Cato API Potentially Breaking Changes and EoL

This article is a platform for notifications on potentially breaking changes and end-of-life (EoL) announcements for the Cato GraphQL API schema and contains information that might require you to update the API client.

The API terms used in this article are explained in What is the Cato API.

For any customers using the Cato API, we recommend that you click Follow to automatically receive email notifications for updates to this article about breaking changes to the API. You can also see more information about new and updated APIs in the Cato API Changelog.

For more information about the APIs, see the Cato Networks GraphQL API Reference.

Potentially Breaking Changes

eventsFeed Query API Supports Fetching the Most Recent Events - April 27, 2025

The eventsFeed API uses a marker to enable iteratively pulling the events feed. The Marker field shows an identifier that indicates the start of a new iteration to fetch events. The API reads events from the queue based on the unique Marker field, and provides the next marker location in the response. If there are no new events in the queue, then the Marker field is empty

An alternative events consumption model is to use the direct no-code integration, see Integrating Cato Events with AWS S3 and Integrating Cato Events with Azure Storage Account.

What did we change? 

  • Previously, when the marker was not specified, the API returned the oldest available marker. This required consuming the entire event queue before reaching the most recent events.

  • Starting from April 27, 2025, if no marker is specified, the API returns the most recent marker. This allows the API to pull the most recent events directly.

Is it a breaking change? 

  • There is no impact for most use cases of the eventsFeed API. There is no change when the Marker field is used for a query, and the events feed consumption logic is the same.

  • If you have a dedicated logic to consume the queue to reach the recent events, this logic is no longer required.

    • Now, if no input marker is specified, the API provides the most recent marker. Calling the API with this marker fetches the most recent events

    • The API response contains a marker that points to the most recent (top of the queue) location

    • The corresponding scripts and automated processes should be updated

Change for XDR API, limit=0 No Longer Supported - Feb 9, 2025

We changed the functionality of the limit field so that limit=0 is no longer supported because this isn’t considered a best practice. To ensure continued smooth operation, you need to update any scripts or queries that rely on this parameter. Instead, you can set a limit between 1-2000, which the API fully supports.

If you need to retrieve all stories, we recommend using a pagination approach.

Upcoming End-of-Life Announcements

Upcoming EoL for EventFieldName Field in FieldNameInput - June 8, 2025

  • The auditFeed query API accepts a list of filters using the AuditFieldFilterInput type. Each filter includes a fieldName defined by the type FieldNameInput, which currently includes two input fields: AuditFieldName and EventFieldName.

  • However, only AuditFieldName is a valid and supported input field. To improve schema clarity and avoid confusion, the EventFieldName field will be removed from the schema on June 8, 2025.

  • Update all scripts and queries that use auditFeed filters to only use the AuditFieldName input field.

Upcoming EoL for LastMileBwInput, InterfaceInfo, and SocketInterfaceBandwidthInput Types - June 30, 2025

The following fields and types in the LastMileBWInput API are currently marked as Deprecated and are scheduled for end-of-life (EoL) on June 30, 2025.

Please use the recommended fields and types instead.

Deprecated Type

Recommended Type

downstream

downstreamMbpsPrecision

upstream

upstreamMbpsPrecision

The following fields and types in the InterfaceInfo API are currently marked as Deprecated and are scheduled for end-of-life (EoL) on June 30, 2025.

Please use the recommended fields and types instead.

Deprecated Type

Recommended Type

downstreamBandwidth

downstreamBandwidthMbpsPrecision

upstreamBandwidth

upstreamBandwidthMbpsPrecision

The following fields and types in the SocketInterfaceBandwidthInput API are currently marked as Deprecated and are scheduled for end-of-life (EoL) on June 30, 2025.

Please use the recommended fields and types instead.

Deprecated Type

Recommended Type

downstreamBandwidth

downstreamBandwidthMbpsPrecision

upstreamBandwidth

upstreamBandwidthMbpsPrecision

  • EoL Scheduled for June 30, 2025

Previous End-of-Life Announcements

Upcoming EoL for EventFieldName Types - May 1, 2025

The following fields and types in the EventFieldName API are currently marked as Deprecated and are scheduled for end-of-life (EoL) on May 1, 2025.

Please use the recommended fields and types instead.

Deprecated Type

Recommended Type

application

application_id/application_name

custom_categories

custom_category_id/custom_category_name

custom_category

custom_category_id/custom_category_name

dest_site

dest_site_id/dest_site_name

device_posture_profiles

device_posture_profile

internalId

event_id

rule

rule_name

src_site

src_site_id/src_site_name

  • EoL Scheduled for May 1, 2025

EoL for bgp_peer_description - April 15, 2025

The bgp_peer_description field in the EventFieldName API was marked as Deprecated and is end-of-life (EoL) as of April 15, 2025.

EoL for EventFieldName Types - March 1, 2025

The following fields and types in the EventFieldName API were marked as Deprecated and are end-of-life (EoL) as of March 1, 2025.

Please use the recommended fields and types instead.

Deprecated Type

Recommended Type

parent_pid

src_process_parent_pid

pid

src_pid

process_path

src_process_path

EoL for StoryDrillDownFilter value Field - Feb 23, 2025

The following field in the StoryDrillDownFilter Beta API was marked as Deprecated and is end-of-life (EoL) as of Feb 23, 2025.

Please use the recommended fields and types instead.

Deprecated Type

Recommended Type

value

values

Upcoming EoL for Some SubTypes of Cato Event Data - Update Feb 11, 2025

Following the announcement of EoL for some SubType values used in the event consumption APIs related to the Cato Clients, the rollout is paused for accounts that use the Ireland CMA location (cc.catonetworks.com) for the following fields:

Deprecated Type

Recommended Type

Reconnected

Connected or Disconnected

Changed PoP

Connected or Disconnected

(The PoP name is returned in the lastPopName field.)

EoL for Event SubTypes - Jan 2, 2025

The following fields and types related to the Cato Client were marked as Deprecated and are end-of-life (EoL) as of January 2, 2025.

Please use the recommended fields and types instead.

Deprecated Type

Recommended Type

Notes

VPN Never-Off-Bypass

Always-On Bypass

The VPN Never-Off-Bypass SubType value is being replaced with the value Always-On Bypass

Reconnected

Connected or Disconnected

To increase granularity, the Reconnected SubType value is being split into 2 new values, Connected and Disconnected

Changed PoP

Connected or Disconnected

(The PoP name is returned in the lastPopName field)

To increase granularity, the Changed PoP SubType value is being split into 2 new values, Connected and Disconnected

Was this article helpful?

0 out of 1 found this helpful

5 comments