Code42 API release notes

Overview

This article lists release notes for Code42 APIs. Click a month below to expand or collapse the details.

The deprecated items described in this article will become obsolete one year from the announcement date, in accordance with our standard practice to end support one year after deprecation. If you have Code42 API scripts that use the deprecated items, update the scripts before the end-of-life date. If you do not update scripts, Code42 cannot guarantee the deprecated APIs will work as expected. If you need help, please contact our Technical Support Engineers.

Code42 Developer Portal
See the Code42 Developer Portal for more API documentation and resources. The portal provides:

A single access point for documentation of methods for Incydr, including Code42's REST API, Python SDK py42, and command-line interface (CLI)
A single request URL for Code42 API calls to each cloud instance
API reference documentation

Use the Code42 Developer Portal for your API needs as much as possible. APIs in the portal are the preferred way to integrate with Code42 for Incydr users. If you use Code42 APIs that do not appear on the Code42 Developer Portal, contact our Technical Support Engineers for guidance on the best way to integrate with Code42.

October 2022

Enhancements and updates

October 26, 2022

Added the following Legal Hold APIs to the Code42 Developer Portal. In the path examples, replace <matterId> with the legal hold matter's ID:
- Create a policy: POST /v1/legal-hold/policies
- Remove a user from a matter: POST /v1/legal-hold/matters/<matterId>/custodians/remove

October 6, 2022

Added support for API clients in the Code42 command-line interface (CLI). To use an API client with the CLI, create an API client and use its client ID and secret for authentication.
Added an Integration Guides section to the Code42 Developer Portal containing guides to integrate with Microsoft Sentinel using py42 or the Code42 command-line interface (CLI). For information on other integrations, see Code42 integrations resources.
Added a new version (v2) of Rules APIs and deprecated the previous version (v1). For complete documentation of the following v2 Rules APIs, see the Code42 Developer Portal:
- GET /v2/alert-rules/<ID>
- GET /v2/alert-rules
- POST /v2/alert-rules/<ID>/enable
- POST /v2/alert-rules/enable
- POST /v2/alert-rules/<ID>/disable
- POST /v2/alert-rules/disable
- DELETE /v2/alert-rules/<ID>/users
- GET /v2/alert-rules/<ID>/users

Deprecations

v1 Rules APIs

October 6, 2022

The previous version (v1) of the following Rules APIs in the Code42 Developer Portal are deprecated and replaced by a new version (v2).

Deprecated APIs	New APIs
`POST /v1/alert-rules/update-is-enabled` (v1 - Enable or disable a list of rules)	`POST /v2/alert-rules/enable` (v2 - Enables a set of rules) `POST /v2/alert-rules/disable` (v2 - Disables a set of rules) `POST /v2/alert-rules/<ID>/enable` (2 - Enables an individual rule by id) `POST /v2/alert-rules/<ID>/disable` (v2 - Disables an individual rule by id)
`POST /v1/alert-rules/add-users` (v1 - Add users to a rule's watch list)	NA
`POST /v1/alert-rules/remove-users` (v1 - Remove users from a rule's watch list)	NA
`POST /v1/alert-rules/remove-user-aliases` (v1 - Remove user aliases from a rule's watch list)	NA
`POST /v1/alert-rules/remove-all-users` (v1 - Remove all users from a rule's watch list)	`DELETE /v2/alert-rules/<ID>/users` (v2 - Removes all users from a rule's username filter)
`POST /v1/alert-rules/query-users` (v1 - Get users assigned to a given rule)	`GET /v2/alert-rules/<ID>/users` (v2 - Gets the username filter of a rule) `GET /v2/alert-rules/<ID>` (v2 - Gets the details of a single rule)
`POST /v1/alert-rules/query-cloud-share-permissions-rule` (v1 - Get details about a set of Cloud Share Permissions rules)	`GET /v2/alert-rules` (v2 - Gets all rules in the service)
`POST /v1/alert-rules/query-endpoint-exfiltration-rule` (v1 - Get details about a set of Endpoint Exfiltration rules)	`GET /v2/alert-rules` (v2 - Gets all rules in the service)
`POST /v1/alert-rules/query-file-type-mismatch-rule` (v1 - Get details about a set of File Type Mismatch rules)	`GET /v2/alert-rules` (v2 - Gets all rules in the service)
`POST /v1/alert-rules/query-file-name-rule` (v1 - Get details about a set of File Name rules)	`GET /v2/alert-rules` (v2 - Gets all rules in the service)

Alerts API to query rules

October 6, 2022

The POST /v1/alerts/rules/query-rule-metadata API (Query list of all rules in the alerting application) is deprecated and is replaced by the GET /v2/alert-rules API (v2 - Gets all rules in the service).

September 2022

Enhancements and updates

September 9, 2022

Added support for API clients in py42. To use an API client with py42, create an API client and use its client ID and secret to initiate the SDKClient.

September 7, 2022

The following Users APIs are added to the Code42 Developer Portal. In the path examples, replace <userId> with the user's unique ID:
- Get the roles associated with a user: GET /v1/users/<userId>/roles
- Update the roles associated with a user: PUT /v1/users/<userId>/roles
- Activate a user: POST /v1/users/<userId>/activate
- Deactivate a user: POST /v1/users/<userId>/deactivate
- Move a user to a specified organization: POST /v1/users/<userId>/move

Deprecations

Deprecated Legal Hold APIs that do not support pagination

September 22, 2022

Deprecated Legal Hold APIs that do not support pagination, and replaced them with APIs that support pagination and include totalSize in the response. Following are the deprecated Legal Hold APIs, with the corresponding new APIs to use in scripting.

Deprecated APIs Replaced by APIs
in the Code42 Developer Portal

GET /api/v31/legal-hold-policy/list

GET /v1/legal-hold/policies

(Get a list of policies)

GET /api/v31/legal-hold-matter/list

GET /v1/legal-hold/matters

(Get a list of matters)

GET /api/v31/legal-hold-membership/list

GET /v1/legal-hold/matters/<matterId>/custodians

(Get a list of matter custodians)

End of support

September 23, 2022

Removed the /api/AuthToken/ API for use in cloud storage. Because this API is called only in limited cloud storage scenarios, you are affected only if you use py42 version 1.25.1 or earlier to automate file restores. Upgrade your py42 instance to version 1.26 or higher.

August 2022

Enhancements and updates

August 1, 2022

Added the following case API to the Code42 Developer Portal. In the path example, replace <caseNumber> with the case's unique ID:
- Export some or all components of a case: GET /v1/cases/<caseNumber>/export/full

End of support

August 31, 2022

Removed support for the v3_user_token scheme originally deprecated in January 2022. The v3_user_token scheme is replaced by the Bearer scheme, which is the standard scheme for bearer tokens.

Use this header to pass the token:
Authorization: Bearer <token>

July 2022

Enhancements and updates

July 21, 2022

Added the following organization APIs to the Code42 Developer Portal. In the path examples, replace <orgGuid> with the organization's globally unique ID:
- Get a list of organizations: GET /v1/orgs
- Create an organization: POST /v1/orgs
- Get a specific organization: GET /v1/orgs/<orgGuid>
- Update a specific organization: PUT /v1/orgs/<orgGuid>
- Activate a specific organization: POST /v1/orgs/<orgGuid>/activate
- Deactivate a specific organization: POST /v1/orgs/<orgGuid>/deactivate

July 18, 2022

Added the following APIs in the Code42 Developer Portal to support building integrations with watchlists:
- Departments
  - Get a list of departments: GET /v1/departments
- Directory Groups
  - Get a list of directory groups: GET /v1/directory-groups

June 2022

Enhancements and updates

June 21, 2022

The v2/file-events API added new fields (see v2 - Search for file events in the Code42 Developer Portal):
- event.inserted: Indicates the date and time the event was received for indexing by Code42. This may differ slightly from the existing @timestamp field, which indicates the date and time the event was initially observed.
- destination.domains: The domain section of the URLs reported in destination.tabs.url.
- source.domains: The domain section of the URLs reported in source.tabs.url. (Note: Although similar in name, this field has no relation to source.domain, which reports the FQDN or IP address of the user’s device.)

May 2022

Enhancements and updates

May 20, 2022

Added a new version (v2) of File Events APIs and deprecated the previous version (v1). The data model for the APIs is improved with new groupings of data model elements in the response. For complete documentation of the following v2 File Event APIs, see the Code42 Developer Portal:
- /v2/file-events
- /v2/file-events/export
- /v2/file-events/grouping

May 19, 2022

Added support for watchlists in the Code42 command line interface.

May 18, 2022

Removed the email_promo parameter from the User endpoint, as it was no longer in use.

May 12, 2022

Added support for watchlists in py42.

Deprecations

May 20, 2022

The previous version (v1) of the following File Events APIs in the Code42 Developer Portal are deprecated and replaced by a new version (v2).
- /v1/file-events
- /v1/file-events/export
- /v1/file-events/grouping

May 18, 2022

Deprecated User APIs

Following are the deprecated User APIs, with the corresponding new APIs to use in scripting. For additional User APIs, see User APIs in the Code42 Developer Portal.

Deprecated API	Replaced by APIs in the Code42 Developer Portal
`PUT /api/UserBlock/<user_id>`	NA
`DELETE /api/UserBlock/<user_id>`	NA
`PUT /api/UserDeactivation/<user_id>`	`POST /v1/users/<userId>/deactivate` (Deactivate a user)
`DELETE /api/UserDeactivation/<user_id>`	`POST /v1/users/<userId>/activate` (Activate a user)
`POST /api/UserRole`	`PUT /v1/users/<userId>/roles` (Update the roles associated with a user)
`DELETE /api/UserRole?userId=<user_id>&roleId=<role_id>`	NA
`GET /api/UserRole/<userId>`	`GET /v1/users/<userId>/roles` (Get the roles associated with a user)
`POST /api/UserMoveProcess`	`POST /v1/users/<userId>/move` (Move a user to a specified organization)

Note: In the path examples, replace <userId> with the user's unique ID.

Deprecated Org APIs

Following are the deprecated Org APIs, with the corresponding new APIs to use in scripting. For additional Org APIs, see organization APIs in the Code42 Developer Portal.

Note: In the path examples, replace <orgGuid> with the organization's unique ID.

Deprecated APIs	Replaced by APIs in the Code42 Developer Portal
`GET /api/v1/Org`	`GET /v1/orgs` (Get a list of organizations)
`POST /api/v1/Org`	`POST /v1/orgs` (Create an organization)
`PUT /api/v1/Org`	`PUT /v1/orgs/<orgGuid>` (Update a specific organization)
`PUT /api/v1/OrgBlock`	NA
`DELETE /api/v1/OrgBlock`	NA
`PUT /api/v1/OrgDeactivation`	`POST /v1/orgs/<orgGuid>/activate` (Activate a specific organization)
`DELETE /api/v1/OrgDeactivation`	`POST /v1/orgs/<orgGuid>/deactivate` (Deactivate a specific organization)

February 2022

Enhancements and updates

February 28, 2022

Added Watchlists APIs in the Code42 Developer Portal to support building integrations with watchlists.

February 17, 2022

Removed the lastLoginDate parameter from the User resource.

Deprecations

February 28, 2022

Deprecated Detection Lists APIs in the Code42 Developer Portal. Detection List APIs are replaced by Watchlists APIs.

January 2022

Enhancements and updates

January 26, 2022

The www-authenticate header is removed from the Code42 API. As a result, making an API call with basic authentication is no longer supported in a web browser (for example to download a CSV file). To make API calls, use programming, or tools like Postman or cURL. Also as a result of this change, basic authentication of Code42 APIs is no longer supported in PowerShell unless you set a request header for authentication.

Deprecations

Basic authentication

January 26, 2022

Basic authentication is deprecated for APIs in the Code42 Developer Portal and is replaced by API clients. Basic authentication will continue to be supported for APIs not in the Code42 Developer Portal. This change is being made to align with security best practices for least privilege integrations.

Following are examples of basic authentication API calls that are now deprecated:

Basic authentication:

curl -u "<username>:<password>" <RequestURL>/<Resource>

Basic authentication to obtain an authentication token:

curl -X GET -u "<username>:<password>" <RequestURL>/v1/auth

This also includes using basic authentication to obtain an authentication token when a second factor (TOTP) token is required. For example:

curl -X -H "totp-auth: <totp_token" GET -u "<username>:<password>" <RequestURL>/v1/auth

In the path examples, replace <RequestURL> with the URL path for your Code42 cloud. For more information, see Code42 API authentication methods.

Inconsistent API URL paths

January 26, 2022

Code42 is deprecating inconsistent Code42 API URL paths and is replacing them with unified URL paths across all APIs. This change only affects Code42 customers who use the older Code42 API paths in scripting. This change does not affect you if you use invocations from the Code42 Developer Portal.

Following are the deprecated paths, with the corresponding new paths to use in scripting.

Deprecated URL paths	New URL paths
`<RequestURL>/<resource>`	`<RequestURL>/api/v1/<Resource>`
`<RequestURL>/api/<resource>`	`<RequestURL>/api/v1/<Resource>`
`<RequestURL>/<webapp>/api/<resource>`	`<RequestURL>/api/v1/<Resource>`
`<RequestURL>/<webapp>/api/v1/<resource>`	`<RequestURL>/api/v1/<Resource>`
`<RequestURL>/<webapp>/api/v2/<resource>`	`<RequestURL>/api/v2/<Resource>`
`<RequestURL>/c42api/v3/<resource>`	`<RequestURL>/api/v3/<resource>`

Note the following:

In the path examples, replace <RequestURL> with the URL path for your Code42 cloud. For example:
- United States
  - US1: https://console.us.code42.com
  - US2: https://console.us2.code42.com
  - US3: https://console.gov.code42.com (Code42 federal environment only)
- Ireland
  - EU1: https://console.ie.code42.com
Those instances where the initial character of v1 and v2 resources were lowercase, they must now begin with an uppercase character. The capitalization of resources in v3 and higher APIs is unchanged.
In the examples, <webapp> is one of the following: account, app, business, client-management, console, consumer, enterprise, enterprise-store, legal-hold, login, partner, reporting, search, security, or subscriptions.

v3_user_token scheme

January 26, 2022

The v3_user_token scheme is deprecated and is replaced by the Bearer scheme, which is the standard scheme for bearer tokens.

Following is the deprecated header used to pass a user token to an API:
Authorization: v3_user_token <token>

Going forward, use this header instead to pass the token:
Authorization: Bearer <token>

Auth/jwt API endpoint

January 26, 2022

The /c42api/v3/auth/jwt endpoint is now deprecated as a method for obtaining an OAuth token and is replaced by API clients.

APIs that do not support API clients

January 26, 2022

The following APIs are deprecated because they do not support API clients.

If you perform all your API integrations using APIs in the Code42 Developer Portal, the following API deprecations do not affect you since APIs in the Code42 Developer Portal support API clients.

Deprecated Legal Hold APIs

Following are the deprecated Legal Hold APIs, with the corresponding new APIs to use in scripting.

Deprecated APIs	Replaced by APIs in the Code42 Developer Portal
`GET /api/v4/legal-hold-policy`	`GET /v1/legal-hold/policies` (Get a list of policies)
`POST /api/LegalHoldResource`	`POST /v1/legal-hold/matters` (Create a matter)
`GET /api/LegalHoldResource`	`GET /v1/legal-hold/matters` (Get a list of matters)
`GET /api/LegalHoldResource`	NA
`GET /api/LegalHoldSummary/<legalHoldUid>`	`GET /v1/legal-hold/matters/<matterId>` (Get a matter)
`GET /api/LegalholdSummary?activeState=<ACTIVE\|INACTIVE\|ALL>`	`GET /v1/legal-hold/matters` (Get a list of matters)
`GET /api/LegalHoldEventResource?legalHoldUid=<legalHoldUid>`	NA
`GET /api/LegalHoldEventResource`	NA
`POST /api/LegalHoldMembershipResource`	`POST /v1/legal-hold/matters/<matterId>/custodians` (Add a user to a matter)
`GET /api/LegalHoldMembershipResource?userUid=<userUid>`	`GET /v1/legal-hold/custodians/<userId>` (Get a list of matters for a user)
`GET /api/LegalHoldMembershipResource?legalHoldUid=<legalHoldUid>`	`GET /v1/legal-hold/matters/<matterId>/custodians` (Get a list of matter custodians)
`GET /api/LegalHoldMembershipResource/<legalHoldMembershipUid>`	NA
`POST /api/LegalHoldMembershipDeactivation`	NA

Previous release notes

Prior to January 2022, API release notes were incorporated into our general release notes. See Previous version release notes.

Overview

October 2022

Enhancements and updates

Deprecations

v1 Rules APIs

Alerts API to query rules

September 2022

Enhancements and updates

Deprecations

Deprecated Legal Hold APIs that do not support pagination

End of support

August 2022

Enhancements and updates

End of support

July 2022

Enhancements and updates

June 2022

Enhancements and updates

May 2022

Enhancements and updates

Deprecations

Deprecated User APIs

Deprecated Org APIs

February 2022

Enhancements and updates

Deprecations

January 2022

Enhancements and updates

Deprecations

Basic authentication

Inconsistent API URL paths

v3_user_token scheme

Auth/jwt API endpoint

APIs that do not support API clients

Deprecated Legal Hold APIs

Previous release notes

Related topics