Security Command Center API Migration Guide

Security Command Center v1beta1 API will be disabled on January 31, 2021. You are required to migrate to Security Command Center v1 API, which is now in general availability. This page provides instructions for migrating from Security Command Center v1beta1 API to Security Command Center v1 API. Learn more about using the Security Command Center API.

Client Libraries

Customers migrating to v1 API must update to the latest v1 API Client Libraries, which update "v1beta1" endpoints to "v1" automatically.

You can move your client libraries and HTTP/grpc calls to v1 by following instructions in the reference documentation for service endpoints and SDK configuration.

We recommend that you call this service using Google-provided client libraries. If your application is configured to call this service using your own libraries, follow the guidance in our Security Command Center API Overview when making API requests.

For most uses of the v1beta1 API, changing the “v1beta1” endpoint to “v1” is sufficient to continue using your integrations. Base URLs should be updated to v1 as shown below.

  • v1beta1: https://securitycenter.googleapis.com/v1beta1/…
  • v1: https://securitycenter.googleapis.com/v1/…

ListFindings change

In addition to updating service endpoints as previously described, additional steps are needed for customers that use ListFindings calls. The ListFindingsResponse object returns additional data in the v1 API. To use in the v1 API, update your response handling to respond to an extra layer of object nesting.

The example code below shows the difference in response handling for ListFindingsResponse in the v1 and v1beta1 APIs.

  • v1: response.getListFindingsResults().forEach(x -> { x.getFinding(); .... })
  • v1beta1: response.getFindings().forEach( x -> ....)

You can see the extra layer of nesting in the ListFindingsResponse object by comparing the JSON representation for responses to ListFindings calls in the v1 and v1beta1 APIs.

ListFindings calls in the v1 API return an array of listFindingsResults objects, each of which contain afinding object. A resource object, which contains display names for organizations and projects, is also returned. If compareDuration is supplied during the request, a stateChange variable, which indicates the state change of a finding between points in time, is returned.

The code snippet below shows the format for the listFindingsResults array.

{
  "listFindingsResults": [
    {
      "finding": {
        object (Finding)
      },
      "stateChange": enum (StateChange),
      "resource": {
        object (Resource)
      }
    }
  ]
}

ListFindings calls in the v1beta1 API return finding objects as elements of a findings array. The code snippet below shows the format for the findings array.

{
  "findings": [
    {
      object (Finding)
    }
  ]
}

Additional API changes

Read the Security Command Center release notes for details on other significant changes to the v1 API.