Skip to main content

List Change Requests

Get a list of Change Requests by sending an HTTPS POST request to https://graph.prod.firemon.cloud/graphql

The Authorization header of the request should be the IdToken obtained by authentication.

The body of the request should be in the following format:

{
  "query": "query changeRequests($nextPageKey: String, $limit: Int) { changeRequests(nextPageKey: $nextPageKey, limit: $limit) { pageInfo { nextPageKey } items { id parentPath projectId createdAt createdBy name } } }",
  "operationName": "changeRequests",
  "variables": {}
}

If nextPageKey is null then the response includes all change requests. Otherwise, the next page can be obtained by including nextPageKey in the variables of another request:

{
  "query": "query changeRequests($nextPageKey: String, $limit: Int) { changeRequests(nextPageKey: $nextPageKey, limit: $limit) { pageInfo { nextPageKey } items { id parentPath projectId createdAt createdBy name } } }",
  "operationName": "changeRequests",
  "variables": "{\"nextPageKey\": \"NextPageKey\"}"
}

The full GraphQL query to get a page of change requests with all fields:

query changeRequests($nextPageKey: String, $limit: Int) {
  changeRequests(nextPageKey: $nextPageKey, limit: $limit) {
    pageInfo {
      nextPageKey
    }
    items {
      id
      parentPath
      projectId
      createdAt
      createdBy
      name
      results {
        boundaryAction
        boundaryId
        boundaryName
        isMatch
        message
        state
      }
      rules {
        action
        justification
        comment
        owner
        expiration
        destinations {
          ...NetworkObjectFragment
        }
        services {
          ...ServiceObjectFragment
        }
        sources {
          ...NetworkObjectFragment
        }
      }
      state
      stateReason
      updatedAt
      updatedBy
    }
  }
}

fragment NetworkObjectFragment on NetworkObject {
  type
  ... on NetworkObjectCidr {
    cidr
  }
  ... on NetworkObjectConnectGroup {
    groupId
  }
  ... on NetworkObjectInventoryItem {
    itemKey {
      accountId
      region
      type
      id
    }
  }
}

fragment ServiceObjectFragment on ServiceObject {
  type
  ... on ServiceObjectCustomProtocol {
    protocol
  }
  ... on ServiceObjectIcmpV4 {
    icmpCode
    icmpType
  }
  ... on ServiceObjectIcmpV6 {
    icmpCode
    icmpType
  }
  ... on ServiceObjectTcp {
    portEnd
    portStart
  }
  ... on ServiceObjectUdp {
    portEnd
    portStart
  }
  ... on ServiceObjectPortRangeSize {
    maxSize
  }
}

An example using cURL

curl --request POST \
 --url https://graph.dev2.firemon.cloud/graphql \
 --header 'Authorization: IdToken' \
 --data '{"query":"query changeRequests($nextPageKey: String, $limit: Int) { changeRequests(nextPageKey: $nextPageKey, limit: $limit) { pageInfo { nextPageKey } items { id parentPath projectId createdAt createdBy name results { boundaryAction boundaryId boundaryName isMatch message state } rules { action justification comment owner expiration destinations { ...NetworkObjectFragment } services { ...ServiceObjectFragment } sources { ...NetworkObjectFragment } } state stateReason updatedAt updatedBy } }}fragment NetworkObjectFragment on NetworkObject { type ... on NetworkObjectCidr { cidr } ... on NetworkObjectConnectGroup { groupId } ... on NetworkObjectInventoryItem { itemKey { accountId region type id } }}fragment ServiceObjectFragment on ServiceObject { type ... on ServiceObjectCustomProtocol { protocol } ... on ServiceObjectIcmpV4 { icmpCode icmpType } ... on ServiceObjectIcmpV6 { icmpCode icmpType } ... on ServiceObjectTcp { portEnd portStart } ... on ServiceObjectUdp { portEnd portStart } ... on ServiceObjectPortRangeSize { maxSize }}","operationName":"changeRequests","variables":{}}'

An example response:

{
  "data": {
    "changeRequests": {
      "pageInfo": {
        "nextPageKey": null
      },
      "items": [
        {
          "id": "d444f650-c15c-4f72-b77b-ea8a11bf2e34",
          "parentPath": "/4247001d-db11-4867-9108-6ef407df9fdd",
          "projectId": "4247001d-db11-4867-9108-6ef407df9fdd",
          "createdAt": "2025-07-31T16:05:01.799Z",
          "createdBy": "ead9f7bd-493e-4535-a858-b0a94ea2c1a6",
          "name": "test",
          "state": "Fail",
          "stateReason": "This request failed the following boundaries:\n* Rule allows TCP high ports",
          "updatedAt": "2025-07-31T16:09:55.251Z",
          "updatedBy": "ead9f7bd-493e-4535-a858-b0a94ea2c1a6",
          "results": [
            {
              "boundaryAction": "Fail",
              "boundaryId": "2f071324-84e7-4bee-9840-aa9770934291",
              "boundaryName": "Rule allows TCP high ports",
              "isMatch": false,
              "message": null,
              "state": null
            }
          ],
          "rules": [
            {
              "action": "Allow",
              "justification": null,
              "comment": null,
              "owner": null,
              "expiration": null,
              "destinations": [
                {
                  "type": "Any",
                  "negate": null
                }
              ],
              "services": [
                {
                  "type": "TCP",
                  "portEnd": 443,
                  "portStart": 443
                }
              ],
              "sources": [
                {
                  "type": "Cidr",
                  "cidr": "10.10.10.0/24",
                  "comparison": null,
                  "negate": null
                }
              ]
            }
          ]
        }
      ]
    }
  }
}