Changelog

This changelog lists additions and updates to the Kolide API, in chronological order.

Keep track of every change to the Kolide API.

This changelog lists additions and updates to the Kolide API, in chronological order.

April 28th, 2026

  • Improve SSF (Shared Signals Framework) spec compliance. The /.well-known/ssf-configuration discovery endpoint now advertises configuration_endpoint and verification_endpoint as required by the SSF spec. Push streams now support an authorization_header field — when set, Kolide includes it as the Authorization header on every SET delivery to that stream’s endpoint, enabling push receivers that require authentication.
  • Fix SSF stream API responses where the delivery field was returned as a JSON string instead of an object. If you worked around this by parsing the delivery field manually, that workaround can now be removed.

April 20th, 2026

  • Add percent_passing field to GET /checks and GET /checks/{id}. This integer (0–100) represents the percentage of targeted devices currently passing the check, enabling programmatic compliance monitoring and alerting workflows.

April 7th, 2026

April 2nd, 2026

February 2nd, 2026

  • Add last_seen_at field to GET /devices and GET /devices/{id}. This timestamp indicates when the device last communicated with the Kolide servers.

October 13th, 2025

October 3rd, 2025

August 5th, 2025

  • Add searchable person_name field in the /auth_logs endpoint.
  • Add searchable person_email field in the /auth_logs endpoint.
  • Add searchable person_id field in the /auth_logs endpoint.
  • Add searchable device_id field in the /auth_logs endpoint.
  • Add searchable result field in the /auth_logs endpoint.

July 24th, 2025

  • Add reporting/queries/{queryId}/results endpoint providing paginated reporting query results.
  • Allow omitting results in the /reporting/queries and /reporting/queries/{id} endpoints through the omit_results=1 URL query parameter. API responses may time out for reporting queries with large resultsets. In such cases, results can be omitted from these responses by including a URL query parameter of omit_results=1. To retrieve query resultsets in a paginated fashion, use the new /reporting/queries/{queryId}/results endpoint.

March 14th, 2025

February 4th, 2025

  • Add searchable id field in the /people endpoint.

January 21st, 2025

January 17th, 2025

December 12th, 2024

  • Add kolide_provided field in the /checks endpoint.

November 19th, 2024

November 14th, 2024

October 21st, 2024

October 3rd, 2024

September 11th, 2024

September 6th, 2024

  • Add searchable check_slug field in the checks endpoint.

July 24th, 2024

July 2nd, 2024

June 27th, 2024

  • Add more detailed ‘actor’ information to audit_logs list and show endpoints.

June 21st, 2024

  • Add support for admin_users.created webhook events. This event is sent when a new admin user is created.

June 17th, 2024

Bug fix: This makes the responses match the documented types.

June 15th, 2024

June 3rd, 2024

March 28th, 2024

March 21st, 2024

  • Add support for auth_logs.failure webhooks. This event is sent when an end-user attempts to authenticate through Kolide but never successfully finishes the authentication attempt.

March 12th, 2024

  • Add will_block_at filtering to /devices endpoint.

March 11th, 2024

  • Add support for auth_logs.success webhooks. This event is sent when an end-user successfully completes an SSO authentication through Kolide.

March 5th, 2024

  • Add searchable last_rechecked_at field in the issues endpoint.

January 22nd, 2024


By accessing or using 1Password Developer Tools, you agree to the API and SDK Terms of Service.



Published: