Lacework API v1 Deprecation - FAQs
What do I need to know?
In order to support new RBAC capabilities and other platform features, Lacework will no longer support API v1 as of April 3, 2023. We enhanced the capabilities of Lacework APIs with the introduction of API 2.0 last year.
How will I benefit from enabling Lacework API 2.0?
Lacework API 2.0 offers an expanded set of new features and functionalities that improves your access to Lacework data. By upgrading to API 2.0, you can take advantage of new features that include:
Improved visibility into your data: We’ve introduced pagination (expanded row returns) for our APIs. In API v1 we returned 5K rows, and with Lacework API 2.0, we can now return up to 500K rows. This reduces the amount of calls needed to get more data returned from the APIs.
Increased scalability: To make it easier to collect data from Lacework for your own reporting needs and integrate with your other tools, we have improved the rate limits needed to return more fields. We have optimized API 2.0 to require less endpoints in order to return a greater number of fields with more data.
Increased API parity with UI workflows: Lacework API 2.0 introduces over 20 new endpoints to closely match existing functionality in the UI. We will continue to launch new endpoints as new features become available.
Improved documentation: Lacework API 2.0 documentation now includes detailed descriptions and examples of how to use endpoints.
What do I need to do?
We encourage you to adopt API 2.0 by updating your scripts to the latest API 2.0 endpoints. You will also need to update:
The Lacework CLI to version 1.0.0 or above.
Terraform provider for Lacework to version 1.0.0 or above.
Terraform modules to their latest versions.
What happens if I do not disable API v1?
API v1 will no longer be available starting April 3, 2023.
You will not have access to new RBAC features.
You will not have access to the new CSPM benchmarks.
What limitations should I be aware of?
If you enable the new role-based access control (RBAC) capabilities, you will not longer be able to access API v1.
Terraform and the Lacework CLI now leverage Lacework API 2.0 endpoints. Please make sure you update your scripts to the latest versions of the Lacework CLI, Terraform provider and modules.
Adoption of API 2.0 impacts the exception migrations script for CSPM policy suppressions. Please use the UI to perform the migration instead of the API and refer to the CSPM Deprecation FAQ.
We do not have a 1:1 mapping of all v1 endpoints to API 2.0 endpoints; however, all previously available data should still be available. For example, in some cases, two calls may have been combined into one, or an endpoint may have been renamed. Please use the cheat sheet below for reference.
Where can I find documentation?
See Lacework API 2.0 documentation.
What is the mapping from API v1 to API 2.0?
We’ve migrated a total of twelve v1 Vulnerability APIs to API 2.0. We have reduced the number of 2.0 Vulnerability APIs from v1 in order to reduce the number of calls required to access the vulnerability data in its entirety. The 2.0 release includes additional field responses and the ability to filter within the request body of the API.
For information on container data field mappings in container vulnerability APIs, see Lacework API v1 Deprecation - Container Data Mapping.
For more information or examples on any specific vulnerability v2 API, see the Lacework API 2.0 documentation.
Lacework API 2.0 offers two new types of endpoints for all webhooks: server tokens and signatures. Webhooks are generic and not limited to vulnerabilities.
For more information, see the Lacework API 2.0 documentation.
A total of five v1 APIs have been migrated to Lacework API 2.0. You can find the 2.0 APIs under "Reports" in API 2.0. You can search compliance evaluations for specified cloud providers in body filters (AWS, GCP, Azure) and filter by time range. For more information or examples on any reports 2.0 APIs, see the Lacework API 2.0 documentation.
A total of two API v1 events endpoints have been migrated. Note that “Events” will be changed to “Alerts” in API 2.0.
We have also added new APIs in Alerts, such as the “Events” endpoint, which includes data on current evidence in the UI.
We changed these names to more closely align with industry standards. For more information or examples of alert v2 APIs, see the Lacework API 2.0 documentation.
A total of six API v1 recommendations endpoints have been migrated to API 2.0. These new endpoints are based on LQL (Lacework Query Language). You can find them under the “Policies” endpoint in API 2.0. For more information or examples, see the Lacework API 2.0 documentation.
The legacy suppressions API will not work with the latest CSPM benchmarks. The equivalent API 2.0 endpoints are the “Exceptions” endpoints. For more information, see the Lacework API 2.0 Policy Exceptions documentation or contact your account team.
Who should I contact with questions?
Contact your Lacework account team for any questions.