Q1 2026 delivers major upgrades across supplier management, administrative configuration, and risk feed access. Key releases: Supplier Management API v2, Feed API v2, Actions API, identifier management, user and role configuration, and supplier connection contacts. Legacy v1 endpoints are deprecated with a migration deadline of May 31, 2027.
January 2026
Supplier Management API v2
The legacy Sites-Upsert API (/public/v1/sites-upsert) required complex batch operations, large nested payloads, and asynchronous request tracking. The new Supplier Management v2 API (/public/v2/suppliers/sites) replaces this with standard REST operations, immediate responses, and clearer error handling.
Key improvements:
Simpler integration — standard POST / GET / DELETE patterns
Immediate feedback — synchronous responses with HTTP status codes and validation errors
Smaller payloads — 60–80% reduction, only essential fields returned
Flexible identification — find or deactivate suppliers using your own system IDs or Prewave IDs
Better error handling — errors returned immediately with actionable messages
Before (v1):
# Step 1: Submit a batch curl -X POST "https://api.prewave.ai/public/v1/sites-upsert/full" \ -H "X-Auth-Token: YOUR_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "siteData": [ { "yourReference": { "id": "SUP-001", "source": "SAP" }, "name": "Acme Corp", "countryCode": "AT", "locality": "Vienna", "addressLine": "123 Main St" } ], "dryRun": false }' # Response: { "requestId": "550e8400-e29b-41d4-a716-446655440000" } # Step 2: Poll for status curl "https://api.prewave.ai/public/v1/sites-upsert/full/550e8400-e29b-41d4-a716-446655440000" \ -H "X-Auth-Token: YOUR_API_TOKEN"After (v2):
curl -i -X POST "https://api.prewave.ai/public/v2/suppliers/sites" \ -H "X-Auth-Token: YOUR_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Acme Corp", "countryCode": "AT", "locality": "Vienna", "addressLine": "123 Main St", "supplierId": { "id": "SUP-001", "source": "SAP" } }'Response:
HTTP/1.1 202 Accepted Location: /public/v2/suppliers/sites/pending?uuid=550e8400-e29b-41d4-a716-446655440000 { "uuid": "550e8400-e29b-41d4-a716-446655440000", "status": "PENDING", "pendingEndpoint": "GET /public/v2/suppliers/sites/pending" }The Location header points to /public/v2/suppliers/sites/pending where you can track creation status.
Tracking supplier creation status
Suppliers enter a pending state while Prewave processes the request (matching, enrichment, screening). Processing typically takes a few hours. Use the uuid query parameter to track a specific request:
bash
curl "https://api.prewave.ai/public/v2/suppliers/sites/pending?uuid=550e8400-e29b-41d4-a716-446655440000" \ -H "X-Auth-Token: YOUR_API_TOKEN"
Once complete, the supplier moves out of /pending and appears in GET /public/v2/suppliers/sites.
Supplier Identifier Management
Identifiers link Prewave suppliers to records in your external systems — SAP vendor numbers, Coupa IDs, D&B DUNS numbers, etc.
Available endpoints:
Method | Endpoint | Description |
GET |
| List all suppliers |
POST |
| Create a supplier |
DELETE |
| Deactivate a supplier by identifier |
POST |
| Add an identifier to a supplier |
DELETE |
| Remove an identifier from a supplier |
GET |
| List pending suppliers |
GET |
| Find a supplier by any identifier |
Find a supplier by internal ID:
bash
curl "https://api.prewave.ai/public/v2/suppliers/sites/find-by-identifier?supplierId=VENDOR-12345&source=SAP" \ -H "X-Auth-Token: YOUR_API_TOKEN"
Add an identifier to an existing supplier:
curl -X POST "https://api.prewave.ai/public/v2/suppliers/sites/identifiers?prewaveId=102006215" \ -H "X-Auth-Token: YOUR_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "type": "SUPPLIER_ID", "id": "SUP-12345", "source": "SAP" }'Deactivate a supplier by external ID:
curl -X DELETE "https://api.prewave.ai/public/v2/suppliers/sites?supplierId=VENDOR-12345&source=SAP" \ -H "X-Auth-Token: YOUR_API_TOKEN"
Deprecations — migration deadline: May 31, 2027
Legacy v1 supplier and sites-upsert endpoints are deprecated. All deprecated endpoints return a Sunset HTTP header (RFC 8594) indicating the removal date. Migration to v2 is strongly recommended as soon as possible.
Supplier management:
Deprecated | Replacement | Notes |
|
| Paginated supplier list |
|
| Resolve identifier to supplier |
Sites upsert:
Deprecated | Replacement | Notes |
|
| Create suppliers individually |
|
| Create suppliers individually |
|
| Simplified pending tracking |
|
| — |
|
| List all active sites |
Removed endpoints
The following endpoints have been permanently removed:
Endpoint | Alternative |
| Use API tokens — see Authentication Guide |
|
|
|
|
|
|
|
|
|
|
February 2026
User and role management
Method | Endpoint | Description |
GET |
| List users |
GET |
| Get a user |
POST |
| Create a user |
PATCH |
| Update a user |
GET |
| List available roles |
GET |
| List roles for a user |
POST |
| Assign roles to a user |
DELETE |
| Remove a role from a user |
Supplier connection contacts
Method | Endpoint | Description |
GET |
| List connection contacts |
GET |
| Get a connection contact |
POST |
| Create a connection contact |
DELETE |
| Delete a connection contact |
Actions API
Method | Endpoint | Description |
GET |
| List actions |
GET |
| Get an action |
GET |
| List action statuses |
GET |
| List statuses by type |
GET |
| List action types |
GET |
| Get an action type |
March 2026
Feed v2
Method | Endpoint | Description |
GET |
| Feed v2 |
Available from March 19, 2026. See the OpenAPI / Swagger documentation for query parameters, pagination, and response schemas.
Questions?
Contact support at [email protected], reach out to your Customer Success Consultant, or visit help.prewave.com.