To use the API (XML or REST), you must
enable API access for
your administrators and
get your API key. By default,
the firewall and Panorama support API requests over HTTPS. To make
API request over HTTP, you must configure an
interface management profile.
To authenticate your API request to the firewall or Panorama,
provide the API key in any of the following ways:
Use
the custom HTTP header,X-PAN-KEY: <key> to
include the API key in the HTTP header.
For the XML API, include the API key as a query parameter
in the HTTP request URL.
Use
Basic Authentication to
pass the admin credentials asusername:password with
Base64 encoding in an Authorization header field.
Authorization: Basic amJPbLxpbw9UaTpXb3JrKjIwMDA=
As a best practice:
Set an API key lifetime to enforce key
rotation; you can also revoke all API keys to protect from accidental
exposure.
Use a POST request for any call that may contain sensitive information.