API Updates for 25.9.0

Released: 2025-09-16

We’re pleased to announce the following updates to the Forward Networks API as part of release 25.9.0.

See also the full release notes for Forward Enterprise version 25.9.0.

Breaking changes

• Network Setup: Deprecated device source operations have been removed. Use the /classic-devices endpoints instead.

  • Removed operations:

    • GET /api/networks/{networkId}/deviceSources

    • POST /api/networks/{networkId}/deviceSources

    • DELETE /api/networks/{networkId}/deviceSources

    • GET /api/networks/{networkId}/deviceSources/{deviceSourceName}

    • PUT /api/networks/{networkId}/deviceSources/{deviceSourceName}

    • PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName}

    • DELETE /api/networks/{networkId}/deviceSources/{deviceSourceName}

• Network Devices: Snapshot-based device operations have been removed. Use /api/networks/{networkId}/devices/... and /missing-devices instead.

  • Removed operations:

    • GET /api/snapshots/{snapshotId}/devices/{deviceName}

    • GET /api/snapshots/{snapshotId}/devices/{deviceName}/files

    • GET /api/snapshots/{snapshotId}/devices/{deviceName}/files/{fileName}

    • GET /api/snapshots/{snapshotId}/missingDevices

Scheduled breaking changes

• Network Snapshots: The needsReprocessing property of SnapshotMetrics is deprecated and will be removed in release 25.10. Check snapshotState for "UNPROCESSED" instead.

  • Affected operation:

    • GET /api/snapshots/{snapshotId}/metrics

• Vulnerability Analysis: The legacy snapshot-level vulnerabilities endpoint is deprecated for removal in release 25.10. Use GET /api/networks/{networkId}/vulnerabilities instead.

  • Affected operation:

    • GET /api/snapshots/{snapshotId}/vulnerabilities

Model changes

• Vulnerability, VulnerabilityDeprecated:

  • Added knownExploitSource property.

  • Added weaknesses property.

  • Affected operations:

    • GET /api/networks/{networkId}/vulnerabilities[?snapshotId={snapshotId}]

    • GET /api/snapshots/{snapshotId}/vulnerabilities

Models removed

• Device source models: The following models have been removed as part of device source API cleanup:

  • DeviceSource

  • DeviceSourcePatch

  • DeleteDeviceSourcesResult

Notable unpublished API changes

These changes affect internal or unpublished APIs that have no stability guarantees but are shared here for awareness:

• Added collect in network endpoint operations; collectionDisabled is deprecated for removal in 25.10.

• Updated discovered devices response: new properties cliCredentialId, httpCredentialId, snmpCredentialId, and jumpServerId replace deprecated snake_case versions (removal in 25.10).

• Removed unused /deviceConfigs operations (use /classic-devices and /device-tags instead).

• Removed snapshot-level device operations that were migrated to /api/networks/{networkId}/... in 25.8.

• Removed a deprecated NQE queryResults variant; use POST /api/nqe/queryResults?snapshotId={snapshotId}&resultKey={resultKey} instead.