=update&report_format=xml&template_id=10104970' \
--header 'Accept: */*' \
--header 'X-Requested-With: curl' \
--header 'content-type: text/xml' \
--header 'Authorization: Bearer <JWT Token>' \
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/7.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2026-04-16T05:43:34Z</DATETIME>
<TEXT>Scan Report Template Successfully Updated.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>10104970</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Export scan report templateSample - Export scan report template
API Request
curl --location '
<qualys_base_url>/api/7.0/fo/report/template/scan/?action=export&report_format=xml&template_id=10066129' \
--header 'X-Requested-With: curl' \
--header 'Authorization: bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE REPORTTEMPLATE SYSTEM "<qualys_base_url>/api/7.0/fo/report/template/scan/scanreporttemplate_info.dtd">
<REPORTTEMPLATE>
<SCANTEMPLATE>
<TITLE>
<INFO key="template_id">
<![CDATA[10066129]]>
</INFO>
<INFO key="title">
<![CDATA[TEST1]]>
</INFO>
<INFO key="owner">
<![CDATA[3766154]]>
</INFO>
</TITLE>
<TARGET>
<INFO key="scan_selection">
<![CDATA[HostBased]]>
</INFO>
<INFO key="include_trending">
<![CDATA[0]]>
</INFO>
<INFO key="asset_groups">
<![CDATA[]]>
</INFO>
<INFO key="network">
<![CDATA[-100]]>
</INFO>
<INFO key="ips">
<![CDATA[xx.xxx.xx.xxx-xx.xxx.xx.xxx,xx.xx.xx.xx,xx.xx.xx.xxx-xx.xx.xx.xxx,xx.xxx.xx.xxx,xx.xxx.xxx.xx]]>
</INFO>
<INFO key="host_with_cloud_agents">
<![CDATA[all]]>
</INFO>
<INFO key="fqdns">
<![CDATA[]]>
</INFO>
</TARGET>
<DISPLAY>
<INFO key="graph_business_risk">
<![CDATA[0]]>
</INFO>
<INFO key="graph_vuln_over_time">
<![CDATA[0]]>
</INFO>
<INFO key="display_text_summary">
<![CDATA[1]]>
</INFO>
<INFO key="graph_status">
<![CDATA[0]]>
</INFO>
<INFO key="graph_potential_status">
<![CDATA[0]]>
</INFO>
<INFO key="graph_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_potential_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_ig_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_categories">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_vulns">
<![CDATA[0]]>
</INFO>
<INFO key="graph_os">
<![CDATA[0]]>
</INFO>
<INFO key="graph_services">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_ports">
<![CDATA[0]]>
</INFO>
<INFO key="display_custom_footer">
<![CDATA[0]]>
</INFO>
<INFO key="display_custom_footer_text">
<![CDATA[]]>
</INFO>
<INFO key="sort_by">
<![CDATA[host]]>
</INFO>
<INFO key="cvss">
<![CDATA[cvssv4]]>
</INFO>
<INFO key="host_details">
<![CDATA[1]]>
</INFO>
<INFO key="host_ag_details">
<![CDATA[1]]>
</INFO>
<INFO key="qualys_system_ids">
<![CDATA[1]]>
</INFO>
<INFO key="include_text_summary">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_threat">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_impact">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_solution">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_vpatch">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_compliance">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_exploit">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_malware">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_results">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_appendix">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_account_id">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_reopened">
<![CDATA[0]]>
</INFO>
<INFO key="metadata_ec2_instances">
<![CDATA[1]]>
</INFO>
<INFO key="cloud_provider_metadata">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_detection_logic">
<![CDATA[0]]>
</INFO>
<INFO key="include_trurisk_details">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_detection_source">
<![CDATA[1]]>
</INFO>
<INFO key="trurisk_elimination_status">
<![CDATA[1]]>
</INFO>
<INFO key="mitre_attack_details">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_deep_scan_results">
<![CDATA[0]]>
</INFO>
</DISPLAY>
<FILTER>
<INFO key="selective_vulns">
<![CDATA[complete]]>
</INFO>
<INFO key="search_list_ids">
<![CDATA[]]>
</INFO>
<INFO key="exclude_qid_option">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_search_list_ids">
<![CDATA[]]>
</INFO>
<INFO key="included_os">
<![CDATA[ALL]]>
</INFO>
<INFO key="status_new">
<![CDATA[1]]>
</INFO>
<INFO key="status_active">
<![CDATA[1]]>
</INFO>
<INFO key="status_reopen">
<![CDATA[1]]>
</INFO>
<INFO key="status_fixed">
<![CDATA[0]]>
</INFO>
<INFO key="vuln_active">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="vuln_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="potential_active">
<![CDATA[0]]>
</INFO>
<INFO key="potential_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="potential_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="ig_active">
<![CDATA[0]]>
</INFO>
<INFO key="ig_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="ig_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="display_non_running_kernels">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_non_running_kernel">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_non_running_services">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_superceded_patches">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_qids_not_exploitable_due_to_configuration">
<![CDATA[0]]>
</INFO>
<INFO key="categories_list">
<![CDATA[ALL]]>
</INFO>
<INFO key="qds_score_min">
<![CDATA[]]>
</INFO>
<INFO key="qds_score_max">
<![CDATA[]]>
</INFO>
<INFO key="exclude_kpatch_cve">
<![CDATA[0]]>
</INFO>
</FILTER>
<SERVICESPORTS>
<INFO key="required_services">
<![CDATA[]]>
</INFO>
<INFO key="unauthorized_services">
<![CDATA[]]>
</INFO>
<INFO key="services_info">
<![CDATA[]]>
</INFO>
<INFO key="required_ports">
<![CDATA[]]>
</INFO>
<INFO key="unauthorized_ports">
<![CDATA[]]>
</INFO>
</SERVICESPORTS>
<USERACCESS>
<INFO key="global">
<![CDATA[1]]>
</INFO>
<INFO key="report_access_users">
<![CDATA[]]>
</INFO>
</USERACCESS>
</SCANTEMPLATE>
</REPORTTEMPLATE>
Scan report templates now support enhanced capabilities across versions:
- Kernel Live Patch (v5): Provides the ability to exclude Linux kernel CVEs that are already fixed by live patches, reducing false positives and improving visibility into truly actionable vulnerabilities.
- Deep Scan (v6): Discovers vulnerable software and binaries in non-standard locations that traditional scans may miss. This API allows Deep Scan findings to be included in scan report templates.
- CVSS v4.0 Support (v7): Uses enhanced vulnerability scoring for greater precision and context‑aware reporting in API‑driven workflows.
To enable features from earlier versions (v5 and v6) and the current version (v7), if CVSS v4 is not visible in your environment, contact your Technical Account Manager (TAM) or Qualys Support.
Use Asset Tags and Tag Rules Across All Authentication Record APIs
| New or Updated API | Updated |
| API Endpoint |
api/2.0/fo/auth api/3.0/fo/auth |
| EOS Timeline: December 2026 | |
| EOL Timeline: June 2027 | |
| API Endpoint (New Version) |
api/3.0/fo/auth api/4.0/fo/auth |
| Method | POST |
| DTD or XSD changes | Yes |
You can now use asset tags and tag based rules across all authentication record APIs, enabling consistent scoping of authentication records beyond Unix and Windows authentication types.
Previously, tag based scoping was limited to operating system authentication records. You had to manage other authentication types using manually defined IP ranges, making it difficult to scale authentication coverage.
What’s New
This enhancement is implemented across multiple API versions. This update introduces tag driven scoping across a broader set of authentication technologies. You can now use tag based scoping for authentication records across multiple technologies, including:
API 3.0 for the following:
- Operating System
Unix - Network and security
Cisco
Network SSH
Palo Alto Networks Firewall
SNMP - Applications
- HTTP
JBoss Server
Oracle WebLogic Server
TomcatServer - Databases
IBM DB2
MongoDB
Oracle
Oracle Listner
SAP HANA - VMware
NSX
Open Linux Virtual Machine (OLVM)
Vcenter
VMware ESXi
API 4.0 for the following:
- Databases
MySQL
Sybase
This enables you to define authentication scope based on your asset tagging strategy instead of relying on static IP ranges.
API Behavior
You can scope authentication records using:
- Asset tags
- Dynamic tag rules
- IP ranges (existing behavior)
- When tag parameters are provided, List API responses include an optional TAGS element.
- When tag parameters are not provided, API behavior remains unchanged.
- Existing authentication records continue to function without modification.
Backward Compatibility
- All changes are fully backward compatible.
- Tag parameters are optional.
- Existing API integrations continue to work without changes.
Capability Enhancement
You can now align authentication APIs with your asset tagging strategy, enabling:
- More scalable and automated authentication management.
- Consistent scoping across authentication types.
- Reduced operational overhead from manual IP range management.
Input ParametersInput Parameters
| Parameter Name |
Required/ Optional |
Data Type |
Description |
|
tag_include_selector={all|any} |
Optional | String |
Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags. |
| tag_exclude_selector={all|any} | Optional | String | Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags. |
| tag_set_by={id|name} | Optional | String | Specify id (the default) to select a tag set by providing tag IDs. Specify name to select a tag set by providing tag names. We will check if the tag ids or tag names are valid. |
| tags_include={value} | Optional | String | Specify tags to include in the record. |
| tags_exclude={value} | Optional | String | Specify tags to exclude in the record. |
Authentication Record Types
Operating System - Unix - Subtype: Cisco and Checkpoint Firewall
For Unix Authentication Technology, the following API samples are provided:
Sample - Create with Asset Tags (by Name) - CiscoSample - Create with Asset Tags (by Name) - Cisco
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/unix/?action=create&title=Cisco&port=42&asset_type=ip_range_tag_rule&tag_set_by=name&tags_include=Exc_1&tags_exclude=Exc_2&password=test&username=test&sub_type=cisco&port=22' \
--header 'X-Requested-With: abcd' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update with IP Range Tag Rule IDs - CiscoSample - Update with IP Range Tag Rule IDs - Cisco
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/unix/?action=update\
&ids=<AUTH_RECORD_ID>\
&sub_type=cisco\
&asset_type=ip_range_tag_rule\
&tag_set_by=id\
&tags_include=201,202\
&tags_exclude=203"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List CiscoSample - List Cisco
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/unix/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_UNIX_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/2.0/fo/auth/unix/dtd/auth_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_UNIX_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T12:29:55Z</DATETIME>
<AUTH_UNIX_LIST>
<AUTH_UNIX>
<ID>8926408</ID>
<TITLE>
<![CDATA[API_TEST_AUTOMATION_476349994]]>
</TITLE>
<USERNAME>
<![CDATA[API_RNDM_476384383]]>
</USERNAME>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>7612812</ID>
<NAME>Cloud Agent</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
</TAGS_EXCLUDE>
</TAGS>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T04:38:17Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T12:28:04Z</DATETIME>
</LAST_MODIFIED>
</AUTH_UNIX>
</AUTH_UNIX_LIST>
</RESPONSE>
</AUTH_UNIX_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete CiscoSample - Delete Cisco
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/unix/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "qualysapi.qualys.com/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create with Asset Tags (by name) - Checkpoint FirewallSample - Create with Asset Tags (by name) - Checkpoint Firewall
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/unix/?action=create&title=cicso_auth&port=42&asset_type=asset_tags&tag_set_by=name&tags_include=Exc_1&tags_exclude=Exc_2&password=test&username=test&sub_type=checkpoint_firewall&port=22' \
--header 'X-Requested-With: abcd' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update with IP Range Tag Rule IDs - Checkpoint FirewallSample - Update with IP Range Tag Rule IDs - Checkpoint Firewall
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/unix/?action=update\
&ids=<AUTH_RECORD_ID>\
&sub_type=checkpoint_firewall\
&asset_type=ip_range_tag_rule\
&tag_set_by=id\
&tags_include=101,102\
&tags_exclude=103"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List Checkpoint FirewallSample - List Checkpoint Firewall
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/unix/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_UNIX_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/2.0/fo/auth/unix/dtd/auth_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_UNIX_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T12:29:55Z</DATETIME>
<AUTH_UNIX_LIST>
<AUTH_UNIX>
<ID>8926408</ID>
<TITLE>
<![CDATA[API_TEST_AUTOMATION_476349994]]>
</TITLE>
<USERNAME>
<![CDATA[API_RNDM_476384383]]>
</USERNAME>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>7612812</ID>
<NAME>Cloud Agent</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
</TAGS_EXCLUDE>
</TAGS>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T04:38:17Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T12:28:04Z</DATETIME>
</LAST_MODIFIED>
</AUTH_UNIX>
</AUTH_UNIX_LIST>
</RESPONSE>
</AUTH_UNIX_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete Checkpoint FirewallSample - Delete Checkpoint Firewall
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/unix/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "qualysapi.qualys.com/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Network and Security
For Network and Security, the following API samples are provided:
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/network_ssh/?action=create&password=zxc&port=270&tag_exclude_selector=all&cleartext_password=1&target_type=A10&asset_type=asset_tags&tag_set_by=name&tag_include_selector=any&title=api_automation&username=abc&tags_exclude=ABC-TAG-Update&tags_include=EC2' \
--header 'X-Requested-With: ABCD' \
--header 'Authorization: Bearer <JWT Token>' \
--data ''
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update Network SSH with Asset Tags (by Name)Sample - Update Network SSH with Asset Tags (by Name)
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/network_ssh/?action=update\
&ids=<AUTH_RECORD_ID>\
&port=2222\
&asset_type=asset_tags\
&tag_set_by=name\
&tag_include_selector=ANY\
&tags_include=Network,SSH\
&tag_exclude_selector=ANY\
&tags_exclude=Dev"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create Network SSH with IP Range Tag Rule (by Name)Sample - Create Network SSH with IP Range Tag Rule (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/network_ssh/?action=create&password=zxc&port=270&tag_exclude_selector=all&cleartext_password=1&target_type=A10&asset_type=ip_range_tag_rule&tag_set_by=name&tag_include_selector=any&title=api_automation&username=abc&tags_exclude=ABC-TAG-Update&tags_include=EC2' \
--header 'X-Requested-With: ABCD' \
--header 'Authorization: Bearer <JWT Token>' \
--data ''
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List Network SSHSample - List Network SSH
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/network_ssh/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_NETWORK_SSH_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/network_ssh/dtd/auth_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_NETWORK_SSH_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:21:07Z</DATETIME>
<AUTH_NETWORK_SSH_LIST>
<AUTH_NETWORK_SSH>
<ID>8929418</ID>
<TITLE>
<![CDATA[api_automation]]>
</TITLE>
<USERNAME>
<![CDATA[abc]]>
</USERNAME>
<PORT>270</PORT>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214412</ID>
<NAME>EC2</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>all</SELECTOR>
<TAG>
<ID>8632833</ID>
<NAME>ABC-TAG-Update</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<CLEARTEXT_PASSWORD>1</CLEARTEXT_PASSWORD>
<TARGET_TYPE>
<![CDATA[A10 (VM, PC)]]>
</TARGET_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T13:20:39Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T13:20:39Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NETWORK_SSH>
</AUTH_NETWORK_SSH_LIST>
</RESPONSE>
</AUTH_NETWORK_SSH_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete Network SSHSample - Delete Network SSH
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/network_ssh/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create Palo Alto Networks Firewall with Asset Tags (by Name)Sample - Create Palo Alto Networks Firewall with Asset Tags (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/?action=create&title=palo4&login_type=basic&username=root&asset_type=asset_tags&tag_set_by=name&tags_include=Exc_1&tags_exclude=Exc_2&password=test&tag_include_selector=any&tag_exclude_selector=all' \
--header 'X-Requested-With: abcd' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update Palo Alto Networks Firewall with Asset Tags (by Name)Sample - Update Palo Alto Networks Firewall with Asset Tags (by Name)
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/?action=update\
&ids=<AUTH_RECORD_ID>\
&title=My_Record_PaloAlto\
&asset_type=asset_tags\
&tag_set_by=name\
&tag_include_selector=ANY\
&tags_include=Firewall,PaloAlto\
&tag_exclude_selector=ANY\
&tags_exclude=Dev"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create Palo Alto Networks Firewall with IP Range Tag Rule (by Name)Sample - Create Palo Alto Networks Firewall with IP Range Tag Rule (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/?action=create&title=palo4&login_type=basic&username=root&asset_type=ip_range_tag_rule&tag_set_by=name&tags_include=Exc_1&tags_exclude=Exc_2&password=test&tag_include_selector=any&tag_exclude_selector=all' \
--header 'X-Requested-With: abcd' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List Palo Alto Networks FirewallSample - List Palo Alto Networks Firewall
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_PALO_ALTO_FIREWALL_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/auth_palo_alto_firewall_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_PALO_ALTO_FIREWALL_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:03:08Z</DATETIME>
<AUTH_PALO_ALTO_FIREWALL_LIST>
<AUTH_PALO_ALTO_FIREWALL>
<ID>8929415</ID>
<TITLE>
<![CDATA[Palo Alto Test]]>
</TITLE>
<USERNAME>
<![CDATA[a]]>
</USERNAME>
<SSL_VERIFY>
<![CDATA[1]]>
</SSL_VERIFY>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8632833</ID>
<NAME>ABC-TAG-Update</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
</TAGS_EXCLUDE>
</TAGS>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T13:02:56Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T13:02:56Z</DATETIME>
</LAST_MODIFIED>
</AUTH_PALO_ALTO_FIREWALL>
</AUTH_PALO_ALTO_FIREWALL_LIST>
</RESPONSE>
</AUTH_PALO_ALTO_FIREWALL_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete Palo Alto Networks FirewallSample - Delete Palo Alto Networks Firewall
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create SNMP with Asset Tags IDSample - Create SNMP with Asset Tags ID
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/snmp/?action=create&title=My+Record_2_44&version=v3&username=user&password=test&auth_alg=MD5&encrypt_password=test&priv_alg=DES&security_engine_id=0x80001F88805131F121BD9B194B&context_engine_id=0x80001F88805131F121BD9B194B&context=bridge1&tag_set_by=name&tags_include=Exc_2&tags_exclude=Exc_1&asset_type=asset_tags' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo1' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update SNMP Asset Tags (by Name)Sample - Update SNMP Asset Tags (by Name)
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/snmp/?action=update\
&ids=123\
&asset_type=asset_tags\
&tag_set_by=name\
&tag_include_selector=ANY\
&tags_include=Network,SNMP,Printer\
&tag_exclude_selector=ANY\
&tags_exclude=Decommissioned"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List SNMPSample - List SNMP
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/snmp/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_SNMP_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/snmp/auth_snmp_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_SNMP_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:00:30Z</DATETIME>
<AUTH_SNMP_LIST>
<AUTH_SNMP>
<ID>8929414</ID>
<TITLE>
<![CDATA[My Record_2_44]]>
</TITLE>
<USERNAME>
<![CDATA[user]]>
</USERNAME>
<AUTH_ALG>
<![CDATA[MD5]]>
</AUTH_ALG>
<PRIV_ALG>
<![CDATA[DES]]>
</PRIV_ALG>
<SEC_ENG>
<![CDATA[0x80001F88805131F121BD9B194B]]>
</SEC_ENG>
<CONTEXT_ENG>
<![CDATA[0x80001F88805131F121BD9B194B]]>
</CONTEXT_ENG>
<CONTEXT>
<![CDATA[bridge1]]>
</CONTEXT>
<VERSION>
<![CDATA[v3]]>
</VERSION>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214429</ID>
<NAME>Exc_2</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214418</ID>
<NAME>Exc_1</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T13:00:22Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T13:00:22Z</DATETIME>
</LAST_MODIFIED>
</AUTH_SNMP>
</AUTH_SNMP_LIST>
</RESPONSE>
</AUTH_SNMP_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete SNMPSample - Delete SNMP
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/snmp/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Application
For Application, the following API samples are provided:
Sample - Create HTTP with IP Range Tag Rule (by Name)Sample - Create HTTP with IP Range Tag Rule (by Name)
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/http/?action=create&username=jsmith&password=test&title=HTTP_2&asset_type=asset_tags&tag_set_by=name&tags_include=Exc_2&tags_exclude=Exc_1' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo1' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update HTTP with IP Range Tag Rule IDsSample - Update HTTP with IP Range Tag Rule IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/http/?action=update\
&ids=<AUTH_RECORD_ID>\
&username=jsmith\
&asset_type=ip_range_tag_rule\
&tag_set_by=id\
&tags_include=301,302\
&tags_exclude=303"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List HTTPSample - List HTTP
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/http/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_HTTP_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/http/auth_http_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_HTTP_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T12:28:44Z</DATETIME>
<AUTH_HTTP_LIST>
<AUTH_HTTP>
<ID>8928400</ID>
<TITLE>
<![CDATA[HTTP_2]]>
</TITLE>
<USERNAME>
<![CDATA[jsmith]]>
</USERNAME>
<SSL>0</SSL>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8632833</ID>
<NAME>ABC-TAG-Update</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>28898874</ID>
<NAME>AUTO_VMRS_TAG1</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T09:07:15Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T12:27:40Z</DATETIME>
</LAST_MODIFIED>
</AUTH_HTTP>
</AUTH_HTTP_LIST>
</RESPONSE>
</AUTH_HTTP_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete HTTPSample - Delete HTTP
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/http/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create JBoss Server with Asset Tags (by Name)Sample - Create JBoss Server with Asset Tags (by Name)
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/jboss/?action=create&title=API_v2_JbossRecord_1&unix_working_mode=standalone_mode&unix_home_path=%2Fopt%2Fjboss-eap-6.4%2F&unix_base_path=%2Fopt%2Fjboss-eap-6.4%2Fstandalone&unix_conf_dir_path=%2Fopt%2Fjboss-eap-6.4%2Fstandalone%2Fconfiguration&unix_conf_file_path=%2Fopt%2Fjboss-eap-6.4%2Fstandalone%2Fconfiguration%2Fstandalone.xml&asset_type=asset_tags&tag_set_by=name&tags_include=Exc_1&tags_exclude=Exc_2' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo1' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update JBoss Server with Asset Tags IDsSample - Update JBoss Server with Asset Tags IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/jboss/?action=update\
&ids=123\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List JBoss ServerSample - List JBoss Server
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/jboss/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_JBOSS_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/jboss/auth_jboss_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_JBOSS_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T12:53:20Z</DATETIME>
<AUTH_JBOSS_LIST>
<AUTH_JBOSS>
<ID>8929412</ID>
<TITLE>
<![CDATA[Jboss Auth]]>
</TITLE>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214423</ID>
<NAME>Asset Search Tags</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
</TAGS_EXCLUDE>
</TAGS>
<UNIX>
<HOME_PATH>
<![CDATA[/opt/wildfly-11.0.0.Final]]>
</HOME_PATH>
<DOMAIN_MODE>
<![CDATA[false]]>
</DOMAIN_MODE>
<BASE_PATH>
<![CDATA[/opt/wildfly-11.0.0.Final/standalone]]>
</BASE_PATH>
<CONF_DIR_PATH>
<![CDATA[/opt/wildfly-11.0.0.Final/standalone/configuration]]>
</CONF_DIR_PATH>
<CONF_FILE_PATH>
<![CDATA[/opt/wildfly-11.0.0.Final/standalone/configuration/standalone.xml]]>
</CONF_FILE_PATH>
</UNIX>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T12:52:04Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T12:52:04Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
</AUTH_JBOSS>
</AUTH_JBOSS_LIST>
</RESPONSE>
</AUTH_JBOSS_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete JBoss ServerSample - Delete JBoss Server
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/jboss/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create Oracle WebLogic Server with IP Range Tag Rule IDsSample - Create Oracle WebLogic Server with IP Range Tag Rule IDs
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/oracle_weblogic/?action=create&auto_discover=1&tag_exclude_selector=any&asset_type=ip_range_tag_rule&tag_set_by=id&tag_include_selector=all&installation_path=%2Fu01%2Fapp%2Foracle&tags_exclude=10333958&tags_include=8214428&title=API_TEST_5362_1779278501757' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo16' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update Oracle WebLogic Server with IP Range Tag Rule (by Name)Sample - Update Oracle WebLogic Server with IP Range Tag Rule (by Name)
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/oracle_weblogic/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=ip_range_tag_rule\
&tag_set_by=name\
&tags_include=WebLogic_Prod_Rule,EBS_Rule\
&tags_exclude=Dev_Servers_Rule"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List Oracle WebLogic ServerSample - List Oracle WebLogic Server
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/oracle_weblogic/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_ORACLE_WEBLOGIC_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/oracle_weblogic/auth_oracle_weblogic_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_ORACLE_WEBLOGIC_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T12:49:48Z</DATETIME>
<AUTH_ORACLE_WEBLOGIC_LIST>
<AUTH_ORACLE_WEBLOGIC>
<ID>8929411</ID>
<TITLE>
<![CDATA[API_TEST_5362_1779278501757]]>
</TITLE>
<TAGS>
<TAG_TYPE>ip_range_tag_rule</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>all</SELECTOR>
<TAG>
<ID>8214428</ID>
<NAME>Inc_2</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>10333958</ID>
<NAME>Internet Facing Assets</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<INSTALLATION_PATH>/u01/app/oracle</INSTALLATION_PATH>
<AUTO_DISCOVER>1</AUTO_DISCOVER>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T12:44:24Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T12:44:24Z</DATETIME>
</LAST_MODIFIED>
</AUTH_ORACLE_WEBLOGIC>
</AUTH_ORACLE_WEBLOGIC_LIST>
</RESPONSE>
</AUTH_ORACLE_WEBLOGIC_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete Oracle WebLogic ServerSample - Delete Oracle WebLogic Server
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/oracle_weblogic/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create Tomcat Server with Asset Tags (by Name)Sample - Create Tomcat Server with Asset Tags (by Name)
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/tomcat/?action=create&instance_path=%2Fopt%2Fapach1e-tsomcat2-api&auto_discover_instances=1&echo_request=1&installation_path=%2Fopt%2Fpivotal%2Fpivotal-t2c-server-standsard1-api&title=API_TEST_2323_1779296368160&asset_type=asset_tags&tag_set_by=name&tags_include=Cloud%20Agent&tags_exclude=Cloud%20Agent' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo28' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update Tomcat Server with IP Range Tag Rule IDsSample - Update Tomcat Server with IP Range Tag Rule IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/tomcat/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=ip_range_tag_rule\
&tag_set_by=id\
&tags_include=401,402\
&tags_exclude=403"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List Tomcat ServerSample - List Tomcat Server
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/tomcat/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_TOMCAT_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/tomcat/auth_tomcat_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_TOMCAT_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:20:54Z</DATETIME>
<AUTH_TOMCAT_LIST>
<AUTH_TOMCAT>
<ID>8929417</ID>
<TITLE>
<![CDATA[API_TEST_2323_1779296368160]]>
</TITLE>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214418</ID>
<NAME>Exc_1</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>7612812</ID>
<NAME>Cloud Agent</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<INSTALLATION_PATH>
<![CDATA[/opt/pivotal/pivotal-t2c-server-standsard1-api]]>
</INSTALLATION_PATH>
<INSTANCE_PATH>
<![CDATA[/opt/apach1e-tsomcat2-api]]>
</INSTANCE_PATH>
<AUTO_DISCOVER_INSTANCES>1</AUTO_DISCOVER_INSTANCES>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T13:20:37Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T13:20:37Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
</AUTH_TOMCAT>
</AUTH_TOMCAT_LIST>
</RESPONSE>
</AUTH_TOMCAT_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete Tomcat ServerSample - Delete Tomcat Server
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/tomcat/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Databases
For Databases, the following API samples are provided:
Sample - Create IBM DB2 with IP Range Tag Rule IDsSample - Create IBM DB2 with IP Range Tag Rule IDs
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/ibm_db2/?action=create&title=MyDB2Record&username=joe_user&login_type=basic&database=db2&port=1234&asset_type=ip_range_tag_rule&tag_set_by=id&tags_include=8214429&tags_exclude=10333958&tag_include_selector=all&tag_exclude_selector=any' \
--header 'X-Requested-With: abcd' \
--header 'Authorization: Bearer <JWT Token>' \
--data ''
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update IBM DB2 with IP Range Tag Rule (by Name)Sample - Update IBM DB2 with IP Range Tag Rule (by Name)
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/ibm_db2/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=ip_range_tag_rule\
&tag_set_by=name\
&tags_include=DB2_Server_Rule,Finance_DB_Rule\
&tags_exclude=Dev_DB_Rule"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List IBM DB2Sample - List IBM DB2
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/ibm_db2/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_IBM_DB2_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/ibm_db2/auth_ibm_db2_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_IBM_DB2_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T12:36:58Z</DATETIME>
<AUTH_IBM_DB2_LIST>
<AUTH_IBM_DB2>
<ID>8929408</ID>
<TITLE>
<![CDATA[DB2]]>
</TITLE>
<USERNAME>
<![CDATA[A]]>
</USERNAME>
<DATABASE>
<![CDATA[A]]>
</DATABASE>
<PORT>122</PORT>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214423</ID>
<NAME>Asset Search Tags</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>7612812</ID>
<NAME>Cloud Agent</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T12:35:04Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T12:35:04Z</DATETIME>
</LAST_MODIFIED>
</AUTH_IBM_DB2>
</AUTH_IBM_DB2_LIST>
</RESPONSE>
</AUTH_IBM_DB2_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete IBM DB2Sample - Delete IBM DB2
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/ibm_db2/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create MongoDB with Asset Tags (by Name)Sample - Create MongoDB with Asset Tags (by Name)
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/mongodb/?action=create&password=12345abc&database_name=admin&port=28020&unix_conf_path=%2Fetc%2Fmongod3.conf&ssl_verify=0&username=mlqa&comments=API_TEST_2282_1779294109118&title=API_TEST_4128_177&asset_type=asset_tags&tag_set_by=name&tags_include=Cloud%20Agent&tags_exclude=Exc_2' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo273' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update MongoDB with Asset Tag IDsSample - Update MongoDB with Asset Tag IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/mongodb/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List MongoDBSample - List MongoDB
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/mongodb/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_MONGODB_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/mongodb/auth_mongodb_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_MONGODB_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:25:37Z</DATETIME>
<AUTH_MONGODB_LIST>
<AUTH_MONGODB>
<ID>8929419</ID>
<TITLE>
<![CDATA[API_TEST_4128_177]]>
</TITLE>
<USERNAME>
<![CDATA[mlqa]]>
</USERNAME>
<CREDENTIAL_TYPE>
<![CDATA[local]]>
</CREDENTIAL_TYPE>
<DATABASE>
<![CDATA[admin]]>
</DATABASE>
<PORT>28020</PORT>
<UNIX_CONFIGURATION_FILE>
<![CDATA[/etc/mongod3.conf]]>
</UNIX_CONFIGURATION_FILE>
<SSL_VERIFY>
<![CDATA[0]]>
</SSL_VERIFY>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>7612812</ID>
<NAME>Cloud Agent</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214429</ID>
<NAME>Exc_2</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<REQUIRE_CERT>
<![CDATA[0]]>
</REQUIRE_CERT>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T13:25:25Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T13:25:25Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
<IS_TEMPLATE>0</IS_TEMPLATE>
<COMMENTS>
<![CDATA[API_TEST_2282_1779294109118]]>
</COMMENTS>
</AUTH_MONGODB>
</AUTH_MONGODB_LIST>
</RESPONSE>
</AUTH_MONGODB_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete MongoDBSample - Delete MongoDB
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/mongodb/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create MySQL with Asset Tags (by Name)Sample - Create MySQL with Asset Tags (by Name)
API Request
curl --location --request POST '<qualys_base_url>/api/4.0/fo/auth/mysql/?action=create&password=12345abc&database=mysql_db&unix_config_file=%2Fetc%2Fmy.cnf&port=3306&username=mlqa&network_id=6008&title=API_TEST_2670_1779294109847&asset_type=asset_tags&tag_set_by=name&tags_include=Cloud%20Agent&tags_exclude=Exc_2' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo195' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update MySQL with Asset Tags IDsSample - Update MySQL with Asset Tags IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/4.0/fo/auth/mysql/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List MySQLSample - List MySQL
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/4.0/fo/auth/mysql/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_MYSQL_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/4.0/fo/auth/mysql/auth_mysql_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_MYSQL_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:26:45Z</DATETIME>
<AUTH_MYSQL_LIST>
<AUTH_MYSQL>
<ID>8927409</ID>
<TITLE>
<![CDATA[API_TEST_2670_1779294109847]]>
</TITLE>
<USERNAME>
<![CDATA[mlqa]]>
</USERNAME>
<DATABASE>
<![CDATA[mysql_db]]>
</DATABASE>
<PORT>3306</PORT>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214412</ID>
<NAME>EC2</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214429</ID>
<NAME>Exc_2</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<SSL_VERIFY>false</SSL_VERIFY>
<WINDOWS_CONF_FILE>
<![CDATA[]]>
</WINDOWS_CONF_FILE>
<UNIX_CONF_FILE>
<![CDATA[/etc/my.cnf]]>
</UNIX_CONF_FILE>
<NETWORK_ID>6008</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T07:31:24Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T12:09:15Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
<IS_TEMPLATE>0</IS_TEMPLATE>
</AUTH_MYSQL>
<AUTH_MYSQL>
<ID>8927410</ID>
<TITLE>
<![CDATA[test]]>
</TITLE>
<USERNAME>
<![CDATA[a]]>
</USERNAME>
<DATABASE>
<![CDATA[test]]>
</DATABASE>
<PORT>223</PORT>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214423</ID>
<NAME>Asset Search Tags</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
</TAGS_EXCLUDE>
</TAGS>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<SSL_VERIFY>false</SSL_VERIFY>
<WINDOWS_CONF_FILE>
<![CDATA[]]>
</WINDOWS_CONF_FILE>
<UNIX_CONF_FILE>
<![CDATA[]]>
</UNIX_CONF_FILE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T07:34:00Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T07:34:00Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
<IS_TEMPLATE>0</IS_TEMPLATE>
</AUTH_MYSQL>
</AUTH_MYSQL_LIST>
</RESPONSE>
</AUTH_MYSQL_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete MySQLSample - Delete MySQL
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/4.0/fo/auth/mysql/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create Oracle (Database) with Asset Tags (by Name)Sample - Create Oracle (Database) with Asset Tags (by Name)
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/oracle/?action=create&is_template=0&title=OracleRecordTemplate&username=OracleUser&password=eeet&asset_type=ip_range_tag_rule&tag_set_by=name&tags_include=Exc_1&tags_exclude=Exc_2&tag_include_selector=all&tag_exclude_selector=any&port=123&sid=test' \
--header 'X-Requested-With: ABCD' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update Oracle (Database) with Asset Tag IDsSample - Update Oracle (Database) with Asset Tag IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/oracle/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List Oracle (Database)Sample - List Oracle (Database)
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/oracle/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_ORACLE_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/oracle/auth_oracle_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_ORACLE_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T12:40:14Z</DATETIME>
<AUTH_ORACLE_LIST>
<AUTH_ORACLE>
<ID>8926411</ID>
<TITLE>
<![CDATA[Test Auth]]>
</TITLE>
<USERNAME>
<![CDATA[API_RNDM_-15267332]]>
</USERNAME>
<SID>
<![CDATA[qa10g1lp_-15178966]]>
</SID>
<PORT>1521</PORT>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8632833</ID>
<NAME>ABC-TAG-Update</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
</TAGS_EXCLUDE>
</TAGS>
<WINDOWS_OS_CHECKS>0</WINDOWS_OS_CHECKS>
<UNIX_OPATCH_CHECKS>0</UNIX_OPATCH_CHECKS>
<UNIX_OS_CHECKS>1</UNIX_OS_CHECKS>
<UNIX_OS_OPTIONS>
<UNIX_ORA_HOME_PATH>
<![CDATA[/u01/app/oracle/product/10]]>
</UNIX_ORA_HOME_PATH>
<UNIX_INIT_ORA_PATH>
<![CDATA[/u01/app/oracle/product/10/dbs/initqa10g1lp.ora]]>
</UNIX_INIT_ORA_PATH>
<UNIX_SPFILE_ORA_PATH>
<![CDATA[/u01/app/oracle/product/10/dbs/spfileqa10g1lp.ora]]>
</UNIX_SPFILE_ORA_PATH>
<UNIX_LISTENER_ORA_PATH>
<![CDATA[/u01/app/oracle/product/10/network/admin/listener.ora]]>
</UNIX_LISTENER_ORA_PATH>
<UNIX_SQLNET_ORA_PATH>
<![CDATA[/u01/app/oracle/product/10/network/admin/samples/sqlnet.ora]]>
</UNIX_SQLNET_ORA_PATH>
<UNIX_TNSNAMES_ORA_PATH>
<![CDATA[/u01/app/oracle/product/10/network/admin/samples/tnsnames.ora]]>
</UNIX_TNSNAMES_ORA_PATH>
<UNIX_INVPTRLOC_PATH>
<![CDATA[]]>
</UNIX_INVPTRLOC_PATH>
</UNIX_OS_OPTIONS>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T04:38:35Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T12:39:50Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
<IS_TEMPLATE>0</IS_TEMPLATE>
</AUTH_ORACLE>
</AUTH_ORACLE_LIST>
</RESPONSE>
</AUTH_ORACLE_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete Oracle (Database)Sample - Delete Oracle (Database)
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/oracle/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create Oracle Listener with Asset Tags (by Name)Sample - Create Oracle Listener with Asset Tags (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/oracle_listener/?action=create&title=MyDB2Record&asset_type=ip_range_tag_rule&tag_set_by=id&tags_include=8214429&tags_exclude=10333958&tag_include_selector=all&tag_exclude_selector=any&password=test' \
--header 'X-Requested-With: abcd' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update Oracle Listener with Asset Tag IDsSample - Update Oracle Listener with Asset Tag IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/oracle_listener/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List Oracle ListenerSample - List Oracle Listener
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/oracle_listener/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_ORACLE_LISTENER_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/oracle_listener/auth_oracle_listener_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_ORACLE_LISTENER_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:36:04Z</DATETIME>
<AUTH_ORACLE_LISTENER_LIST>
<AUTH_ORACLE_LISTENER>
<ID>8929423</ID>
<TITLE>
<![CDATA[MyDB2Record2]]>
</TITLE>
<TAGS>
<TAG_TYPE>ip_range_tag_rule</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>all</SELECTOR>
<TAG>
<ID>8214429</ID>
<NAME>Exc_2</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>10333958</ID>
<NAME>Internet Facing Assets</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T13:35:43Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T13:35:43Z</DATETIME>
</LAST_MODIFIED>
</AUTH_ORACLE_LISTENER>
</AUTH_ORACLE_LISTENER_LIST>
</RESPONSE>
</AUTH_ORACLE_LISTENER_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete Oracle ListenerSample - Delete Oracle Listener
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/oracle_listener/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create SAP HANA with Asset Tags (by Name)Sample - Create SAP HANA with Asset Tags (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/sap_hana/?action=create&title=sap_hana_API&username=root&password=test&database=sapDb&port=39013&ssl_verify=1&hosts=test.domain.com&unix_conf_path=%2Fetc%2Fsaphana.conf&password_encryption=1&asset_type=ip_range_tag_rule&tag_set_by=id&tags_include=8214429&tags_exclude=10333958&tag_include_selector=all&tag_exclude_selector=any&password=test' \
--header 'X-Requested-With: abcd' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update SAP HANA with Asset Tags IDsSample - Update SAP HANA with Asset Tags IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/sap_hana/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List SAP HANASample - List SAP HANA
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/sap_hana/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_SAP_HANA_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/sap_hana/auth_sap_hana_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_SAP_HANA_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:26:34Z</DATETIME>
<AUTH_SAP_HANA_LIST>
<AUTH_SAP_HANA>
<ID>8927407</ID>
<TITLE>
<![CDATA[sap_hana_API]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<DATABASE>
<![CDATA[sapDb]]>
</DATABASE>
<PORT>39013</PORT>
<SSL_VERIFY>
<![CDATA[1]]>
</SSL_VERIFY>
<HOSTS>
<HOST>
<![CDATA[test.domain.com]]>
</HOST>
</HOSTS>
<TAGS>
<TAG_TYPE>ip_range_tag_rule</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>all</SELECTOR>
<TAG>
<ID>28898874</ID>
<NAME>AUTO_VMRS_TAG1</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>10333958</ID>
<NAME>Internet Facing Assets</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<UNIX_CONF_PATH>
<![CDATA[/etc/saphana.conf]]>
</UNIX_CONF_PATH>
<PASSWORD_ENCRYPTION>
<![CDATA[1]]>
</PASSWORD_ENCRYPTION>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T07:16:24Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T07:18:14Z</DATETIME>
</LAST_MODIFIED>
</AUTH_SAP_HANA>
</AUTH_SAP_HANA_LIST>
</RESPONSE>
</AUTH_SAP_HANA_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete SAP HANASample - Delete SAP HANA
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/sap_hana/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create Sybase with Asset Tags (by Name)Sample - Create Sybase with Asset Tags (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/4.0/fo/auth/sybase/?action=create&database=qualys_db&password=PassUpdated&comments=Updated%20through%20API%20v2.0&installation_dir=%2Fetc%2Fsybase&port=444&username=Qualys&title=API_TEST_7484_1779296368432&asset_type=asset_tags&tag_set_by=name&tags_include=Cloud%20Agent&tags_exclude=Exc_2' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo198' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update Sybase with IP Asset Tag IDsSample - Update Sybase with IP Asset Tag IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/4.0/fo/auth/sybase/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List SybaseSample - List Sybase
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/4.0/fo/auth/sybase/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_SYBASE_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/4.0/fo/auth/sybase/auth_sybase_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_SYBASE_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:27:52Z</DATETIME>
<AUTH_SYBASE_LIST>
<AUTH_SYBASE>
<ID>8929420</ID>
<TITLE>
<![CDATA[API_TEST_7484_1779296368432]]>
</TITLE>
<USERNAME>
<![CDATA[Qualys]]>
</USERNAME>
<DATABASE>
<![CDATA[qualys_db]]>
</DATABASE>
<PORT>444</PORT>
<INSTALLATION_DIR>
<![CDATA[/etc/sybase]]>
</INSTALLATION_DIR>
<SSL_VERIFY>false</SSL_VERIFY>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>7612812</ID>
<NAME>Cloud Agent</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214429</ID>
<NAME>Exc_2</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T13:27:34Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T13:27:34Z</DATETIME>
</LAST_MODIFIED>
<COMMENTS>
<![CDATA[Updated through API v2.0]]>
</COMMENTS>
</AUTH_SYBASE>
</AUTH_SYBASE_LIST>
</RESPONSE>
</AUTH_SYBASE_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete SybaseSample - Delete Sybase
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/4.0/fo/auth/sybase/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
VMware
For VMware, the following API samples are provided:
Sample - Create NSX with Asset Tags (by Name)Sample - Create NSX with Asset Tags (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/nsx/?action=create&title=nsxauth&username=aa&password=aa&asset_type=asset_tags&tag_set_by=name&tag_include_selector=any&tags_exclude=SEM&tags_include=EC2&port=223' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo1' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update NSX with Asset Tag IDsSample - Update NSX with Asset Tag IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/nsx/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List NSXSample - List NSX
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/nsx/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_NSX_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/nsx/auth_nsx_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_NSX_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-26T06:04:11Z</DATETIME>
<AUTH_NSX_LIST>
<AUTH_NSX>
<ID>8965417</ID>
<TITLE>
<![CDATA[NSX_Auth]]>
</TITLE>
<USERNAME>
<![CDATA[a]]>
</USERNAME>
<TAGS>
<TAG_TYPE>ip_range_tag_rule</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8213320</ID>
<NAME>Inc_1</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
</TAGS_EXCLUDE>
</TAGS>
<PORT>
<![CDATA[443]]>
</PORT>
<SSL_VERIFY_WITH_HOST>
<![CDATA[0]]>
</SSL_VERIFY_WITH_HOST>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-26T05:40:26Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-26T05:40:26Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NSX>
</AUTH_NSX_LIST>
</RESPONSE>
</AUTH_NSX_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete NSXSample - Delete NSX
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST <qualys_base_url>/api/3.0/fo/auth/nsx/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create VCenter with Asset Tags (by Name)Sample - Create VCenter with Asset Tags (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/vcenter/?asset_type=asset_tags&tag_set_by=name&action=create&title=Vcenter&username=aa&password=aa&tag_include_selector=any&tags_exclude=Inc_2&tags_include=Exc_2' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo195' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update VCenter with Asset Tag IDsSample - Update VCenter with Asset Tag IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/vcenter/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List VCenterSample - List VCenter
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/vcenter/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_VCENTER_LIST_OUTPUT SYSTEM "<qualys_base_url>api/3.0/fo/auth/vcenter/auth_vcenter_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_VCENTER_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:28:58Z</DATETIME>
<AUTH_VCENTER_LIST>
<AUTH_VCENTER>
<ID>8927408</ID>
<TITLE>
<![CDATA[testvCenter]]>
</TITLE>
<USERNAME>
<![CDATA[a]]>
</USERNAME>
<PORT>332</PORT>
<SSL_VERIFY>
<![CDATA[none]]>
</SSL_VERIFY>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>28898874</ID>
<NAME>AUTO_VMRS_TAG1</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>all</SELECTOR>
<TAG>
<ID>8632833</ID>
<NAME>ABC-TAG-Update</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T07:25:56Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T07:25:56Z</DATETIME>
</LAST_MODIFIED>
</AUTH_VCENTER>
<AUTH_VCENTER>
<ID>8927414</ID>
<TITLE>
<![CDATA[Vcenter]]>
</TITLE>
<USERNAME>
<![CDATA[aa]]>
</USERNAME>
<PORT>443</PORT>
<SSL_VERIFY>
<![CDATA[none]]>
</SSL_VERIFY>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214429</ID>
<NAME>Exc_2</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214428</ID>
<NAME>Inc_2</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T07:52:42Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T07:52:42Z</DATETIME>
</LAST_MODIFIED>
</AUTH_VCENTER>
</AUTH_VCENTER_LIST>
</RESPONSE>
</AUTH_VCENTER_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete VCenterSample - Delete VCenter
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/vcenter/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Create VMware ESXi with Asset Tags (by Name)Sample - Create VMware ESXi with Asset Tags (by Name)
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/auth/vmware/?action=create&title=NewVMwareRecordWithA&username=aa&password=aa&asset_type=asset_tags&tag_set_by=name&tag_include_selector=any&tags_exclude=Inc_2&tags_include=Exc_2' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo1' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-20T12:03:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8904935</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update VMware ESXi with Asset Tag IDsSample - Update VMware ESXi with Asset Tag IDs
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/vmware/?action=update\
&ids=<AUTH_RECORD_ID>\
&asset_type=asset_tags\
&tag_set_by=id\
&tag_include_selector=ANY\
&tags_include=12345,67890\
&tag_exclude_selector=ANY\
&tags_exclude=11111"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:23:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - List VMware ESXiSample - List VMware ESXi
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/vmware/?action=list"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_VMWARE_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/vmware/auth_vmware_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_VMWARE_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-22T13:18:02Z</DATETIME>
<AUTH_VMWARE_LIST>
<AUTH_VMWARE>
<ID>8928404</ID>
<TITLE>
<![CDATA[NewVMwareRecordWithA]]>
</TITLE>
<USERNAME>
<![CDATA[aa]]>
</USERNAME>
<PORT>443</PORT>
<SSL_VERIFY>
<![CDATA[all]]>
</SSL_VERIFY>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T09:25:55Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T09:25:55Z</DATETIME>
</LAST_MODIFIED>
</AUTH_VMWARE>
<AUTH_VMWARE>
<ID>8929416</ID>
<TITLE>
<![CDATA[NewVMwareRecord]]>
</TITLE>
<USERNAME>
<![CDATA[aa]]>
</USERNAME>
<PORT>443</PORT>
<SSL_VERIFY>
<![CDATA[all]]>
</SSL_VERIFY>
<TAGS>
<TAG_TYPE>asset_tags</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214418</ID>
<NAME>Exc_1</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>8214428</ID>
<NAME>Inc_2</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-22T13:17:15Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-22T13:17:15Z</DATETIME>
</LAST_MODIFIED>
</AUTH_VMWARE>
</AUTH_VMWARE_LIST>
</RESPONSE>
</AUTH_VMWARE_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample - Delete VMware ESXiSample - Delete VMware ESXi
API Request
curl -u "USER:PASSWORD" \
-H "X-Requested-With: curl" \
-X POST "<qualys_base_url>/api/3.0/fo/auth/vmware/?action=delete\
&ids=<AUTH_RECORD_ID>"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-22T10:37:04Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8927402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
DTD OutputDTD Output
DTD output for Authentication Record API is as follows:
<!-- QUALYS AUTH_UNIX_LIST_OUTPUT DTD -->
<!-- $Revision$ -->
<!ELEMENT AUTH_UNIX_LIST_OUTPUT (REQUEST?, RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (AUTH_UNIX_LIST|ID_SET)?, WARNING_LIST?, GLOSSARY?)>
<!ELEMENT AUTH_UNIX_LIST (AUTH_UNIX+)>
<!ELEMENT AUTH_UNIX (ID, TITLE, USERNAME, SKIP_PASSWORD?, CLEARTEXT_PASSWORD?, TARGET_TYPE?, KERBEROS_AUTHENTICATION?, REALM_DISCOVERY?, USER_REALM?, USER_KDC?, SERVICE_REALM?, SERVICE_KDC?, KERBEROS_LOGIN_INFO?, (ROOT_TOOL?|ROOT_TOOL_INFO_LIST?), ((RSA_PRIVATE_KEY?, DSA_PRIVATE_KEY?)|PRIVATE_KEY_CERTIFICATE_LIST?), PORT?, IP_SET?, IPV6_SET?, TAGS?, LOGIN_TYPE?, DIGITAL_VAULT?, NETWORK_ID?, CREATED, LAST_MODIFIED, COMMENTS?, USE_AGENTLESS_TRACKING?, AGENTLESS_TRACKING_PATH?, QUALYS_SHELL?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT SKIP_PASSWORD (#PCDATA)>
<!ELEMENT CLEARTEXT_PASSWORD (#PCDATA)>
<!ELEMENT TARGET_TYPE (#PCDATA)>
<!ELEMENT KERBEROS_AUTHENTICATION (#PCDATA)>
<!ELEMENT REALM_DISCOVERY (#PCDATA)>
<!ELEMENT USER_REALM (#PCDATA)>
<!ELEMENT USER_KDC (#PCDATA)>
<!ELEMENT SERVICE_REALM (#PCDATA)>
<!ELEMENT SERVICE_KDC (#PCDATA)>
<!ELEMENT KERBEROS_LOGIN_INFO (DIGITAL_VAULT?)>
<!ATTLIST KERBEROS_LOGIN_INFO type (basic|vault) "basic">
<!ELEMENT ROOT_TOOL (#PCDATA)>
<!ELEMENT ROOT_TOOL_INFO_LIST (ROOT_TOOL_INFO)*>
<!ELEMENT RSA_PRIVATE_KEY EMPTY>
<!ELEMENT DSA_PRIVATE_KEY EMPTY>
<!ELEMENT PRIVATE_KEY_CERTIFICATE_LIST (PRIVATE_KEY_CERTIFICATE)*>
<!ELEMENT PORT (#PCDATA)>
<!ELEMENT IP_SET (IP|IP_RANGE)+>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ELEMENT IPV6_SET (IPV6|IPV6_RANGE)+>
<!ELEMENT IPV6 (#PCDATA)>
<!ELEMENT IPV6_RANGE (#PCDATA)>
<!ELEMENT TAGS (TAG_TYPE, TAGS_INCLUDE, TAGS_EXCLUDE?)>
<!ELEMENT TAG_TYPE (#PCDATA)>
<!ELEMENT TAGS_INCLUDE (SELECTOR, TAG+)>
<!ELEMENT SELECTOR (#PCDATA)>
<!ELEMENT TAG (ID, NAME)>
<!ELEMENT NAME (#PCDATA)>
<!ELEMENT TAGS_EXCLUDE (SELECTOR, TAG?)>
<!ELEMENT LOGIN_TYPE (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT CREATED (DATETIME, BY)>
<!ELEMENT BY (#PCDATA)>
<!ELEMENT LAST_MODIFIED (DATETIME)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT USE_AGENTLESS_TRACKING (#PCDATA)>
<!ELEMENT AGENTLESS_TRACKING_PATH (#PCDATA)>
<!ELEMENT QUALYS_SHELL (ENABLED, LOG_FACILITY?)>
<!ELEMENT ROOT_TOOL_INFO (ID, ROOT_TOOL, PASSWORD_INFO?)>
<!ELEMENT PASSWORD_INFO (DIGITAL_VAULT?)>
<!ATTLIST PASSWORD_INFO type (basic|vault) "basic">
<!-- Private key contents will never be rendered -->
<!ELEMENT PRIVATE_KEY_CERTIFICATE (ID, PRIVATE_KEY_INFO, PASSPHRASE_INFO, CERTIFICATE?)+>
<!ELEMENT PRIVATE_KEY_INFO (PRIVATE_KEY|DIGITAL_VAULT)>
<!ATTLIST PRIVATE_KEY_INFO type (basic|vault) "basic">
<!-- Private key/Certificate contents will never be rendered -->
<!ELEMENT PRIVATE_KEY EMPTY>
<!ATTLIST PRIVATE_KEY type (rsa|dsa|ecdsa|ed25519|pkcs8) #REQUIRED>
<!ELEMENT PASSPHRASE_INFO (DIGITAL_VAULT?)>
<!ATTLIST PASSPHRASE_INFO type (basic|vault) "basic">
<!ELEMENT CERTIFICATE EMPTY>
<!ATTLIST CERTIFICATE type (x.509|openssh) #REQUIRED>
<!ELEMENT DIGITAL_VAULT (DIGITAL_VAULT_ID, DIGITAL_VAULT_TYPE, DIGITAL_VAULT_TITLE, VAULT_USERNAME?, VAULT_FOLDER?, VAULT_FILE?, VAULT_SECRET_NAME?, VAULT_SYSTEM_NAME?, VAULT_RESOURCE_ID?, VAULT_EP_NAME?, VAULT_EP_TYPE?, VAULT_EP_CONT?, VAULT_NS_TYPE?, VAULT_NS_NAME?, VAULT_ACCOUNT_NAME?, VAULT_AUTHORIZATION_NAME?, VAULT_TARGET_NAME?, VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY?, VAULT_USE_AD_HASHICORP?, VAULT_DEVICE_NAME?, VAULT_DEVICE_HOST?, VAULT_APP_NAME?, VAULT_SERVICE_TYPE?)>
<!ELEMENT DIGITAL_VAULT_ID (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TITLE (#PCDATA)>
<!ELEMENT VAULT_USERNAME (#PCDATA)>
<!ELEMENT VAULT_FOLDER (#PCDATA)>
<!ELEMENT VAULT_FILE (#PCDATA)>
<!ELEMENT VAULT_SECRET_NAME (#PCDATA)>
<!ELEMENT VAULT_SYSTEM_NAME (#PCDATA)>
<!ELEMENT VAULT_RESOURCE_ID (#PCDATA)>
<!ELEMENT VAULT_EP_NAME (#PCDATA)>
<!ELEMENT VAULT_EP_TYPE (#PCDATA)>
<!ELEMENT VAULT_EP_CONT (#PCDATA)>
<!ELEMENT VAULT_NS_TYPE (#PCDATA)>
<!ELEMENT VAULT_NS_NAME (#PCDATA)>
<!ELEMENT VAULT_ACCOUNT_NAME (#PCDATA)>
<!ELEMENT VAULT_AUTHORIZATION_NAME (#PCDATA)>
<!ELEMENT VAULT_TARGET_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_PATH (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_KEY (#PCDATA)>
<!ELEMENT VAULT_USE_AD_HASHICORP (#PCDATA)>
<!ELEMENT VAULT_DEVICE_NAME (#PCDATA)>
<!ELEMENT VAULT_DEVICE_HOST (#PCDATA)>
<!ELEMENT VAULT_APP_NAME (#PCDATA)>
<!ELEMENT VAULT_SERVICE_TYPE (#PCDATA)>
<!ELEMENT ENABLED (#PCDATA)>
<!ELEMENT LOG_FACILITY (#PCDATA)>
<!ELEMENT WARNING_LIST (WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT ID_SET (ID|ID_RANGE)+>
<!ELEMENT ID_RANGE (#PCDATA)>
<!ELEMENT GLOSSARY (USER_LIST?)>
<!ELEMENT USER_LIST (USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!-- EOF -->
Use BeyondTrust Vault with Network SSH Authentication APIs
| New or Updated API | Updated |
| API Endpoint |
/api/2.0/fo/auth/network_ssh |
| EOS Timeline: December 2026 | |
| EOL Timeline: June 2027 | |
| API Endpoint (New Version) |
/api/2.0/fo/auth/network_ssh /api/3.0/fo/auth/network_ssh |
| Method | POST |
| DTD or XSD changes | No |
You can now use the BeyondTrust PBPS Digital Vault with Network SSH authentication APIs, enabling you to securely retrieve credentials instead of entering them manually.
Previously, BeyondTrust vault support was not available for Network SSH authentication records (for example, Cisco devices). This required you to manually enter and update passwords, which could lead to authentication failures when credentials were rotated in the vault.
Backward Compatibility
- Existing authentication records continue to work without changes.
- Existing vault integrations are not affected.
- No changes are required for current API integrations unless you choose to use BeyondTrust.
Capability Enhancement
You can now integrate Network SSH authentication with your BeyondTrust vault, enabling:
- Automated credential retrieval aligned with password rotation policies.
- Reduced manual effort for credential updates.
- More reliable authentication for network device scanning.
Input ParametersInput Parameters
| Parameter Name |
Required/ Optional |
Data Type |
Description |
| vault_type=BeyondTrust PBPS | Required | String | Specify to create, if login_type=vault. (private key supports "BeyondTrust PBPS", whereas passphrase does not support "BeyondTrust PBPS"). |
| vault_id={value} | Required | String | Specify to create, if login_type=vault. The ID of the vault to be used to retrieve the password for login. |
| system_name={value} | Required | String | Specify to create, if vault_type="BeyondTrust PBPS". |
| account_name={value} | Required | String | Specify to create, if vault_type="BeyondTrust PBPS". |
Sample V2.0 - Create Network SSH Authentication Record with BeyondTrust PBPS Digital VaultSample V2.0 - Create Network SSH Authentication Record with BeyondTrust PBPS Digital Vault
API Request
curl --location --request POST '<qualys_base_url>/api/2.0/fo/auth/network_ssh/?action=create&vault_type=BeyondTrust PBPS&login_type=vault&system_name=sys_name&account_name=accountname&ips=10.10.40.57&username=Qualys&title=API_TEST_5063_177972&vault_id=1396440' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo159' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer<JWT Token'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!-- API EOS Warning: This API Path "<qualys_base_url>/api/2.0/fo/auth/network_ssh/index.php" has reached End-of-Service (EOS) and will be EOL in 218 days. Please use new API path "<qualys_base_url>/api/3.0/fo/auth/network_ssh/index.php". //-->
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-26T10:31:40Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8969404</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample V2.0 - Update Network SSH Authentication Record with BeyondTrust PBPS Digital Vault Sample V2.0 - Update Network SSH Authentication Record with BeyondTrust PBPS Digital Vault
API Request
curl --location --request POST '<qualys_base_url>/api/2.0/fo/auth/network_ssh/?action=update&vault_type=BeyondTrust PBPS&login_type=vault&system_name=sys_name&account_name=accountname&ips=10.10.40.57&username=Qualys&title=API_TEST_5063_177972_Renamed&vault_id=2322756&ids=8969404' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo159' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer<JWT Token'
API Response
<!-- API EOS Warning: This API Path "<qualys_base_url>/api/2.0/fo/auth/network_ssh/index.php" has reached End-of-Service (EOS) and will be EOL in 218 days. Please use new API path "https://<qualys_base_url>/api/3.0/fo/auth/network_ssh/index.php". //-->
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-26T10:57:20Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8969404</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample V2.0 - List Network SSH Authentication Record with BeyondTrust PBPS Digital VaultSample V2.0 - List Network SSH Authentication Record with BeyondTrust PBPS Digital Vault
API Request
curl --location --request POST '<qualys_base_url>/api/2.0/fo/auth/network_ssh/?action=list&ids=8969404' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo159' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer<JWT Token'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!-- API EOS Warning: This API Path "<qualys_base_url>/api/2.0/fo/auth/network_ssh/index.php" has reached End-of-Service (EOS) and will be EOL in 218 days. Please use new API path "<qualys_base_url>/api/3.0/fo/auth/network_ssh/index.php". //-->
<!DOCTYPE AUTH_NETWORK_SSH_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/2.0/fo/auth/network_ssh/dtd/auth_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_NETWORK_SSH_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-26T10:57:59Z</DATETIME>
<AUTH_NETWORK_SSH_LIST>
<AUTH_NETWORK_SSH>
<ID>8969404</ID>
<TITLE>
<![CDATA[API_TEST_5063_177972_Renamed]]>
</TITLE>
<USERNAME>
<![CDATA[Qualys]]>
</USERNAME>
<IP_SET>
<IP>10.10.40.57</IP>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2322756]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[BeyondTrust]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[API_TEST_7602_1779725435469]]>
</DIGITAL_VAULT_TITLE>
<VAULT_SYSTEM_NAME>
<![CDATA[sys_name]]>
</VAULT_SYSTEM_NAME>
<VAULT_ACCOUNT_NAME>
<![CDATA[accountname]]>
</VAULT_ACCOUNT_NAME>
</DIGITAL_VAULT>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TARGET_TYPE>
<![CDATA[Auto (default)]]>
</TARGET_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-26T10:31:40Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-26T10:57:20Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NETWORK_SSH>
</AUTH_NETWORK_SSH_LIST>
</RESPONSE>
</AUTH_NETWORK_SSH_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Sample V3.0 - Create Network SSH Authentication Record with BeyondTrust PBPS Digital VaultSample V3.0 - Create Network SSH Authentication Record with BeyondTrust PBPS Digital Vault
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/network_ssh/?action=create&vault_type=BeyondTrust PBPS&login_type=vault&system_name=sys_name&account_name=accountname&ips=10.10.40.58&username=Qualys&title=API_TEST_5063&vault_id=1396440' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo159' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer<JWT Token'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-26T10:33:31Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8969405</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample V3.0 - Update Network SSH Authentication Record with BeyondTrust PBPS Digital VaultSample V3.0 - Update Network SSH Authentication Record with BeyondTrust PBPS Digital Vault
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/network_ssh/?action=update&vault_type=BeyondTrust PBPS&login_type=vault&system_name=sys_name&account_name=accountname&asset_type=ip_range_tag_rule&tag_set_by=id&tags_include=8214429&tags_exclude=10333958&tag_include_selector=all&tag_exclude_selector=any&username=Qualys&vault_id=2322756&title=test_pbps_updated&ids=8969410' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo159' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer<JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-26T10:58:59Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8969410</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample V3.0 - List Network SSH Authentication Record with BeyondTrust PBPS Digital VaultSample V3.0 - List Network SSH Authentication Record with BeyondTrust PBPS Digital Vault
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/auth/network_ssh/?action=list&ids=8969410' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: curl demo159' \
--header 'Cache-Control: no-cache' \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Content-Length: 0' \
--header 'Authorization: Bearer<JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_NETWORK_SSH_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/network_ssh/dtd/auth_list_output.dtd">
<!-- This report was generated with an evaluation version of Qualys //-->
<AUTH_NETWORK_SSH_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-26T10:58:51Z</DATETIME>
<AUTH_NETWORK_SSH_LIST>
<AUTH_NETWORK_SSH>
<ID>8969410</ID>
<TITLE>
<![CDATA[test_pbps_updated]]>
</TITLE>
<USERNAME>
<![CDATA[Qualys]]>
</USERNAME>
<TAGS>
<TAG_TYPE>ip_range_tag_rule</TAG_TYPE>
<TAGS_INCLUDE>
<SELECTOR>all</SELECTOR>
<TAG>
<ID>8214429</ID>
<NAME>Exc_2</NAME>
</TAG>
</TAGS_INCLUDE>
<TAGS_EXCLUDE>
<SELECTOR>any</SELECTOR>
<TAG>
<ID>10333958</ID>
<NAME>Internet Facing Assets</NAME>
</TAG>
</TAGS_EXCLUDE>
</TAGS>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2322756]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[BeyondTrust]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[API_TEST_7602_1779725435469]]>
</DIGITAL_VAULT_TITLE>
<VAULT_SYSTEM_NAME>
<![CDATA[sys_name]]>
</VAULT_SYSTEM_NAME>
<VAULT_ACCOUNT_NAME>
<![CDATA[accountname]]>
</VAULT_ACCOUNT_NAME>
</DIGITAL_VAULT>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TARGET_TYPE>
<![CDATA[Auto (default)]]>
</TARGET_TYPE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2026-05-26T10:43:35Z</DATETIME>
<BY>mayur_aa</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-26T10:58:59Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NETWORK_SSH>
</AUTH_NETWORK_SSH_LIST>
</RESPONSE>
</AUTH_NETWORK_SSH_LIST_OUTPUT>
<!-- This report was generated with an evaluation version of Qualys //-->
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides it's Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2026, Qualys, Inc. //-->
Support for One Identity Safeguard Vault
With this release, we now support integration with One Identity Safeguard vault for authenticated scanning. You can now create One Identity Safeguard vaults and use them in authentication technologies.
Previously, users were required to manage their username and password credentials for authenticated scans. Users with One Identity Safeguard were unable to leverage their existing vault infrastructure to securely manage scanning credentials.
For making this change, the following APIs are impacted:
- Vaults API
- Authentication Technology APIs
Vaults API: Manage One Identity Safeguard Vault
| New or Updated API | Updated |
| API Endpoint | /api/2.0/fo/vault/ |
| EOS Timeline: December 2026 | |
| EOL Timeline: June 2027 | |
| API Endpoint (New Version) |
/api/3.0/fo/vault/ |
| Method | GET and POST |
With this update, you can create, update, delete, and list One Identity Safeguard vaults.
Input ParametersInput Parameters
| Parameter Name | Required / Optional | Data Type | Description |
| vault_type | Required | String | Enter the type of vault to be created, updated, or deleted. |
| url | Required | String | Enter the base URL for the Safeguard API. |
| private_key | Required | String | Enter the private key for the vault. |
| cert | Required | String | Enter the certificate for the vault. |
| passphrase | Optional | String | Enter the passphrase for the certificate. |
| ssl_verify={1|0} | Optional | Boolean | Specify 1 to enable SSL verification else specify 0. |
Sample - Create a new One Identity Safeguard vaultSample - Create a new One Identity Safeguard vault
API Request
curl --location '<qualys_base_url>/api/3.0/fo/vault/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'type=One Identity Safeguard' \
--data-urlencode 'title={{One_Identiry_title_delete}}' \
--data-urlencode 'url=https://safeguard1.example.com' \
--data-urlencode 'cert=-----BEGIN CERTIFICATE-----...' \
--data-urlencode 'private_key=-----BEGIN PRIVATE KEY-----...' \
--data-urlencode 'passphrase=myPassphrase123'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/3.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2026-05-26T06:35:21Z</DATETIME> <TEXT>Success</TEXT> <ITEM_LIST> <ITEM> <KEY>ID</KEY> <VALUE>2323704</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN>
Sample - Update an existing One Identity Safeguard vaultSample - Update an existing One Identity Safeguard vault
API Request
curl --location '<qualys_base_url>/api/3.0/fo/vault/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'type=One Identity Safeguard' \
--data-urlencode 'url=https://safeguard_update.example.com' \
--data-urlencode 'cert=-----BEGIN CERTIFICATE-----...' \
--data-urlencode 'private_key=-----BEGIN PRIVATE KEY-----...' \
--data-urlencode 'passphrase=myPassphrase12345' \
--data-urlencode 'id=2304704'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2026-05-26T06:41:29Z</DATETIME>
<TEXT>Success</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>2304704</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/vault/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=delete' \ --data-urlencode 'id=2323704'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/3.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2026-05-26T06:43:41Z</DATETIME> <TEXT>Success</TEXT> <ITEM_LIST> <ITEM> <KEY>Status</KEY> <VALUE>Deleted</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/vault/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=list' \ --data-urlencode 'title=One_Identity_vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE AUTH_VAULT_LIST_OUTPUT SYSTEM " <qualys_base_url>/api/3.0/fo/vault/vault_output.dtd"> <AUTH_VAULT_LIST_OUTPUT> <RESPONSE> <DATETIME>2026-05-26T06:45:59Z</DATETIME> <STATUS>Success</STATUS> <COUNT>1</COUNT> <AUTH_VAULTS> <AUTH_VAULT> <TITLE> <![CDATA[One_Identity_vault]]> </TITLE> <VAULT_TYPE> <![CDATA[One Identity Safeguard]]> </VAULT_TYPE> <LAST_MODIFIED> <DATETIME>2026-05-26T06:41:28Z</DATETIME> <BY>vsh_sm</BY> </LAST_MODIFIED> <ID>2304704</ID> </AUTH_VAULT> </AUTH_VAULTS> </RESPONSE> </AUTH_VAULT_LIST_OUTPUT>
Scan Authentication APIs: Add One Identity Safeguard Vault to Authentication Records
| New or Updated API | Updated |
| API Endpoint | /api/2.0/fo/auth/ |
| EOS Timeline: December 2026 | |
| EOL Timeline: June 2027 | |
| API Endpoint (New Version) |
/api/3.0/fo/auth/ |
| Method | GET and POST |
With this update, you can create, update, delete, and list authentication technologies with One Identity Safeguard vault. The support for the One Identity Safeguard vault is provided for the following list of authentication technologies:
- Unix
- Windows
- Cisco
- Network SSH
- VMware ESXi
- vCenter
- PaloAlto
- MongoDB
- MySQL
- Oracle
- Sybase
For the MySQL and Sybase authentication technologies, the API version is incremented to V4.0. The API endpoint details and changes for the technology remain the same as given for all the other technologies. The following are the API endpoint details:
| New or Updated API | Updated |
| API Endpoint | /api/3.0/fo/auth/mysql/ /api/3.0/fo/auth/sybase/ |
| EOS Timeline: December 2026 | |
| EOL Timeline: June 2027 | |
| API Endpoint (New Version) |
/api/4.0/fo/auth/mysql/ /api/4.0/fo/auth/sybase/ |
| Method | GET and POST |
| DTD or XSD changes | Yes |
Input ParametersInput Parameters
| Parameter Name | Required / Optional | Data Type | Description |
| vault_id | Required | String | Enter the ID of the One Identity Safeguard vault. |
| vault_type | Required | String | Enter the One Identity Safeguard vault. |
| vault_app_name | Optional | String | Enter a name for the One Identity Safeguard vault. |
| vault_asset_name | Optional | String | Enter the name of asset in the One Identity Safeguard vault. |
| vault_appkey | Optional | String |
Enter the Application Key.
If the Application Key is not defined, the application name must be defined for finding the application key. |
DTD UpdateDTD Update
A new DTD for the Authentication APIs is added.
<platform API server>/api/3.0/fo/auth/unix/dtd/auth_list_output.dtd
We have provided an example of the DTD changes in Unix Authentication technology. The changes in the DTD are common for all authentication technologies.
DTD output for the Unix Authentication API is as follows:
DTD Update
<!-- QUALYS AUTH_UNIX_LIST_OUTPUT DTD --> <!-- $Revision$ --> <!ELEMENT AUTH_UNIX_LIST_OUTPUT (REQUEST?, RESPONSE)> <!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)> <!ELEMENT DATETIME (#PCDATA)> <!ELEMENT USER_LOGIN (#PCDATA)> <!ELEMENT RESOURCE (#PCDATA)> <!ELEMENT PARAM_LIST (PARAM+)> <!ELEMENT PARAM (KEY, VALUE)> <!ELEMENT KEY (#PCDATA)> <!ELEMENT VALUE (#PCDATA)> <!-- if returned, POST_DATA will be urlencoded --> <!ELEMENT POST_DATA (#PCDATA)> <!ELEMENT RESPONSE (DATETIME, (AUTH_UNIX_LIST|ID_SET)?, WARNING_LIST?, GLOSSARY?)> <!ELEMENT AUTH_UNIX_LIST (AUTH_UNIX+)> <!ELEMENT AUTH_UNIX (ID, TITLE, USERNAME, SKIP_PASSWORD?, CLEARTEXT_PASSWORD?, TARGET_TYPE?, KERBEROS_AUTHENTICATION?, REALM_DISCOVERY?, USER_REALM?, USER_KDC?, SERVICE_REALM?, SERVICE_KDC?, KERBEROS_LOGIN_INFO?, (ROOT_TOOL?|ROOT_TOOL_INFO_LIST?), ((RSA_PRIVATE_KEY?, DSA_PRIVATE_KEY?)|PRIVATE_KEY_CERTIFICATE_LIST?), PORT?, IP_SET?, TAGS?, LOGIN_TYPE?, DIGITAL_VAULT?, NETWORK_ID?, CREATED, LAST_MODIFIED, COMMENTS?, USE_AGENTLESS_TRACKING?, AGENTLESS_TRACKING_PATH?, QUALYS_SHELL?)> <!ELEMENT ID (#PCDATA)> <!ELEMENT TITLE (#PCDATA)> <!ELEMENT USERNAME (#PCDATA)> <!ELEMENT SKIP_PASSWORD (#PCDATA)> <!ELEMENT CLEARTEXT_PASSWORD (#PCDATA)> <!ELEMENT TARGET_TYPE (#PCDATA)> <!ELEMENT KERBEROS_AUTHENTICATION (#PCDATA)> <!ELEMENT REALM_DISCOVERY (#PCDATA)> <!ELEMENT USER_REALM (#PCDATA)> <!ELEMENT USER_KDC (#PCDATA)> <!ELEMENT SERVICE_REALM (#PCDATA)> <!ELEMENT SERVICE_KDC (#PCDATA)> <!ELEMENT KERBEROS_LOGIN_INFO (DIGITAL_VAULT?)> <!ATTLIST KERBEROS_LOGIN_INFO type (basic|vault) "basic"> <!ELEMENT ROOT_TOOL (#PCDATA)> <!ELEMENT ROOT_TOOL_INFO_LIST (ROOT_TOOL_INFO)*> <!ELEMENT RSA_PRIVATE_KEY EMPTY> <!ELEMENT DSA_PRIVATE_KEY EMPTY> <!ELEMENT PRIVATE_KEY_CERTIFICATE_LIST (PRIVATE_KEY_CERTIFICATE)*> <!ELEMENT PORT (#PCDATA)> <!ELEMENT IP_SET (IP|IP_RANGE)+> <!ELEMENT IP (#PCDATA)> <!ELEMENT IP_RANGE (#PCDATA)> <!ELEMENT TAGS (TAG_TYPE, TAGS_INCLUDE, TAGS_EXCLUDE?)> <!ELEMENT TAG_TYPE (#PCDATA)> <!ELEMENT TAGS_INCLUDE (SELECTOR, TAG+)> <!ELEMENT SELECTOR (#PCDATA)> <!ELEMENT TAG (ID, NAME)> <!ELEMENT NAME (#PCDATA)> <!ELEMENT TAGS_EXCLUDE (SELECTOR, TAG?)> <!ELEMENT LOGIN_TYPE (#PCDATA)> <!ELEMENT NETWORK_ID (#PCDATA)> <!ELEMENT CREATED (DATETIME, BY)> <!ELEMENT BY (#PCDATA)> <!ELEMENT LAST_MODIFIED (DATETIME)> <!ELEMENT COMMENTS (#PCDATA)> <!ELEMENT USE_AGENTLESS_TRACKING (#PCDATA)> <!ELEMENT AGENTLESS_TRACKING_PATH (#PCDATA)> <!ELEMENT QUALYS_SHELL (ENABLED, LOG_FACILITY?)> <!ELEMENT ROOT_TOOL_INFO (ID, ROOT_TOOL, PASSWORD_INFO?)> <!ELEMENT PASSWORD_INFO (DIGITAL_VAULT?)> <!ATTLIST PASSWORD_INFO type (basic|vault) "basic"> <!-- Private key contents will never be rendered --> <!ELEMENT PRIVATE_KEY_CERTIFICATE (ID, PRIVATE_KEY_INFO, PASSPHRASE_INFO, CERTIFICATE?)+> <!ELEMENT PRIVATE_KEY_INFO (PRIVATE_KEY|DIGITAL_VAULT)> <!ATTLIST PRIVATE_KEY_INFO type (basic|vault) "basic"> <!-- Private key/Certificate contents will never be rendered --> <!ELEMENT PRIVATE_KEY EMPTY> <!ATTLIST PRIVATE_KEY type (rsa|dsa|ecdsa|ed25519|pkcs8) #REQUIRED> <!ELEMENT PASSPHRASE_INFO (DIGITAL_VAULT?)> <!ATTLIST PASSPHRASE_INFO type (basic|vault) "basic"> <!ELEMENT CERTIFICATE EMPTY> <!ATTLIST CERTIFICATE type (x.509|openssh) #REQUIRED> <!ELEMENT DIGITAL_VAULT (DIGITAL_VAULT_ID, DIGITAL_VAULT_TYPE, DIGITAL_VAULT_TITLE, VAULT_USERNAME?, VAULT_FOLDER?, VAULT_FILE?, VAULT_SECRET_NAME?, VAULT_SYSTEM_NAME?, VAULT_RESOURCE_ID?, VAULT_EP_NAME?, VAULT_EP_TYPE?, VAULT_EP_CONT?, VAULT_NS_TYPE?, VAULT_NS_NAME?, VAULT_ACCOUNT_NAME?, VAULT_AUTHORIZATION_NAME?, VAULT_TARGET_NAME?, VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY?, VAULT_USE_AD_HASHICORP?, VAULT_DEVICE_NAME?, VAULT_DEVICE_HOST?, VAULT_APP_NAME?, VAULT_SERVICE_TYPE?,VAULT_ASSET_NAME?, VAULT_APPKEY?)> <!ELEMENT DIGITAL_VAULT_ID (#PCDATA)> <!ELEMENT DIGITAL_VAULT_TYPE (#PCDATA)> <!ELEMENT DIGITAL_VAULT_TITLE (#PCDATA)> <!ELEMENT VAULT_USERNAME (#PCDATA)> <!ELEMENT VAULT_FOLDER (#PCDATA)> <!ELEMENT VAULT_FILE (#PCDATA)> <!ELEMENT VAULT_SECRET_NAME (#PCDATA)> <!ELEMENT VAULT_SYSTEM_NAME (#PCDATA)> <!ELEMENT VAULT_RESOURCE_ID (#PCDATA)> <!ELEMENT VAULT_EP_NAME (#PCDATA)> <!ELEMENT VAULT_EP_TYPE (#PCDATA)> <!ELEMENT VAULT_EP_CONT (#PCDATA)> <!ELEMENT VAULT_NS_TYPE (#PCDATA)> <!ELEMENT VAULT_NS_NAME (#PCDATA)> <!ELEMENT VAULT_ACCOUNT_NAME (#PCDATA)> <!ELEMENT VAULT_AUTHORIZATION_NAME (#PCDATA)> <!ELEMENT VAULT_TARGET_NAME (#PCDATA)> <!ELEMENT VAULT_SECRET_KV_PATH (#PCDATA)> <!ELEMENT VAULT_SECRET_KV_NAME (#PCDATA)> <!ELEMENT VAULT_SECRET_KV_KEY (#PCDATA)> <!ELEMENT VAULT_USE_AD_HASHICORP (#PCDATA)> <!ELEMENT VAULT_DEVICE_NAME (#PCDATA)> <!ELEMENT VAULT_DEVICE_HOST (#PCDATA)> <!ELEMENT VAULT_APP_NAME (#PCDATA)> <!ELEMENT VAULT_SERVICE_TYPE (#PCDATA)> <!ELEMENT VAULT_ASSET_NAME (#PCDATA)> <!ELEMENT VAULT_APPKEY (#PCDATA)> <!ELEMENT ENABLED (#PCDATA)> <!ELEMENT LOG_FACILITY (#PCDATA)> <!ELEMENT WARNING_LIST (WARNING+)> <!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)> <!ELEMENT CODE (#PCDATA)> <!ELEMENT TEXT (#PCDATA)> <!ELEMENT URL (#PCDATA)> <!ELEMENT ID_SET (ID|ID_RANGE)+> <!ELEMENT ID_RANGE (#PCDATA)> <!ELEMENT GLOSSARY (USER_LIST?)> <!ELEMENT USER_LIST (USER+)> <!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)> <!ELEMENT FIRST_NAME (#PCDATA)> <!ELEMENT LAST_NAME (#PCDATA)> <!-- EOF -->
With support for One Identity Safeguard Vault, you can now create, update, delete, and view authentication records associated with vault-based credentials.
Unix
For Unix Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/unix/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_Unix' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=root' \
--data-urlencode 'login_type=vault' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_type=One Identity Safeguard' \ --data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T07:29:29Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8975403</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/unix/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8975403' \
--data-urlencode 'add_ips=1.1.1.3' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T07:30:18Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8975403</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_basse_url>/api/3.0/fo/auth/unix/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=list' \
--data-urlencode 'ids=8975403'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_UNIX_LIST_OUTPUT SYSTEM "<qualys_basse_url>/api/3.0/fo/auth/unix/dtd/auth_list_output.dtd">
<AUTH_UNIX_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-26T13:07:17Z</DATETIME>
<AUTH_UNIX_LIST>
<AUTH_UNIX>
<ID>8975403</ID>
<TITLE>
<![CDATA[Postman_Unix]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<SKIP_PASSWORD>0</SKIP_PASSWORD>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TARGET_TYPE>
<![CDATA[Auto (default)]]>
</TARGET_TYPE>
<IP_SET>
<IP>1.1.1.2</IP>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[One_Identity_vault]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<CREATED>
<DATETIME>2026-05-26T13:06:55Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-26T13:06:55Z</DATETIME>
</LAST_MODIFIED>
</AUTH_UNIX>
</AUTH_UNIX_LIST>
</RESPONSE>
</AUTH_UNIX_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/unix/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=delete' \ --data-urlencode 'ids=8975403'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-05-27T07:35:52Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Deleted</TEXT> <ID_SET> <ID>8975403</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
Windows
For Windows Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/windows/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_Windows_AD' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=administrator' \
--data-urlencode 'windows_domain=domain.local' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault' \
--data-urlencode 'vault_id=2304704'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T06:46:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8975402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/windows/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8975402' \
--data-urlencode 'add_ips=1.1.1.3' \
--data-urlencode 'username=root' \
--data-urlencode 'login_type=vault' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'vault_id=2304704'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T06:47:20Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8975402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/windows/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=list' \
--data-urlencode 'ids=8975402'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_WINDOWS_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/windows/dtd/auth_list_output.dtd">
<AUTH_WINDOWS_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-20T13:19:31Z</DATETIME>
<AUTH_WINDOWS_LIST>
<AUTH_WINDOWS>
<ID>8975402</ID>
<TITLE>
<![CDATA[Postman_Windows_AD]]>
</TITLE>
<USERNAME>
<![CDATA[administrator]]>
</USERNAME>
<NTLM_V2>1</NTLM_V2>
<KERBEROS>1</KERBEROS>
<WINDOWS_DOMAIN>
<![CDATA[domain.local]]>
</WINDOWS_DOMAIN>
<IP_SET>
<IP>1.1.1.2</IP>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[one_identity]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<CREATED>
<DATETIME>2026-05-20T13:19:10Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-20T13:19:10Z</DATETIME>
</LAST_MODIFIED>
</AUTH_WINDOWS>
</AUTH_WINDOWS_LIST>
</RESPONSE>
</AUTH_WINDOWS_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/windows/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=delete' \
--data-urlencode 'ids=8975402'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T06:50:54Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8975402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Cisco
For Cisco Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/unix/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_Cisco_IOS' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=cisco_admin' \
--data-urlencode 'sub_type=cisco' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:04:36Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8976398</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/unix/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8976398' \
--data-urlencode 'add_ips=1.1.1.3' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:05:26Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8976398</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/unix/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=list' \
--data-urlencode 'ids=8976398'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_UNIX_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/unix/dtd/auth_list_output.dtd">
<AUTH_UNIX_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-21T05:46:04Z</DATETIME>
<AUTH_UNIX_LIST>
<AUTH_UNIX>
<ID>8976398</ID>
<TITLE>
<![CDATA[Postman_Cisco_IOS]]>
</TITLE>
<USERNAME>
<![CDATA[cisco_admin]]>
</USERNAME>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<IP_SET>
<IP_RANGE>1.1.1.2-1.1.1.3</IP_RANGE>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[one_identity]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<CREATED>
<DATETIME>2026-05-21T05:45:33Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-21T05:45:47Z</DATETIME>
</LAST_MODIFIED>
</AUTH_UNIX>
</AUTH_UNIX_LIST>
</RESPONSE>
</AUTH_UNIX_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/unix/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=delete' \
--data-urlencode 'ids=8976398'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:13:52Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8976398</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Network SSH
For Network SSH Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/network_ssh/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_Network_SSH' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=netadmin' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:38:12Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8976399</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/network_ssh/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8976399' \
--data-urlencode 'add_ips=1.1.1.3' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:38:49Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8976399</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/network_ssh/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=list' \
--data-urlencode 'ids=8976399'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_NETWORK_SSH_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/network_ssh/dtd/auth_list_output.dtd">
<AUTH_NETWORK_SSH_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-21T05:44:06Z</DATETIME>
<AUTH_NETWORK_SSH_LIST>
<AUTH_NETWORK_SSH>
<ID>8976399</ID>
<TITLE>
<![CDATA[Postman_Network_SSH]]>
</TITLE>
<USERNAME>
<![CDATA[netadmin]]>
</USERNAME>
<IP_SET>
<IP_RANGE>1.1.1.2-1.1.1.3</IP_RANGE>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[one_identity]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TARGET_TYPE>
<![CDATA[Auto (default)]]>
</TARGET_TYPE>
<CREATED>
<DATETIME>2026-05-21T04:06:57Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-21T05:40:53Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NETWORK_SSH>
</AUTH_NETWORK_SSH_LIST>
</RESPONSE>
</AUTH_NETWORK_SSH_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/network_ssh/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=delete' \
--data-urlencode 'ids=8976399'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:41:46Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8976399</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
VMware ESXi
For VMware ESXi Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/vmware/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_VMware_ESXi' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=root' \
--data-urlencode 'login_type=vault' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:45:29Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8976400</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/vmware/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8976400' \
--data-urlencode 'login_type=vault' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'add_ips=1.1.1.3'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:46:50Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8976400</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/vmware/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=list' \
--data-urlencode 'ids=8976400'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_VMWARE_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/vmware/auth_vmware_list_output.dtd">
<AUTH_VMWARE_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-21T06:31:07Z</DATETIME>
<AUTH_VMWARE_LIST>
<AUTH_VMWARE>
<ID>8976400</ID>
<TITLE>
<![CDATA[Postman_VMware_ESXi]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<PORT>443</PORT>
<SSL_VERIFY>
<![CDATA[all]]>
</SSL_VERIFY>
<IP_SET>
<IP_RANGE>1.1.1.2-1.1.1.3</IP_RANGE>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[one_identity]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<CREATED>
<DATETIME>2026-05-21T06:03:29Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-21T06:30:51Z</DATETIME>
</LAST_MODIFIED>
</AUTH_VMWARE>
</AUTH_VMWARE_LIST>
</RESPONSE>
</AUTH_VMWARE_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/vmware/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=delete' \
--data-urlencode 'ids=8976400'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:49:23Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8976400</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
vCenter
For vCenter Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/vcenter/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_vCenter' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode '[email protected]' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:51:37Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8976401</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/vcenter/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8976401' \
--data-urlencode 'add_ips=1.1.1.3' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:52:11Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8976401</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/vcenter/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=list' \
--data-urlencode 'ids=8976401'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_VCENTER_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/vcenter/auth_vcenter_list_output.dtd">
<AUTH_VCENTER_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-21T07:03:24Z</DATETIME>
<AUTH_VCENTER_LIST>
<AUTH_VCENTER>
<ID>8976401</ID>
<TITLE>
<![CDATA[Postman_vCenter]]>
</TITLE>
<USERNAME>
<![CDATA[[email protected]]]>
</USERNAME>
<PORT>443</PORT>
<SSL_VERIFY>
<![CDATA[none]]>
</SSL_VERIFY>
<IP_SET>
<IP_RANGE>1.1.1.2-1.1.1.3</IP_RANGE>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[one_identity]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<CREATED>
<DATETIME>2026-05-21T06:58:06Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-21T07:00:00Z</DATETIME>
</LAST_MODIFIED>
</AUTH_VCENTER>
</AUTH_VCENTER_LIST>
</RESPONSE>
</AUTH_VCENTER_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/vcenter/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=delete' \
--data-urlencode 'ids=8976401'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T10:54:53Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8976401</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
PaloAlto
For PaloAlto Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_PaloAlto' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=admin' \
--data-urlencode 'ssl_verify=0' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T12:43:45Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8976402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8976402' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T12:45:39Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8976402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=list' \ --data-urlencode 'ids=8976402'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_PALO_ALTO_FIREWALL_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/auth_palo_alto_firewall_list_output.dtd">
<AUTH_PALO_ALTO_FIREWALL_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-21T07:13:05Z</DATETIME>
<AUTH_PALO_ALTO_FIREWALL_LIST>
<AUTH_PALO_ALTO_FIREWALL>
<ID>8976402</ID>
<TITLE>
<![CDATA[Postman_PaloAlto]]>
</TITLE>
<USERNAME>
<![CDATA[admin]]>
</USERNAME>
<SSL_VERIFY>
<![CDATA[0]]>
</SSL_VERIFY>
<IP_SET>
<IP_RANGE>1.1.1.2-1.1.1.3</IP_RANGE>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[one_identity]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<CREATED>
<DATETIME>2026-05-21T07:07:34Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-21T07:11:03Z</DATETIME>
</LAST_MODIFIED>
</AUTH_PALO_ALTO_FIREWALL>
</AUTH_PALO_ALTO_FIREWALL_LIST>
</RESPONSE>
</AUTH_PALO_ALTO_FIREWALL_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/palo_alto_firewall/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=delete' \ --data-urlencode 'ids=8976402'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-05-27T12:49:08Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Deleted</TEXT> <ID_SET> <ID>8976402</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
MongoDB
For MongoDB Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/mongodb/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=create' \ --data-urlencode 'title=Postman_MongoDB' \ --data-urlencode 'ips=1.1.1.2' \ --data-urlencode 'username=mongodb_user' \ --data-urlencode 'database_name=admin' \ --data-urlencode 'port=27017' \ --data-urlencode 'vault_type=One Identity Safeguard' \ --data-urlencode 'vault_id=2304704' \ --data-urlencode 'vault_app_name=<vault_app_name>' \ --data-urlencode 'vault_asset_name=<vault_asset_name>' \ --data-urlencode 'vault_appkey=<vault_assetkey>' \ --data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-05-27T12:58:12Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Created</TEXT> <ID_SET> <ID>8976404</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/mongodb/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8976404' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T12:58:59Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8976404</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/mongodb/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=list' \
--data-urlencode 'ids=8976404'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_MONGODB_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/mongodb/auth_mongodb_list_output.dtd">
<AUTH_MONGODB_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-20T14:02:02Z</DATETIME>
<AUTH_MONGODB_LIST>
<AUTH_MONGODB>
<ID>8976404</ID>
<TITLE>
<![CDATA[Postman_MongoDB]]>
</TITLE>
<USERNAME>
<![CDATA[mongodb_user]]>
</USERNAME>
<CREDENTIAL_TYPE>
<![CDATA[local]]>
</CREDENTIAL_TYPE>
<DATABASE>
<![CDATA[admin]]>
</DATABASE>
<PORT>27017</PORT>
<UNIX_CONFIGURATION_FILE>
<![CDATA[]]>
</UNIX_CONFIGURATION_FILE>
<SSL_VERIFY>
<![CDATA[0]]>
</SSL_VERIFY>
<IP_SET>
<IP>1.1.1.2</IP>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[one_identity]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<REQUIRE_CERT>
<![CDATA[0]]>
</REQUIRE_CERT>
<CREATED>
<DATETIME>2026-05-20T13:53:33Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-20T13:53:33Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
<IS_TEMPLATE>0</IS_TEMPLATE>
</AUTH_MONGODB>
</AUTH_MONGODB_LIST>
</RESPONSE>
</AUTH_MONGODB_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/mongodb/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=delete' \ --data-urlencode 'ids=8976404'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-05-27T13:02:10Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Deleted</TEXT> <ID_SET> <ID>8976404</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
MySQL
For MySQL Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/4.0/fo/auth/mysql/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_MySQL' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=mysql_user' \
--data-urlencode 'database=mysql' \
--data-urlencode 'port=3306' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T13:03:57Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8976405</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/4.0/fo/auth/mysql/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8976405' \
--data-urlencode 'add_ips=1.1.1.3' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T13:04:49Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8976405</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/4.0/fo/auth/mysql/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=list' \ --data-urlencode 'ids=8976405'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_MYSQL_LIST_OUTPUT SYSTEM "
<qualys_base_url>/api/4.0/fo/auth/mysql/auth_mysql_list_output.dtd">
<AUTH_MYSQL_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-06-01T13:04:14Z</DATETIME>
<AUTH_MYSQL_LIST>
<AUTH_MYSQL>
<ID>9004843</ID>
<TITLE>
<![CDATA[Postman_MySQL]]>
</TITLE>
<USERNAME>
<![CDATA[mysql_user]]>
</USERNAME>
<DATABASE>
<![CDATA[mysql]]>
</DATABASE>
<PORT>3306</PORT>
<IP_SET>
<IP>1.1.1.2</IP>
</IP_SET>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[One_Identity_vault]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<SSL_VERIFY>false</SSL_VERIFY>
<WINDOWS_CONF_FILE>
<![CDATA[]]>
</WINDOWS_CONF_FILE>
<UNIX_CONF_FILE>
<![CDATA[]]>
</UNIX_CONF_FILE>
<CREATED>
<DATETIME>2026-05-29T12:34:23Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-29T12:34:23Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
<IS_TEMPLATE>0</IS_TEMPLATE>
</AUTH_MYSQL>
</AUTH_MYSQL_LIST>
</RESPONSE>
</AUTH_MYSQL_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/4.0/fo/auth/mysql/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=delete' \
--data-urlencode 'ids=8976405'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T13:07:38Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8976405</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Oracle
For Oracle Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/oracle/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_Oracle' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=system' \
--data-urlencode 'sid=ORCL' \
--data-urlencode 'port=1521' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-26T03:39:02Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8965398</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/oracle/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8965398' \
--data-urlencode 'add_ips=1.1.1.3' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-26T03:39:18Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8965398</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/oracle/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=list' \
--data-urlencode 'ids=8965398'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_ORACLE_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/oracle/auth_oracle_list_output.dtd">
<AUTH_ORACLE_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2026-05-26T03:39:34Z</DATETIME>
<AUTH_ORACLE_LIST>
<AUTH_ORACLE>
<ID>8965398</ID>
<TITLE>
<![CDATA[Postman_Oracle]]>
</TITLE>
<USERNAME>
<![CDATA[system]]>
</USERNAME>
<SID>
<![CDATA[ORCL]]>
</SID>
<PORT>1521</PORT>
<IP_SET>
<IP_RANGE>1.1.1.2-1.1.1.3</IP_RANGE>
</IP_SET>
<WINDOWS_OS_CHECKS>0</WINDOWS_OS_CHECKS>
<UNIX_OPATCH_CHECKS>0</UNIX_OPATCH_CHECKS>
<UNIX_OS_CHECKS>0</UNIX_OS_CHECKS>
<LOGIN_TYPE>
<![CDATA[vault]]>
</LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[2304704]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[One Identity Safeguard]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[One_Identity_vault]]>
</DIGITAL_VAULT_TITLE>
<VAULT_APP_NAME>
<![CDATA[amit]]>
</VAULT_APP_NAME>
<VAULT_ASSET_NAME>
<![CDATA[rahul]]>
</VAULT_ASSET_NAME>
<VAULT_APPKEY>
<![CDATA[saket]]>
</VAULT_APPKEY>
</DIGITAL_VAULT>
<CREATED>
<DATETIME>2026-05-26T03:39:01Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2026-05-26T03:39:18Z</DATETIME>
</LAST_MODIFIED>
<IS_SYSTEM_CREATED>0</IS_SYSTEM_CREATED>
<IS_ACTIVE>1</IS_ACTIVE>
<IS_TEMPLATE>0</IS_TEMPLATE>
</AUTH_ORACLE>
</AUTH_ORACLE_LIST>
</RESPONSE>
</AUTH_ORACLE_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/3.0/fo/auth/oracle/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=delete' \
--data-urlencode 'ids=8965398'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-26T03:39:48Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8965398</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sybase
For Sybase Authentication Technology with One Identity Safeguard vault, the following API samples are provided:
API Request
curl --location '<qualys_base_url>/api/4.0/fo/auth/sybase/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=create' \
--data-urlencode 'title=Postman_Sybase_ASE' \
--data-urlencode 'ips=1.1.1.2' \
--data-urlencode 'username=sa' \
--data-urlencode 'database=master' \
--data-urlencode 'port=5000' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T13:42:17Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>8976409</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/4.0/fo/auth/sybase/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=update' \
--data-urlencode 'ids=8976409' \
--data-urlencode 'add_ips=1.1.1.3' \
--data-urlencode 'vault_type=One Identity Safeguard' \
--data-urlencode 'vault_id=2304704' \
--data-urlencode 'vault_app_name=<vault_app_name>' \
--data-urlencode 'vault_asset_name=<vault_asset_name>' \
--data-urlencode 'vault_appkey=<vault_assetkey>' \
--data-urlencode 'login_type=vault'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T13:43:50Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>8976409</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl --location '<qualys_base_url>/api/4.0/fo/auth/sybase/' \ --header 'X-Requested-With: Qualys Postman Collection' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \ --data-urlencode 'action=list' \ --data-urlencode 'ids=9000398'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE AUTH_SYBASE_LIST_OUTPUT SYSTEM " <qualys_base_url>/api/4.0/fo/auth/sybase/auth_sybase_list_output.dtd"> <AUTH_SYBASE_LIST_OUTPUT> <RESPONSE> <DATETIME>2026-06-03T10:19:15Z</DATETIME> <AUTH_SYBASE_LIST> <AUTH_SYBASE> <ID>9005046</ID> <TITLE> <![CDATA[Postman_Sybase_ASE]]> </TITLE> <USERNAME> <![CDATA[sa]]> </USERNAME> <DATABASE> <![CDATA[master]]> </DATABASE> <PORT>5000</PORT> <SSL_VERIFY>false</SSL_VERIFY> <IP_SET> <IP>1.1.1.2</IP> </IP_SET> <LOGIN_TYPE> <![CDATA[vault]]> </LOGIN_TYPE> <DIGITAL_VAULT> <DIGITAL_VAULT_ID> <![CDATA[2304704]]> </DIGITAL_VAULT_ID> <DIGITAL_VAULT_TYPE> <![CDATA[One Identity Safeguard]]> </DIGITAL_VAULT_TYPE> <DIGITAL_VAULT_TITLE> <![CDATA[One_Identity_vault]]> </DIGITAL_VAULT_TITLE> <VAULT_APP_NAME> <![CDATA[amit]]> </VAULT_APP_NAME> <VAULT_ASSET_NAME> <![CDATA[rahul]]> </VAULT_ASSET_NAME> <VAULT_APPKEY> <![CDATA[saket]]> </VAULT_APPKEY> </DIGITAL_VAULT> <CREATED> <DATETIME>2026-05-29T12:37:57Z</DATETIME> <BY>vsh_sm</BY> </CREATED> <LAST_MODIFIED> <DATETIME>2026-05-29T12:37:57Z</DATETIME> </LAST_MODIFIED> </AUTH_SYBASE> </AUTH_SYBASE_LIST> </RESPONSE> </AUTH_SYBASE_LIST_OUTPUT>
API Request
curl --location '<qualys_base_url>/api/4.0/fo/auth/sybase/' \
--header 'X-Requested-With: Qualys Postman Collection' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dnNoX3NtOlF1YWx5c0A3ODk=' \
--data-urlencode 'action=delete' \
--data-urlencode 'ids=8976409'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/4.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-05-27T13:48:16Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Deleted</TEXT>
<ID_SET>
<ID>8976409</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Issues Addressed
The following reported and notable customer issues are fixed in this release:
| Component/Category | Description |
| VM | When users invoked the Host List Detection (HLD) API with parameters such as show_igs and show_results, the API response took significantly longer to return for large datasets, impacting performance. This issue has been resolved by improving how data is retrieved and processed, ensuring the HLD API now delivers results more efficiently and reliably across all supported versions. |