API Versioning Strategy Updates

Upcoming Changes to the SailPoint API Versioning Strategy

We are planning a significant update to how SailPoint’s Identity Security Cloud APIs are versioned based on your feedback. This document outlines what is changing, why we are making these changes, and what they mean for you as an API consumer or integration developer.

:double_exclamation_mark: This is an additive change, you are NOT expected to migrate immediately. Though it is recommended to get the benefits of the new changes.

Post your questions directly in the thread below!

What Is Changing

SailPoint is moving away from a shared annual release model (e.g., v2024, v2025, v2026) toward true semantic versioning at the individual service level.

Under the new strategy, each API service will be versioned independently. A new major version of a service will only be introduced when that service’s usage contract actually changes, not because a new calendar year has arrived. The URL structure will follow a pattern like:

/accounts/v1

/identities/v2

/roles/v1

This gives customers a stable, predictable target. As long as a service’s contract is unchanged, your integration continues to work, indefinitely.

When a breaking change is genuinely required, a new version (e.g., v2) will be developed and released in parallel with the existing version, and the older version will enter a clearly defined deprecation schedule on its own timeline.

Why We Are Making This Change

The current annual versioning model has introduced a number of pain points for both customers and internal teams. The key issues driving this change are:

Customers Are Forced to Update Integrations Even When Nothing Changed

Under the current model, all APIs are rolled into a new version each year, regardless of whether any breaking changes were made to a particular service. This means a customer targeting v2024 may be required to update their integration paths or SDK method calls to v2026 even if the underlying service they use has not changed at all. There is no clear signal that a new yearly version contains meaningful differences for their specific use case.

With per-service versioning, a customer using /transforms/v1 will not need to change anything until SailPoint actually introduces a breaking change to the Transforms service and releases /transforms/v2.

NOTE: API routes can be versioned independently for example, POST /transforms/v2 could be created with a breaking change on how transforms are created but GET /transforms/v1 to list the transforms would remain unchanged.

New APIs Are Constrained to an Annual Window

If a service is not ready to ship by the cutoff for a given year’s release, it must wait for the next annual cycle. This delays meaningful improvements and limits teams’ ability to ship when they are ready.

With per-service versioning, any service can introduce a new version as soon as it is ready, independent of every other service.

The /latest Endpoint Is Unstable for Production Use

The current /latest alias was introduced to help reduce churn from yearly version changes, but it is inherently unsafe for production integrations. If a breaking change is introduced to any service, a customer using /latest can have their integration break without warning. The existence of /latest as a workaround signals that the annual versioning model is not meeting customer needs on its own.

If you are currently using /latest, we recommend migrating to an explicit versioned path before the legacy APIs are deprecated in Q1 of 2029. When you write your integration the most recent version available is essentially the same as using latest as it will only change if there is a breaking change.

Maintaining Multiple Year-Based Versions Is Expensive and Error-Prone

Each annual release requires duplicating the entire API collection. This process takes significant engineering time and frequently results in inconsistencies, mismatched descriptions, outdated examples, experimental headers that linger past their intended lifespan, and other documentation drift. Customers occasionally encounter an experimental API in v2025 and have no clear way to know whether the same API is stable in v2024 without manually navigating to the prior year’s documentation.

With independent service versioning, each service is documented once and updated in place. There is no duplication, and the experimental/stable boundary is clearer within a single service’s version history.

What Is Staying the Same

  • The distinction between public (production-ready) and experimental APIs remains. Experimental APIs may still introduce breaking changes and require an opt-in header.
  • The definition of breaking vs. non-breaking changes does not change.
  • Deprecated APIs will continue to remain operational for a defined transition window before being turned off, and deprecations will still be communicated through announcements, API specification notices, and response headers.

What This Means for You

Scenario Under Current Strategy Under New Strategy
A service you use has no changes this year You still need to update your integration path to the new year’s version when the old one is deprecated Your integration path stays the same until a breaking change is actually introduced
A breaking change is introduced to one service All services receive a new year-based version Only the affected service receives a new major version
You want to run v1 and v2 of the same service concurrently Not supported within the same year namespace Supported — both versions are accessible simultaneously
An experimental API you rely on graduates to public You need to find the stable version in the appropriate year’s docs The same service URL path moves to public status; the prior year lookup is not needed

Legacy APIs

Moving forward, Beta, V3 and the yearly versioned APIs (v202X) will be deprecated in favor of the new versioning process. Beta, V3 and the Yearly versions will be supported until Q2 of 2028, meaning that users can submit support tickets for these versions. After Q2 of 2028, users may no longer submit support tickets for these versions and will be asked to migrate to a supported version instead. These legacy endpoints will be end-of-life and no longer function Q1 of 2029.

Changes to developer.sailpoint.com API documentation

The documentation will flatten to just one collection, no more version dropdown.

How will I know if there is a new version of an endpoint or service?

When a new version of an endpoint is released it will have a badge next to the API corresponding to the version.

The initial v1 APIs have no badge. This will just be for new versions v2 and greater.

Changes to Postman Collections

The biggest change to the postman collections is that there will just be one single collection. You will not have to maintain and stay up to date with multiple collections across yearly versions.

Your existing environments remain unchanged, the pre-script to obtain a token for you works without modification. The underlying API routes in the collection itself are changed to support the new versioning, but how you are used to it functioning does not.

Changes to the SDKs

The SDKs will be updated with a major release and method signatures changed. The details of these changes will be introduced with the SDK changes themselves.

One benefit is that this allows for some structural changes within the SDKs allowing you to only bring in the methods important to you instead of loading in the whole SDK.

Migration Guidance

A full migration guide — including updated SDK documentation, Postman collection changes, and path mapping from the current year-based versions to the new per-service versions will be available shortly after the production release.

SailPoint will provide migration scripts to reduce the manual effort required.

If you have question when migrating to the newer service level versions please ask your questions in Identity Security Cloud (ISC) > ISC Discussion and Questions and tag it with api-versioning

Timeline

Roll out plan

Staging - 2026-06-22T14:00:00Z

  • New service/v1 service/v2 routes callable

Production - 2026-06-24T14:00:00Z

  • New service/v1 service/v2 routes callable
  • Changes to developer.sailpoint.com to support new versioning
  • Updated Postman collections

SDK Updates - 2026-07-01T14:00:00Z

  • Migration Docs and Scripts
27 Likes

This is great news! Looking forward to migrating some of our tooling to the new model.

A few questions I have that I couldn’t find in the explanation above (so could just be me missing something):

  1. How are we going to be informed about changes from version to version?
  2. Where can we find the documentation around the differences between each version?
  3. Will there be an easy to find list of ‘latest’ version for each service
  4. Is there still going to be a /latest endpoint (service/latest)
  5. What is the initial version going to be for each version? Is it all going to be v1, or are we going for a ‘whatever the current internal version is’, method? If the latter, can we get an overview that is easy to find?
7 Likes

We intend for the Announcements > API Deprecations category to be used for changes version to version and documentation as to api and schema level changes. When a new version is released the API documentation on developer.sailpoint.com will be updated as well.

Initially this will just be done with the badges, the latest version will be the highest v{x}. If this is not what you’re looking for could you describe how you might like to visualize which is the latest?

No, we believe the need for the /latest would be obsolete. In the prior strategy, /latest would likely have no breaking change as yearly versions were released. In this strategy, the version only increments when a breaking change needs to happen. So introducing a /latest and using it would almost certainly break your integrations.

Good call out! It was overwhelmingly preferred, per the results of the survey, to reset everything back to v1 going forward. We intend to generate a map of version to version to help visualize this. It would likely look something similar to this but for all APIs.

Service Legacy Version New Version
/transforms v3,v2024,v2025,v2026 v1
/accounts v3,v2024,v2025 v1
/accounts v2026 v2

When a new version of apis is released how long will the previous version work before being forced to migrate? This is great and will allow us to not have to update every year.

If you are asking about legacy APIs like v3/v2024/etc…

If you’re asking about a /accounts/v1/accounts/v2, that’s 3 years.

The old API will remain operational, unless there are underlying issues that would warrant a faster schedule. For example, a security vulnerability that needs patched.

Our contract to you is when a new version is released the old one will be deprecated and supported for 2 years, then 1 year un-supported in which you’ll be asked to migrate to the new version.

This is perfect thank you. This should be more than enough time for teams to be able to plan and migrate code to the newer versions.

2 Likes

You mention this

NOTE: API routes can be versioned independently for example, POST /transforms/v2 could be created with a breaking change on how transforms are created but GET /transforms/v1 to list the transforms would remain unchanged.

But does that mean a GET is not available on transforms/v2 so if you are doing a POST you would have to go to /transforms/v2 but for a GET you would have to go to /transforms/v1?

Or will the existing GET /transforms/v1 also be on /transforms/v2 ?

I suspect the answer should be no to my second question, it just starts to make configuration at my end more complex as I will need to not only change how the versioning is working, but also need to consider the HTTP Verb for each version.

Currently we are using v2024 APIs, which of the new v? does that map to?

Thanks
Mike

Sorry, just seen the mapping in response to another question, ignore that last question.

Another question on this one. It’s great that documentation is updated alongside the new version update. Are there plans to in addition share release notes as part of a new version released? Otherwise, I see us having to click ‘back and forth’ between different versions to notice a difference.

1 Like

Is this also going to apply to the NERM API’s?

I’m also curious whether the NERM APIs will follow the same versioning strategy and lifecycle as the other ISC APIs.

1 Like

So what’s the correct version now? v3?

The API docs still default to 2026

No, the listed v3 on the API docs is “legacy” and pre-dates even the annual releases.

Who ever thought that versioning annually would be a good idea?

As someone who has developed and maintained REST APIs with multiple millions of requests each day this would have been a non-starter with me. It just common sense that you don’t want to copy your whole API each year.

So this change is good. Even though I would have liked to see versioning via media type instead of path.

Thanks

That’s what I thought but wanted to confirm

Is there an timeline for when the v1/v2 API and docs will be updated? The timeline states that this should already be available as of 8am CST today

My apologies, I put the incorrect date for that one. The docs will go live Wednesday morning, to coincide with the production release!

I updated the timeline in the original post.

2 Likes

@tyler_mairose not sure if you have seen my question above

Hey @mikeq,

This will likely be a case by case basis. If the transforms were to change fundamentally, all methods GET/PUT/POST/etc.. would go into a new v2 version, but as I mentioned if there is an API that requires a breaking change to that method but doesn’t change anything else in other methods, that single API/method can be updated.

The thought here is to reduce the number of times our users are hitting their scripts for code changes. If this particular issue starts to become a problem, we can re-evaluate our process.

1 Like

Hey everyone, the updates are live and our developer.sailpoint.com site has been updated accordingly!

The API specs have been flattened and there is no more version drop downs. Legacy API documentation is available under the main API Specifications drop down.

We are deploying a change right now, live in the next ~30 minutes that will handle redirects if you’re coming from an existing link like https://developer.sailpoint.com/docs/api/v2026/get-transform

The postman collections have been updated here and are now a available in a single collection.

The old collections are still available under deprecated collections

NOTE: SDK documentation and updates are to be delivered the following week on July 1st.

2 Likes