Make Your First API Call
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
- Upgrade a Firewall to the Latest PAN-OS Version (API)
- Show and Manage GlobalProtect Users (API)
- Query a Firewall from Panorama (API)
- Upgrade PAN-OS on Multiple HA Firewalls through Panorama (API)
- Automatically Check for and Install Content Updates (API)
- Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API)
- Configure SAML 2.0 Authentication (API)
- Quarantine Compromised Devices (API)
- Manage Certificates (API)
-
- Asynchronous and Synchronous Requests to the PAN-OS XML API
- Run Operational Mode Commands (API)
- Apply User-ID Mapping and Populate Dynamic Groups (API)
- Get Version Info (API)
-
- PAN-OS REST API
- Access the PAN-OS REST API
- Resource Methods and Query Parameters (REST API)
- PAN-OS REST API Request and Response Structure
- PAN-OS REST API Error Codes
- Work With Objects (REST API)
- Create a Security Policy Rule (REST API)
- Work with Policy Rules on Panorama (REST API)
- Create a Tag (REST API)
- Configure a Security Zone (REST API)
- Configure an SD-WAN Interface (REST API)
- Create an SD-WAN Policy Pre Rule (REST API)
- Configure an Ethernet Interface (REST API)
- Update a Virtual Router (REST API)
- Work With Decryption (APIs)
Make Your First API Call
Get
Your API Key to make your first call to the PAN-OS XML API.
Make sure to URL encode the request parameters in the HTTP request.
The
API Docs use a number of general conventions and should not be copy
and pasted verbatim. Adjust the call to your specific firewall before
making the request.
| Variable | Replace With |
|---|---|
| <firewall> | The IP address of the firewall or Panorama appliance you intend to target with your request. |
| apikey | The unique API key you generate. |
All the query strings in Get requests must be a
URL-Encoded parameter string. If you use a space in the URL-Encoded
request, you must include either a plus sign or %20 to replace the
space.
If you have trouble replicating any of the API requests
in our documentation as a first step, Use the API Browser to build your
requests.
- Make a cURL call to get system information, which
returns the IP address, hostname, and model of your firewall. Be
sure to include the API key:curl -X POST 'https://<firewall>/api?type=op&cmd=<show><system><info></info></system></show>'When you make your API calls, as an alternative to providing the URL encoded API key in the request URL, you can use the custom X-PAN-KEY: <key> parameter to add the key as a name value pair in the HTTP header. For example,curl -H "X-PAN-KEY: LU234T02234565s2Z1FtZWFyWXJOSTdk1234565234565=" -k 'https://firewall_IP/api/?type=op&cmd=<show><system><info></info></system></show>'
- Confirm that the response to the above request looks similar to this:
<response status="success"> <result> <system> <hostname>PA-3050-A</hostname> <ip-address>10.2.3.4</ip-address> <public-ip-address>unknown</public-ip-address> <netmask>255.255.252.0</netmask> <default-gateway>10.2.3.1</default-gateway> <is-dhcp>no</is-dhcp> <ipv6-address>unknown</ipv6-address> <ipv6-link-local-address>c123::21b:ffff:feff:c1234/64</ipv6-link-local-address> <ipv6-default-gateway/> <mac-address>00:00:00:ff:c7:00</mac-address> <time>Tue Jan 8 16:22:56 2019</time> <uptime>0 days, 18:28:38</uptime> <devicename>PA-3050-A</devicename> <family>3000</family> <model>PA-3050</model> <serial>0017010.2529</serial> <cloud-mode>non-cloud</cloud-mode> <sw-version>9.0.0-b36</sw-version> <global-protect-client-package-version>0.0.0</global-protect-client-package-version> <app-version>8111-5239</app-version> <app-release-date>2019/01/07 15:51:30 PST</app-release-date> <av-version>3328-3783</av-version> <av-release-date>2019/01/07 11:22:02 PST</av-release-date> <threat-version>8111-5239</threat-version> <threat-release-date>2019/01/07 15:51:30 PST</threat-release-date> <wf-private-version>0</wf-private-version> <wf-private-release-date>unknown</wf-private-release-date> <url-db>paloaltonetworks</url-db> <wildfire-version>0</wildfire-version> <wildfire-release-date/> <url-filtering-version>2019010.2.00005</url-filtering-version> <global-protect-datafile-version>unknown</global-protect-datafile-version> <global-protect-datafile-release-date>unknown</global-protect-datafile-release-date> <global-protect-clientless-vpn-version>0</global-protect-clientless-vpn-version> <global-protect-clientless-vpn-release-date/> <logdb-version>9.0.10</logdb-version> <platform-family>3000</platform-family> <vpn-disable-mode>off</vpn-disable-mode> <multi-vsys>on</multi-vsys> <operational-mode>normal</operational-mode> </system> </result> </response> - Confirm that the response to the above request looks similar to this: