Released: 2025-07-22

We’re pleased to announce the following updates to the Forward Networks API as part of release 25.7.0.

For more details, see the full Forward Enterprise API 25.7.0 release notes.

Breaking Changes

• Device credential APIs removed: The legacy deviceCredentials endpoints have been removed. Use the /cli-credentials and /http-credentials endpoints instead.

  • Removed endpoints:

    • GET /api/networks/{networkId}/deviceCredentials

    • POST /api/networks/{networkId}/deviceCredentials

    • PATCH /api/networks/{networkId}/deviceCredentials

    • PATCH /api/networks/{networkId}/deviceCredentials/{credentialId}

    • DELETE /api/networks/{networkId}/deviceCredentials/{credentialId}

Scheduled Breaking Changes

The following endpoints and fields are deprecated and scheduled for removal in a future release.

• Device source operations (removal in 25.9): Use /classic-devices operations instead.

  • Affected endpoints include:

    • GET|POST|DELETE /api/networks/{networkId}/deviceSources

    • GET|PUT|PATCH|DELETE /api/networks/{networkId}/deviceSources/{deviceSourceName}

• Legacy snapshot device operations (removal in 25.9): Use /devices/... or /missing-devices instead.

  • Affected endpoints:

    • GET /api/snapshots/{snapshotId}/devices/{deviceName}

    • GET /api/snapshots/{snapshotId}/devices/{deviceName}/files[/{fileName}]

    • GET /api/snapshots/{snapshotId}/missingDevices

• Snapshot processing state (removal in 25.10): SnapshotMetrics.needsProcessing is deprecated. Use snapshotState = "UNPROCESSED" instead.

  • Affected endpoint:

    • GET /api/snapshots/{snapshotId}/metrics

• Vulnerability endpoint moved (removal in 25.10): Use GET /api/networks/{networkId}/vulnerabilities instead.

  • Deprecated endpoint:

    • GET /api/snapshots/{snapshotId}/vulnerabilities

New Operations

• GET /api/networks/{networkId}/vulnerabilities[?snapshotId=...]
  Adds support for querying vulnerabilities by network, with optional snapshot filtering.

New Models

• VulnerabilityAnalysisDeprecated and VulnerabilityDeprecated were introduced to preserve current behavior during the transition to newer models.

Query Parameter Changes

• Path Search: Added optional includeTags parameter.

  • Affected endpoint: GET /api/networks/{networkId}/paths

• Vulnerability Analysis: Added offset and limit parameters to support pagination.

  • Affected endpoint: GET /api/networks/{networkId}/vulnerabilities[?snapshotId=...]

Model Changes

• Device platform values: "dell" has been renamed to "dell_os6" in the Device and Vulnerability models.

• CLI credential schema cleanup: The deprecated loginType property was removed from all CLI credential models.

• Error response structure: ErrorInfo and NqeErrorInfo now explicitly require httpMethod, apiUrl, and message—this improves schema accuracy but does not change runtime behavior.

• Path modeling:

  • tags added to PathHop.

  • includeTags added to PathSearchBulkRequest.

• SnapshotMetrics:

  • Added snapshotState.

  • Deprecated needsReprocessing for future removal.

• Vulnerability models:

  • score removed; use v2Score, v3Score, or v4Score.

  • devices is now optional when deviceResults is present.

  • Introduced a simplified Vulnerability model without relevantLineRanges.

• VulnerabilityAnalysis:

  • Uses string timestamps for indexCreatedAt and indexUploadedAt.

  • Pagination support added via offset and total.

Unpublished API Changes

The following unpublished operations were removed. These were undocumented and unsupported.

• Legacy device tagging operations removed: Use the documented /device-tags endpoints instead.

  • Removed operations include:

    • POST /deviceConfigs?op=addTags|deleteTags

    • PATCH /deviceConfigs/{deviceName}

    • POST /endpoints?action=addTags|deleteTags|deleteAllTags

    • POST /snapshots/{snapshotId}/devices?op=addTags|deleteTags

    • PATCH /snapshots/{snapshotId}/devices/{deviceName}