The Deep Security API was introduced in Deep Security 11.1.

December 19, 2019

A new recipe was added to the Cookbook: Assign a Policy to Many Computers

September 26, 2019

Added the API Cookbook to the Guides section. Cookbooks step you through a basic task using either Bash (cURL) or PowerShell.

August 14, 2019

Added the SDK Version Compatibility guide.

July 16, 2019

Added information about how to find when the last recommendation scan ran on a computer. See "Find when recommendation scans last ran" in the Assign Rules with Recommendation Scans guide

July 5, 2019

Tenant-related examples included code where tenant API keys attempted self-deletion, which is not allowed. The examples are corrected in the Authenticate and Interact with Tenants and Iterate over Tenants guides.

New in the Deep Security 12.0 API

The following changes have been made since the release of the Deep Security 11.3 API. Also see What's New in the Deep Security Help Center for information about general product changes.


  • Settings:

    • The /api/systemsettings, /api/policies and /api/computers endpoints enable you to get, modify, and reset a specific system, policy, and computer setting, respectively.
    • Exposed the firewallSettingSyslogConfigId setting

    • API rate limiting: Enabled API rate limiting to prevent malicious or accidental over-use. See API Rate Limits.

  • Computers:

    • Added a new query parameter expand to /api/computers that filters the data that is included in the response. The query parameter is available on the describe, list, and search operations. See the Performance Tips guide.
    • Expanded support in the /api/computers endpoint to enable searching on numerous objects. See the Computer field descriptions in the API reference to see what is searchable. Also see the Search for Resources guide.
    • Computers that are managed by an AWS cloud connector now contain the AWS account ID
  • Application Control: Capabilities have been introduced to the API:

    • The following API endpoints have been added: /api/applicationcontrolglobalrules, /api/rulesets, /api/softwarechanges, and /api/softwareinventories.
    • The following settings have been added to computerSettings for the Computers API: maintenanceModeState, maintenanceModeDuration, maintenanceModeStartTime (read-only), and maintenanceModeEndTime (read-only).
    • See Configure Application Control.
  • Agent deployment scripts: New API endpoint /api/agentdeploymentscripts. Use to generate Deep Security Agent deployment scripts for Linux, Windows or Solaris platforms. See Use the Deep Security Deployment Scripts

  • Anti-Malware Configurations: Enhanced validation and guidance around scan actions.
  • Administrators: Added validation to the /api/administrators endpoint to ensure primary contacts have emails.
  • Error reporting:

    • For the Generate an API Key for the Tenant operation, a new error message indicates when a tenant is not in an active state.
    • For rule assignment operations, error messages for rule dependency issues now include the ID of the dependent rule, for example when a rule is assigned to a policy and the rule depends on another rule that is not yet assigned.
    • Calls to to non-existent /api endpoints now return a 404 error instead of a 400 error.

Resolved issues

  • The deprecated quarantineRecordID field was removed from the response of the legacy AntiMalware Events API without notice. This issue is fixed in this release. The quarantineRecordID field was added back to the API response.
  • Fixed an issue where certain links to API keys did not work as expected.
  • When you use the API to create, modify, or delete a Security Update scheduled task, Send Policy is executed for the computer that is assigned the task.