The WildFire® appliance API provides programmatic access to your on-premises WildFire appliance, enabling you to submit files for local malware analysis and retrieve verdicts without sending samples to the public cloud. This capability addresses data sovereignty requirements, regulatory compliance mandates, and organizational policies that restrict external file transmission while maintaining advanced threat detection capabilities. You can integrate the appliance API into security orchestration workflows, custom applications, and automated analysis pipelines that require local verdict generation.

WildFire appliance API authentication uses API keys that you generate directly from the appliance. You generate API keys through the appliance web interface or command-line interface, and each API request must include your API key in the request header or as a parameter to authenticate. The API key identifies your account and tracks usage against your appliance quota limits. Unlike the public cloud API where keys are associated with your support account, appliance API keys are local to each appliance instance and remain valid until you revoke them or the appliance license expires.

WildFire appliance API endpoints mirror the public cloud API structure, providing familiar resources for file submission, verdict queries, and analysis report retrieval. The appliance processes files using the same malware analysis engine as the public cloud, including static analysis, dynamic analysis, and machine learning detection, ensuring consistent verdict quality. When you configure hybrid cloud mode, the appliance can forward unknown samples to the WildFire public cloud for additional analysis while keeping sensitive files local. You can submit all supported file types through the appliance API, including portable executables, office documents, PDFs, APK files, and scripts.

The appliance returns verdicts in the same XML format as the public cloud API, enabling seamless integration with existing automation that uses WildFire verdicts for security decisions. API rate limits depend on your appliance model and licensing, with higher-capacity models supporting increased submission volumes for enterprise deployments. The appliance API integrates with Panorama® for centralized management across multiple WildFire appliances, and you can configure appliance clusters for high availability and load distribution. Firewalls in your network can query the appliance API for verdicts before forwarding files, reducing analysis latency and maintaining local control over sensitive data.