Qualys PCI Compliance 1.6 API Notification 1
Table of Contents
- Whats New?
- New API: Generate Compliance Summary Report with Compliance Status
- New API: Fetch the Special Notes and Non-Complaint IPs for Your Assets
- New API: Submit the Compliance Report Generation Request
- New API: Fetch the Compliance Report Status
- New API: Download Executive and Technical Compliance Report
- New API: Request Review for Compliance Report
A new release of Qualys PCI Compliance 1.6 includes new APIs, which is targeted for release in January 2025. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API changes, allowing you to identify use cases that can leverage this updated API.
What’s New?
With this release, we have introduced new APIs to generate compliance summary reports, fetch special notes and non-compliant IP addresses, submit report generation requests, fetch compliance report status, download executive and technical compliance reports, and request review for compliance reports. All these APIs are accessible with PCI Merchant Authentication.
New API: Generate Compliance Summary Report with Compliance Status
GET /pci/compliance/summary
DTD or XSD changes: Not Applicable
The Compliance Summary API lists all the assets with their IP addresses, DNS hostnames, and PCI compliance status. Earlier, the compliance status for the assets was included in executive reports under the compliance summary section. Now with the help of this API, you can generate the asset-level compliance summary report.
New API: Fetch the Special Notes and Non-Complaint IPs for Your Assets
GET /pci/reporting/reportGeneration/fetch
DTD or XSD changes: Not Applicable
The Compliance Report Generation API fetches the asset details, special note details, QIDs detected for these assets, and non-compliant IP addresses.
New API: Submit the Compliance Report Generation Request
GET /pci/reporting/reportGeneration/submit
DTD or XSD changes: Not Applicable
Use the Report Generation Request API to submit the compliance report generation request. You need to add special notes and non-compliant IP details while submitting the request. You can fetch this data using the compliance report generation API.
Along with the details from the fetch request, add the following information in the API request body:
- Justification comments for special notes.
- Justification comments for non-compliant IP addresses.
- Other required data such as name and title of the person submitting the report, inactive IP addresses/range, and submission title for the report.
New API: Fetch the Compliance Report Status
GET /pci/reporting/reportGeneration/submit
DTD or XSD changes: Not Applicable
You can check the compliance report status using the Compliance Report Status API. Provide the compliance report ID in the API request to see the report status. The following table shows the different report status and their description.
New API: Download Executive and Technical Compliance Report
GET /pci/reporting/download
DTD or XSD changes: Not Applicable
You can download the executive or technical compliance report using the Compliance Report Download API. To download, specify the report ID and report type (Executive or Technical) as the query parameter. You can download only the executive or technical report in a single request.
When the report download request is successfully processed, either the technical report or executive report is downloaded in PDF format as specified in the API request with a success code in the API response.
New API: Request Review for Compliance Report
GET /pci/reporting/{reportId}/requestReview
DTD or XSD changes: Not Applicable
Use the Compliance Report Review API to request a review of a compliance report using its report ID. Provide the report ID as a query parameter to send the review request for the generated report. The report is sent to the admin user for review.