Qualys Enterprise TruRisk™ Platform (VM, PA Release 10.38) API Notification

Anushka Damle
Anushka Damle, Platform Analyst, Qualys
- 2 min read

Table of Contents

A new release of Qualys Enterprise TruRisk™ Platform (VM, PC Release 10.38), which is released in March 2026, includes updates to an existing API. This API notification highlights recently released changes, enabling you to identify use cases that can benefit from the updated APIs.

What’s New?

Extended SNMPv3 Algorithm Support in API Versions 2.0 and 3.0

POST /api/2.0/fo/auth/snmp/ and /api/3.0/fo/auth/snmp/

DTD or XSD changes: No

With this release, we have expanded SNMPv3 Authentication and Encryption algorithm support. The API validation logic is updated to recognize new algorithm values for creating or editing SNMPv3 authentication records across API versions 2.0 and 3.0.

This update provides greater flexibility and compatibility with a wider range of SNMPv3 implementations.

The error messages in versions 2.0 and 3.0 are also updated to reflect the complete list of valid algorithms.

MHT Format Deprecated and Removed from Report APIs

With this release, we have removed support for the MHT report format from all report-related API endpoints. This change aligns with the deprecation of the MHT format following the end of Internet Explorer support.

Enhanced Password Change Rate Limit Functionality

POST  /msp/password_change.php and /api/2.0/fo/user/change_password/

DTD or XSD changes: No

With this release, the password change functionality has been enhanced to enforce a rate limit of three password changes within a one‑hour period. You can change your password three times in an hour. If there is an attempt to exceed this limit, an error is returned in the API response.

This rate limit applies in the following scenarios:

  • When the Manager user changes the password of a sub-user using the MSP endpoint, /msp/password_change.php.
  • When any user logs in to their subscription and changes their login password using the endpoint /api/2.0/fo/user/change_password/.

New Region Codes Added for EC2 Scan Launch API

The EC2 scan launch API now supports additional AWS region codes to align with AWS’ recently added regions. These updates ensure that API calls using these region codes no longer trigger validation errors.
This enhancement eliminates region based validation failures for newly added AWS regions.

For more information, please refer: https://docs.qualys.com/en/vm/release-notes/qweb/release_10_38_api.htm

Share your Comments

Comments

Your email address will not be published. Required fields are marked *