Change Management
The Change Management endpoints expose the governed change register: change requests, configuration baselines, releases, system acceptances, and environment separation reviews.
This is a read-only surface in v1. Creating, approving, and closing change records happens in the Novantra UI (see the Change Management user guide).
For shared conventions (auth, errors, pagination, ID format), read v1 conventions first.
Scope required
| Endpoint | Scope |
|---|---|
| All read endpoints below | change-management:read |
Endpoints
List change requests
GET /api/v1/change-management/change-requests
Authorization: Bearer <access-token>Query parameters:
| Parameter | Type | Notes |
|---|---|---|
status | string | Optional. Filter by status. |
changeKind | string | Optional. Filter by kind. |
Response:
{
"changeRequests": [
{
"id": "chreq_01HXY...",
"changeRequestKey": "central-control-firmware-2026-q2",
"changeKind": "normal",
"title": "Central control firmware upgrade — Q2 2026",
"status": "approved",
"subjectModuleKey": "assets",
"subjectResourceType": "asset",
"subjectResourceId": "asset_01HXY...",
"ownerResponsibilityId": "ra_01HXY...",
"createdAt": "2026-04-01T08:21:43.000Z",
"updatedAt": "2026-04-15T14:08:33.000Z",
"scheduledAt": "2026-05-15T02:00:00.000Z"
}
],
"pagination": {}
}Get one change request
GET /api/v1/change-management/change-requests/:changeRequestId
Authorization: Bearer <access-token>Returns the single-record shape.
List configuration baselines
GET /api/v1/change-management/configuration-baselines
Authorization: Bearer <access-token>Captures the configuration of a subject at a moment in time.
List releases
GET /api/v1/change-management/releases
Authorization: Bearer <access-token>Bundles one or more change requests into a packaged deployment.
List system acceptances
GET /api/v1/change-management/system-acceptances
Authorization: Bearer <access-token>Formal acceptance records for systems brought into operational service.
List environment separation reviews
GET /api/v1/change-management/environment-separation-reviews
Authorization: Bearer <access-token>Periodic posture reviews of the separation between environments.
Field notes
changeKind
Free text. Common values: standard, normal, emergency, pre-approved, regulated.
subjectModuleKey, subjectResourceType, subjectResourceId
The governed object being changed. Typically an asset or a control. See Attaching records to governed subjects.
Snapshots
Each record carries rich encrypted snapshots in the in-product UI (risk and impact assessment, rollback plans, baseline captures, test results, residual risks). In v1 these structured snapshots are not exposed in the API surface; reads return the durable identifying fields.
Real-case integration: feeding change-window state into a deployment system
A platform engineering team operates a deployment system that gates production deployments by the change window the operations team has approved. Before a deploy proceeds, the deployment system checks: is there an approved change request covering this deploy, scheduled for now?
The integration:
- Calls
GET /api/v1/change-management/change-requests?status=approvedto pull approved requests. - Filters in-warehouse for change requests whose scheduled window covers now.
- The deployment system gates: deploy is allowed only if a matching approved change request is in the window.
- Post-deployment, the deployment system pushes verification status back through a separate API (a webhook back into the workspace, currently set up out-of-band).
The service account holds exactly change-management:read. Caching is short (minutes) because change windows can shift; polling cost is modest.
A complementary pattern: a configuration scanner that pulls configuration baselines and compares its current scan to the governed baseline, raising findings on detected drift.
Related
- Change Management user guide - what the module does and when to reach for it.
- v1 conventions - shared request and response patterns.
- Authentication - service accounts and scopes.