Skip to main content

Lacework API v1 Deprecation - FAQs

What do I need to know?

We have enhanced the capabilities of Lacework APIs with the introduction of Lacework API 2.0 this year.

Please note that Lacework API v1 is approaching end of life and will no longer function with the Lacework platform beginning January 1, 2023.

How will I benefit from enabling Lacework API 2.0?

Lacework API 2.0 offers an expanded set of new features and functionalities that improves your access to Lacework data. By upgrading to API 2.0, you can take advantage of new features that include:

  • Improved visibility into your data: We’ve introduced pagination (expanded row returns) for our APIs. In API v1 we returned 5K rows, and with Lacework API 2.0, we can now return up to 500K rows. This reduces the amount of calls needed to get more data returned from the APIs.

  • Increased scalability: To make it easier to collect data from Lacework for your own reporting needs and integrate with your other tools, we have improved the rate limits needed to return more fields. We have optimized API 2.0 to require less endpoints in order to return a greater number of fields with more data.

  • Increased API parity with UI workflows: Lacework API 2.0 introduces over 20 new endpoints to closely match existing functionality in the UI. We will continue to launch new endpoints as new features become available.

  • Improved documentation: Lacework API 2.0 documentation now includes detailed descriptions and examples of how to use endpoints.

What do I need to do?

We encourage you to adopt API 2.0 by updating your scripts to the latest API 2.0 endpoints. You will also need to update:

  • The Lacework CLI to version 1.0.0 or above.

  • Terraform provider for Lacework to version 1.0.0 or above.

  • Terraform modules to the latest versions.

What happens if I do not disable API v1?

  • API v1 will no longer be available in January 2023.

  • You will not have access to new RBAC features.

  • You will not have access to the new CSPM benchmarks.

What limitations should I be aware of?

  • If you are participating in the RBAC Public Preview, please note that once you adopt the RBAC functionality, you will no longer be able to access API v1.

  • All Terraform and CLI will be updated by December 2022 to leverage Lacework API 2.0 endpoints. Please make sure you update your scripts to the latest versions of the Lacework CLI, Terraform provider and modules.

  • Adoption of API 2.0 impacts the exception migrations script for CSPM policy suppressions. Please use the UI to perform the migration instead of the API and refer to the CSPM Deprecation FAQ.

  • We do not have a 1:1 mapping of all v1 endpoints to API 2.0 endpoints; however, all previously available data should still be available. For example, in some cases, two calls may have been combined into one, or an endpoint may have been renamed. Please use the cheat sheet below for reference.

Where can I find documentation?

See Lacework API 2.0 documentation.

What is the mapping from API v1 to API 2.0?

Cheet Sheet:

Vulnerability APIs

We’ve migrated a total of twelve v1 Vulnerability APIs to API 2.0. We have reduced the number of 2.0 Vulnerability APIs from v1 in order to reduce the number of calls required to access the vulnerability data in its entirety. The 2.0 release includes additional field responses and the ability to filter within the request body of the API.

For information on container data field mappings in container vulnerability APIs, see Lacework API v1 Deprecation - Container Data Mapping.

For more information or examples on any specific vulnerability v2 API, see the Lacework API 2.0 documentation.

Webhooks

Lacework API 2.0 offers two new types of endpoints for all webhooks: server tokens and signatures. Webhooks are generic and not limited to vulnerabilities.

For more information, see the Lacework API 2.0 documentation.

Compliance APIs

A total of five v1 APIs have been migrated to Lacework API 2.0. You can find the 2.0 APIs under "Reports" in API 2.0. You can search compliance evaluations for specified cloud providers in body filters (AWS, GCP, Azure) and filter by time range. For more information or examples on any reports 2.0 APIs, see the Lacework API 2.0 documentation.

Events APIs

A total of two API v1 events endpoints have been migrated. Note that “Events” will be changed to “Alerts” in API 2.0.

We will also add new APIs in Alerts, such as the “events” endpoint that includes data on current evidence in the UI.

We changed these names to more closely align with industry standards. For more information or examples of alert v2 APIs, see the Lacework API 2.0 documentation.

Recommendations APIs

A total of six API v1 recommendations endpoints have been migrated to API 2.0. These new endpoints are based on LQL (Lacework Query Language). You can find them under the “Policies” endpoint in API 2.0. For more information or examples, see the Lacework API 2.0 documentation.

Suppressions APIs

The legacy suppressions API will no longer work with the latest CSPM benchmarks. Migration to these new benchmarks will take place from October through December. Please reach out to your account team for more information. The new API 2.0 endpoint to support this will be “Exceptions”. For more information, see the Lacework API 2.0 documentation.

Who should I contact with questions?

Please reach out to your Lacework Customer Success team for any questions.