Strata Copilot
    WildFire API Reference
    : Get a Sample (WildFire API)
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire API Reference
    4. Get WildFire Information through the WildFire API
    5. Get a Sample (WildFire API)
    Download PDF

    WildFire API Reference

    Get a Sample (WildFire API)

    Table of Contents

    Get a Sample (WildFire API)

    Use this resource to download sample files based on the MD5 or SHA-256 hash value. Palo Alto Networks provides access to malware samples collected by the WildFire cloud for 10 years, while grayware sample are available for 14 days. Benign samples are not available for download.

    Resource

    /get/sample/

    Request Parameters

    Use the following form parameters when requesting a sample:
    Parameters
    Description
    Example
     
    apikey
    (Required for API key authentication) API key
    Example:
    apikey=<API KEY>
    Authorization
    (Required for token-based authentication) HTTP request header for token-based authentication. To obtain an access token, create a WildFire API token in Strata Cloud Manager, then generate an access token from the authentication service.
    Example:
    -H "Authorization: Bearer <ACCESS_TOKEN>"
    agent
    (Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys) Designates the API key type
    Example:
    agent=pcc
    Options include:
    • pcc—for use with Prisma Cloud Compute-based WildFire public API keys
    • prismaaccessapi—for use with Prisma Access-based WildFire public API keys
    hash
    (Required) MD5 or SHA-256 hash value of the sample
    Example:
    hash=afe6b95ad95bc689c356f34
	ec8d9094c495e4af57c932ac413b65ef132063acc

    Example Request

    Make a POST request to the /get/sample resource and include the API key along with the MD5 or SHA-256 hash value of the sample. Include the -JO option to use the Content-Disposition filename as provided by the server, similar to the following cURL command:
    curl -JO -F 'apikey=<API KEY>'
-F 'hash=afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc'
'https://wildfire.paloaltonetworks.com/publicapi/get/sample'
    The response saves the packet capture file. Example:
    175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323.xls.000

    Example Request (Token-Based Authentication)

    Alternatively, you can authenticate using a Bearer token instead of an API key. Make the same POST request to the /get/sample resource, but replace the apikey form field with an Authorization header containing your access token:
    curl -JO -F 'hash=afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc' -H 'Authorization: Bearer <ACCESS_TOKEN>' 'https://wildfire.paloaltonetworks.com/publicapi/get/sample'

    © 2026 Palo Alto Networks, Inc. All rights reserved.