Use the XML API
Palo Alto Networks XML API uses standard HTTP requests to send and receive data, allowing access to several types of data on the device so the data can be easily integrated with and used in other systems. Use the XML-based Management API to view a firewall or Panorama’s configuration, extract report data in XML format, and execute operational commands. API calls can be made directly from command line utilities such as cURL or wget, or using any scripting or application framework that supports RESTful services. When using the API with command lines tools, both HTTP GET and POST methods are supported.
You must generate an API key in order to use the XML API. The API key authenticates the user to the firewall, application, or Panorama. After you have generated an API key, you can use the key to perform device configuration and operational tasks, retrieve reports and logs, and import and export files. See Generate an API Key for steps to generate an API key.
The following table shows the URL structure for API requests:
PAN-OS Version XML API URL Structure
Prior to PAN-OS 4.1.0 http(s)://hostname/esp/restapi.esp?request-parameters-values
PAN-OS 4.1.0 and later http(s)://hostname/api/?request-parameters-values
URL structure item definitions: hostname—Device’s IP address or Domain name. request-parameters-values—A series of multiple ‘parameter=value’ pairs separated by the ampersand character (&). These values can either be keywords or data-values in standard or XML format (response data is always in XML format).
There are APIs for PAN-OS, User-ID, and WildFire products. For more information on how to use the API interface, refer to the PAN-OS XML API Usage Guide. To access the online community for developing scripts, visit: https://live.paloaltonetworks.com/community/devcenter.
Generate an API Key
In order to use the API to manage a firewall or application, an API key is required to authenticate all API calls. Admin account credentials are used to generate API keys.
As a best practice, create a separate admin account for XML-based administration.
Generate an API key
Create an administrator account. In the web interface, on the Device > Administrators tab, click Add. Enter a login Name for the admin. Enter and confirm a Password for the admin. Click OK and Commit.
Request an API key. Replace the hostname, username and password parameters in the following URL with the appropriate values from your administrator account credentials: http(s)://hostname/api/?type=keygen&user=username&password=password The API key is displayed in an XML block. For example: <response status="success"> <result> <key>0RgWc42Oi0vDx2WRUIUM6A</key> </result> </response>
(Optional) Revoke or change an API key. For PAN-OS 4.1.0 and later releases, generating an API key using the same administrator account credentials returns unique API keys every time, and all of the keys are valid. You can choose to revoke and then change an API key associated with an administrator account by changing the password associated with the administrator account. Any API keys that were generated using the previous credentials would no longer be valid. On the Device > Adminstrators tab, open the administrator account associated with the API key. Enter and confirm a new Password for the administrator account. Click OK and Commit. Any API keys associated with the admin account prior to the password change are revoked upon Commit. (Optional) Use the updated administrator account credentials to generate a new API key. See Step 2.
Example work flow using an API key: Request an API key by entering the URL with the appropriate values in a web browser: https://10.xx.10.50/esp/restapi.esp?type=keygen&user=admin&password=admin Entering the URL displays an XML block that contains the API key: <response status="success"> <result> <key>0RgWc42Oi0vDx2WRUIUM6A </key> </result> </response> Continue to use the API key to create API requests. For example, to generate a report: https://10.xx.10.50/esp/restapi.esp?type=report&reporttype=dynamic&reportname=top-app-summary&period=last-hour&topn=5&key=0RgWc42Oi0vDx2WRUIUM6A=

Related Documentation