API Change Log

This is a log of changes to the Bitsight API, such as new and deprecated endpoints (paths). See the integration guides that use the Bitsight API.

For sustainability purposes, entries older than 2 years are removed from this log.

24-JUL-2025

Probable Infrastructure API

/v1/companies/probable-infrastructure

Probable Infrastructure provides asset suggestions.

17-JUL-2025

POST: Delete Custom Infrastructure in Bulk

/v1/companies/company_guid/infrastructure/custom/bulk/

Delete one or more assets from a company's custom infrastructure and no longer be attributed to them.

10-JUL-2025

POST: Modify Infrastructure Tags

/v1/companies/company_guid/tags/bulk

Added modify & delete parameters and examples.

01-JUL-2025

POST: Set an End Date for Company-Provided Assets

• domain option for infrastructure_type parameter.
• Domain name option for infrastructure parameter.
• infrastructure_type also available within the expirations data.

26-JUN-2025

GET: Infrastructure Tags

/v1/companies/company_guid/tags

Retrieve infrastructure tags assigned to a company.

02-JUN-2025

Threats API Endpoint – v1 fully deprecated.

02-MAY-2025

• PATCH: Tag Asset [/v1/companies/company_guid/tags/bulk]
• PATCH: Tag Infrastructure [/v1/companies/company_guid/infrastructure/tags]
• POST: Modify Infrastructure Tags [/v1/companies/company_guid/tags/bulk]

07-APR-2025

GET: Finding Comments – View finding comments, which can be used to track remediation changes.

03-APR-2025

Dynamic Vulnerability Exploit (DVE) in GET: Portfolio Threats [v2]

07-JAN-2025

GET: Finding Details [/v1/companies/entity_guid/findings] – last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes.

07-JAN-2025

GET: Monitored Assets Summaries [/v1/portfolio/monitored-assets/summaries] – threats parameters.

31-OCT-2024

Alerts API Endpoint – added company_custom_id to the expand query parameter. When used, this field returns a customer-provided custom ID for the organization.

18-OCT-2024

Threats API Endpoint version 2.

01-OCT-2024

GET: Monitored Assets Summaries [/v1/portfolio/monitored-assets/summaries] – Get a summary of the critical assets you monitor.

03-SEP-2024

POST: Create a Collaboration Registration Form [/v1/client-access-links] – scope parameter and response attribute to specify the context in which a client access link is created. This endpoint is now available to both CM and Insurance users.

20-AUG-2024

GET: Underwriting Guidelines [/v1/underwriting-guidelines] and GET: Default Underwriting Guidelines [/v1/underwriting-guidelines/defaults] – infections response attribute.

20-AUG-2024

POST: Create an Underwriting Guideline [/v1/underwriting-guidelines] and PATCH: Edit an Underwriting Guideline [/v1/underwriting-guidelines] – infections parameter.

20-AUG-2024

GET: Compare Client to the Underwriting Guidelines [/v1/companies/client_guid/underwriting-guidelines] – infections_count and infections_detected response attributes.

15-JUL-2024

GET: Findings Summaries [/v1/companies/company_guid/findings/statistics] and GET: Findings Statistics [/v1/companies/company_guid/findings/statistics]

10-JUL-2024

Bitsight VRM API – Compatible with company API tokens.

24-MAY-2024

POST: Download Report [/v1/reports] – report_template parameter to specify the report.

16-MAY-2024

GET: Compare Client to the Underwriting Guidelines [/v1/companies/client_guid/underwriting-guidelines] – threat_groups_detected & threats_detected added to the response.

15-MAY-2024

GET: Web Application Security Finding Details – Annotations grouped into evidences object.

09-APR-2024

threats & threat_groups for Underwriting Guidelines:

• GET: Underwriting Guidelines
• GET: Default Underwriting Guidelines
• POST: Create an Underwriting Guideline
• PATCH: Edit an Underwriting Guideline
• GET: Compare Client to the Underwriting Guidelines

08-APR-2024

GET: Finding Details - When no order is specified in a findings API call (/companies/company_guid/findings), the results are supposed to return in descending order based on the last_seen field. A bug that caused some results to appear out of order was recently resolved. As a result, there may be some minor changes to the order of results.

29-MAR-2024

GET: DMARC Finding Details [/v1/companies/company_guid/findings?risk_vector=dmarc

01-MAR-2024

Threats API Endpoint

12-FEB-2024

Client Access Links API Endpoint

30-JAN-2024

POST: Bulk Edit Collaboration Status [/v1/access-requests/bulk] – Edit the collaboration status of collaboration requests through the Client/Vendor Access Program in bulk.

29-JAN-2024

GET: Assets – New parameters.

• tags_contains
• tags_isnull
• ?expand=delegated_security_controls

06-DEC-2023

GET: Peer Comparison Group Configuration Details [/v1/peer-analytics/peer-groups] – Benchmark group.

30-NOV-2023

GET: Assets [/v1/companies/company_guid/assets] – expand parameter to get tag details.

07-NOV-2023

GET: Assets [/v1/companies/company_guid/assets] – temporary_id field for assets.

13-OCT-2023

GET: Finding Details – affects_rating_details parameter.

05-OCT-2023

Current Ratings API Endpoint – Current ratings of an entity or all portfolio entities.

02-OCT-2023

PATCH: Update the Status or Assignee of a Finding [/v1/remediations/]

25-SEP-2023

GET: Ratings Tree [/v1/companies/company_guid/company-tree]

• is_shell parameter
• is_bundled, has_control, is_shell, is_csp fields

16-AUG-2023

GET: Company Requests Summary – Get a summary of your organization’s company requests.

03-AUG-2023

GET: Assets

• New parameters:
  • threat.guid
  • threat.severity_level
  • threat.evidence_certainty
  • threat.exposure_detection
• New rolled_up_observation_ids field.