Release Date: April 22, 2025
We’re pleased to announce the following updates to the Forward Networks API as part of release 25.4.0. This update introduces breaking changes to credential management, adds new models and properties, and expands support for vendors and device types.
For platform-wide updates, see the full Forward Enterprise 25.4.0 Release Notes.
Breaking Changes
ID Auto-Generation for Credentials and Jump Servers
The id property is no longer accepted in API requests when creating device credentials or jump servers. IDs are now always auto-generated by the system.
Affected API Endpoints:
-
POST /api/networks/{networkId}/deviceCredentials -
PATCH /api/networks/{networkId}/deviceCredentials -
POST /api/networks/{networkId}/jumpServers
Credential Segregation by Protocol
Device credentials are now separated into CLI credentials (for SSH/telnet) and HTTP credentials (for HTTP/HTTPS). New APIs are available for managing each type. Legacy device credential operations are now deprecated and scheduled for removal in release 25.7.
Affected API Endpoints:
-
GET /api/networks/{networkId}/deviceCredentials -
POST /api/networks/{networkId}/deviceCredentials -
PATCH /api/networks/{networkId}/deviceCredentials -
PATCH /api/networks/{networkId}/deviceCredentials/{credentialId} -
DELETE /api/networks/{networkId}/deviceCredentials/{credentialId}
Scheduled Breaking Changes
New Compact ID Format for Credentials
Starting in release 25.5, CLI, HTTP, and SNMP credentials will use a new compact, system-generated ID format. Most customers will not be affected, but any use of externally stored credential IDs will require updates.
Affected API Endpoints:
-
CLI credentials
-
GET,PATCH:/api/networks/{networkId}/cli-credentials -
GET,PATCH,DELETE:/api/networks/{networkId}/cli-credentials/{credentialId}
-
-
HTTP credentials
-
GET,PATCH:/api/networks/{networkId}/http-credentials -
GET,PATCH,DELETE:/api/networks/{networkId}/http-credentials/{credentialId}
-
-
Legacy device credentials
-
GET,PATCH:/api/networks/{networkId}/deviceCredentials -
PATCH,DELETE:/api/networks/{networkId}/deviceCredentials/{credentialId}
-
-
Device sources
-
GET,POST:/api/networks/{networkId}/deviceSources -
GET,PUT,PATCH:/api/networks/{networkId}/deviceSources/{deviceSourceName}
-
Operation Behavior Changes
Most operations that return device credentials now use the StoredDeviceCredential model, which includes the following attribution properties:
-
createdById,createdBy,createdAt -
updatedById,updatedBy,updatedAt
Affected API Endpoints:
-
GET /api/networks/{networkId}/deviceCredentials -
GET /api/networks/{networkId}/deviceCredentials/{credentialId} -
PATCH /api/networks/{networkId}/deviceCredentials/{credentialId}
New Operations
CLI Credentials
-
GET,POST,PATCH:/api/networks/{networkId}/cli-credentials -
GET,PATCH,DELETE:/api/networks/{networkId}/cli-credentials/{credentialId}
HTTP Credentials
-
GET,POST,PATCH:/api/networks/{networkId}/http-credentials -
GET,PATCH,DELETE:/api/networks/{networkId}/http-credentials/{credentialId}
Model Changes
Device
-
Added
collectionErrorvalue:CONFIG_COLLECTION_UNAUTHORIZED -
Added vendor:
EDGE_CORE, platform:edge_core_sonic
Affected Endpoints:
-
GET /api/networks/{networkId}/devices -
GET /api/snapshots/{snapshotId}/devices -
GET /api/snapshots/{snapshotId}/devices/{deviceName}
Device Credential Models
-
Renamed:
-
DeviceCredential→CliCredential -
DeviceCredentialUpdate→CliCredentialUpdate -
NewDeviceCredential→NewCliCredential -
StoredDeviceCredential→StoredCliCredential
-
DeviceSource
-
Added
typevalue:sonic_edge_core_ssh -
Added properties:
httpCredentialId,apiKeyId
Affected Endpoints:
-
GET,POST:/api/networks/{networkId}/deviceSources -
GET,PUT,PATCH:/api/networks/{networkId}/deviceSources/{deviceSourceName}
InternetNode
-
Added property:
subnetsToExclude
Affected Endpoints:
-
GET,PUT,PATCH:/api/networks/{networkId}/internet-node
MissingDevice
-
Updated allowable values for
typeandpossibleTypes -
Added
discoveryMethodproperty with values:LLDP_CDP,IBGP,OSPF -
Added new types:
-
sonic_edge_core_ssh -
versa_flexvnf_ssh -
versa_switch_ssh
-
-
Renamed
cisco_wireless_api→cisco_wireless_ap
Affected Endpoint:
-
GET /api/snapshots/{snapshotId}/missingDevices
PathQuery
-
Added
flowTypesvalue:POTENTIAL_LOOP
StoredCliCredential
-
Added attribution properties:
createdById,createdBy,createdAt,updatedById,updatedBy,updatedAt
Vulnerability
-
Added properties:
dependsOnConfig,deviceResults -
Added vendor:
EDGE_CORE, OS:edge_core_sonic
Affected Endpoint:
-
GET /api/snapshots/{snapshotId}/vulnerabilities
New Models
-
NewDeviceCredential– Same asDeviceCredential, but without anid -
NewJumpServer– Same asJumpServer, but without anid -
StoredDeviceCredential– Includes attribution metadata -
StoredJumpServer– Includes attribution metadata -
HttpCredential,NewHttpCredential,HttpCredentialUpdate,StoredHttpCredential -
VulnerabilityDetectionResult– Used indeviceResultsofVulnerability
Notable Changes to Unpublished APIs
Some unpublished API operations have moved. These APIs are not part of the public documentation and have no stability guarantees, but we are including changes here for your awareness:
-
GET /api/networks/{networkId}/basic-auth-credentials→GET /api/networks/{networkId}/http-credentials -
POST /api/networks/{networkId}/basic-auth-credentials→POST /api/networks/{networkId}/http-credentials -
PATCH /api/networks/{networkId}/basic-auth-credentials/{credentialId}→PATCH /api/networks/{networkId}/http-credentials/{credentialId} -
DELETE /api/networks/{networkId}/basic-auth-credentials/{credentialId}→DELETE /api/networks/{networkId}/http-credentials/{credentialId}
