Palo Alto Networks
Palo Alto Networks is a global cybersecurity leader providing advanced security platforms and services across network security, cloud security, and security operations. Its developer platform at pan.dev offers REST and XML APIs for PAN-OS firewalls, Strata Cloud Manager, Prisma Cloud (CSPM, CWPP, code security), Prisma Access and SD-WAN for SASE, Cortex XDR/XSOAR/XSIAM for security operations, and cloud-delivered security services including WildFire, Threat Vault, IoT Security, and DLP.
51 APIs
10 Capabilities
12 Features
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
A RESTful API for managing PAN-OS next-generation firewalls including security policies, network objects, address groups, and device configuration. The REST API provides simplif...
The comprehensive XML-based API for PAN-OS providing full access to all firewall configuration, operational commands, reporting, logging, and commit operations. Supports request...
Management interface for PAN-OS based on OpenConfig standard data models, providing gNMI and gNOI services through the OpenConfig plugin. Supports network automation for BGP, in...
The Panorama API uses the same PAN-OS XML and REST API interfaces but provides centralized management of multiple firewalls from a single management server. Supports device grou...
A unified cloud-based API for managing Palo Alto Networks next-generation firewalls and SASE from a single management plane. Strata Cloud Manager provides configuration manageme...
REST APIs for managing Palo Alto Networks Cloud NGFW, a cloud-native managed firewall service available on AWS and Azure. The API supports creating and managing firewall resourc...
A cloud-based API for submitting files, URLs, and links for advanced malware analysis in the WildFire sandbox environment. The API returns threat verdicts (benign, malware, gray...
A REST API for querying Palo Alto Networks threat signature metadata, content release notes, and threat intelligence data. The API provides access to antivirus signatures, anti-...
A threat intelligence API that provided contextual information about malware, campaigns, and threat actors observed across the Palo Alto Networks global threat intelligence netw...
A REST API for managing IoT and OT device security including device discovery, profiling, vulnerability assessment, and security policy recommendations. The API provides endpoin...
A REST API for managing enterprise data loss prevention across Palo Alto Networks platforms. The API provides access to DLP incidents, policy violation reports, data pattern mat...
REST APIs for configuring and monitoring Prisma Access, Palo Alto Networks' cloud-delivered SASE platform. The Configuration API manages security policies, remote networks, serv...
A REST API for monitoring digital experience metrics within Prisma Access environments. The Autonomous Digital Experience Management (ADEM) API provides application performance ...
REST APIs for managing Prisma SD-WAN (formerly CloudGenix) branch networking infrastructure. The API supports configuration of sites, WAN interfaces, routing policies, applicati...
The Cloud Security Posture Management API for Prisma Cloud (formerly RedLock) providing programmatic access to cloud security monitoring across AWS, Azure, GCP, and Oracle Cloud...
The Cloud Workload Protection Platform (CWPP) API for Prisma Cloud (formerly Twistlock) providing security for containers, hosts, and serverless functions. The API covers image ...
A REST API for Prisma Cloud Application Security (formerly Bridgecrew) providing infrastructure-as-code scanning, software composition analysis, and supply chain security. The A...
A REST API for the Cortex XDR extended detection and response platform providing programmatic access to incident management, alert handling, endpoint operations, and threat hunt...
APIs and development framework for Cortex XSOAR (formerly Demisto), the security orchestration, automation, and response platform. The REST API provides programmatic access to i...
A REST API for Cortex XSIAM, the AI-driven security operations platform that combines SIEM, XDR, SOAR, and ASM capabilities. The API provides endpoints for incident management, ...
The AI Runtime Security API (API Intercept) for securing generative AI applications, AI models, AI data, and AI agents against prompt injection, data leakage, toxic content, mal...
A REST API (currently in beta) for programmatically querying Palo Alto Networks security advisories published by the Product Security Incident Response Team (PSIRT). The API sup...
A REST API for Cortex Xpanse, the attack surface management platform that discovers, evaluates, and mitigates risks on internet-facing assets. The API provides programmatic acce...
A REST API (currently in beta) for retrieving DNS domain details, categorization information, and contextual network access statistics from the Palo Alto Networks DNS Security s...
A REST API for programmatically reviewing and managing Email DLP incidents detected across enterprise email channels. The API supports retrieving incident details, updating verd...
A REST API for scanning and protecting assets stored in sanctioned SaaS applications. The API provides at-rest detection, inspection, and remediation capabilities for data store...
A REST API for managing SaaS Security Posture Management providing continuous monitoring of misconfigured SaaS application settings. The API supports managing onboarded SaaS app...
REST APIs for managing Zero Trust Network Access connectors within the Prisma Access SASE platform. The API supports creating and managing ZTNA connectors, applications, license...
REST APIs for scaling and automating processes related to the Prisma Access secure enterprise browser. The API supports browser deployment management, policy configuration, and ...
A REST API for creating and managing Tenant Service Groups (TSGs) within the Palo Alto Networks SASE platform. The API supports building tenant hierarchies for multi-tenant depl...
A REST API for managing identity and access on the SASE platform including creating service accounts, managing access policies, and configuring role-based access control for SAS...
A REST API for managing license subscriptions assigned to Tenant Service Groups within the SASE platform. The API supports querying subscription entitlements, managing license a...
A REST API for performing aggregated monitoring queries across SASE tenants. The API supports querying application usage, threat data, URL categorization, and license utilizatio...
A REST API for the AIOps Best Practice Assessment service that programmatically generates firewall configuration assessments against Palo Alto Networks best practice recommendat...
REST APIs for the Strata Logging Service (formerly Cortex Data Lake) providing log forwarding and query capabilities. The Log Forwarding API manages log forwarding profiles for ...
A REST API enabling third-party SD-WAN integration with Prisma Access Remote Networks. The API supports automated tunnel configuration, branch onboarding workflows, and coordina...
A REST API for Data Security Posture Management within Prisma Cloud providing visibility and control over sensitive data stored across multi-cloud environments. The API supports...
REST APIs for managing scalable, multi-tenant, agentless security for 5G networks. The API supports provisioning and configuring 5G security services that integrate with 5G auth...
An automated red teaming API for assessing the safety and security of generative AI systems including large language models and LLM-powered applications. The API simulates real-...
A REST API within the SaaS Security Posture Management framework providing security-related metrics and configurations for user and service accounts across SaaS environments. Th...
REST APIs for monitoring 5G security services within the SASE platform. Provides telemetry, analytics, and health monitoring data for 5G network security deployments. Complement...
A public JSON API for monitoring Prisma SASE service health and status built on the Atlassian StatusPage platform. Provides endpoints for overall service status, individual comp...
A public JSON API for monitoring the status of all Palo Alto Networks cloud services and products built on the Atlassian StatusPage platform. Provides endpoints for portfolio-wi...
The OAuth 2.0 authentication service that provides access tokens for all Prisma SASE platform APIs. Uses Client ID and Client Secret credentials to generate short-lived bearer t...
A RESTful API for the Expedition 2.0 migration tool enabling programmatic firewall configuration migration from third-party vendors, policy optimization, and rule analysis. Supp...
A REST API for managing notifications and notification profiles across SASE multitenant environments. Supports creating and managing notification profiles, configuring webhook d...
A REST API for managing service provider interconnect configurations within the SASE platform. Enables using service provider backbones for directing Prisma Access egress traffi...
A REST API for the Cloud Identity Engine (CIE) Directory Sync Service that aggregates, normalizes, and provides access to enterprise identity data from multiple directory source...
A REST API enabling Managed Security Service Providers to manage multi-tenant security operations at scale within Prisma Cloud. The API provides endpoints for policy group and t...
A REST API for licensing VM-Series virtual firewalls that do not have direct internet access to the Palo Alto Networks license server. Supports automated license activation, dea...
A REST API for querying the health and performance of Prisma Access network deployments across multiple API versions (v1.0, v2.0, v3.0). Supports data resource queries for tunne...
Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.
Run with Naftiko
Unified AI security capability for scanning AI model inputs/outputs for threats and red-teaming AI applications for vulnerabilities across Prisma AIRS and AI Red Teaming APIs.
Run with Naftiko
Browser security capability for managing enterprise browser policies, user sessions, and deployments through the Prisma Access Browser API.
Run with Naftiko
Unified cloud security posture capability for managing alerts, policies, compliance, code security scanning, and data security posture across Prisma Cloud CSPM, Code Security, a...
Run with Naftiko
Unified data protection capability for managing DLP incidents, email DLP events, SaaS security incidents and assets, and SaaS security posture checks across Enterprise DLP, Emai...
Run with Naftiko
Unified identity and access management capability for managing service accounts, access policies, roles, tenant service groups, and subscriptions across SASE IAM, Tenancy, and S...
Run with Naftiko
Unified incident response capability for SOC analysts — investigate incidents, triage alerts, manage endpoints, execute response playbooks, and assess attack surface exposure ac...
Run with Naftiko
Unified monitoring and observability capability for tracking digital experience, aggregating security data, managing log forwarding, and running best practice assessments across...
Run with Naftiko
Unified network security configuration capability for managing firewall objects, security rules, NAT rules, and cloud NGFW rule stacks across PAN-OS, Strata Cloud Manager, and C...
Run with Naftiko
Unified secure access capability for managing remote networks, ZTNA connectors, SD-WAN sites, 5G network slices, and SASE configuration across Prisma Access, ZTNA Connector, SD-...
Run with Naftiko
Unified threat intelligence capability for researching IOCs, submitting malware samples, analyzing DNS threats, and tracking security advisories across Threat Vault, WildFire, D...
Run with Naftiko
Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.
Run with Naftiko
Zero Trust Network Security
Next-generation firewall policies with application, user, and content awareness for enforcing zero trust across on-premises and cloud environments.
AI-Powered Threat Prevention
Machine learning and deep learning models that detect and prevent known and unknown threats in real time across network traffic, files, and URLs.
Cloud-Native Application Protection
Full lifecycle cloud security spanning code, build, deploy, and runtime with CSPM, CWPP, code security, and data security posture management.
Security Orchestration and Automation
Automated incident response with playbooks, integrations, and case management through Cortex XSOAR and XSIAM platforms.
Extended Detection and Response
Cross-data-source threat detection correlating endpoint, network, cloud, and identity data through Cortex XDR for unified security operations.
AI Runtime Security
Real-time scanning of AI application prompts and responses for prompt injection, data leakage, toxic content, and other AI-specific threats.
Secure Access Service Edge
Cloud-delivered security and networking combining Prisma Access, SD-WAN, ZTNA, and cloud SWG for secure access from any location.
Attack Surface Management
Continuous discovery and monitoring of internet-facing assets and exposures through Cortex Xpanse for external attack surface visibility.
Infrastructure as Code Security
Automated security scanning of Terraform, CloudFormation, Kubernetes, and other IaC templates for misconfigurations before deployment.
Digital Experience Monitoring
End-to-end visibility into application performance and user experience across SASE connections with Autonomous DEM.
Threat Intelligence
Comprehensive threat intelligence through Threat Vault, WildFire malware analysis, DNS Security, and Unit 42 research for proactive defense.
Multi-Tenant Management
Hierarchical tenant management with delegated administration, aggregate monitoring, and shared policy for MSSPs and large enterprises.
SOC Automation
Automate alert triage, incident investigation, and response actions using Cortex XDR, XSOAR playbooks, and XSIAM correlation rules.
Firewall Policy Management
Programmatically manage security policies, address objects, and NAT rules across PAN-OS firewalls and Panorama using REST or XML APIs.
Cloud Security Posture
Monitor and remediate cloud misconfigurations, compliance violations, and vulnerabilities across AWS, Azure, and GCP using Prisma Cloud APIs.
Threat Hunting
Query threat intelligence databases, submit suspicious files for analysis, and correlate IOCs across Threat Vault, WildFire, and DNS Security.
SASE Deployment Automation
Automate Prisma Access remote network onboarding, SD-WAN site configuration, and ZTNA connector deployment using SASE platform APIs.
DevSecOps Pipeline Integration
Embed security scanning into CI/CD pipelines with Prisma Cloud code security APIs for IaC scanning, SCA, and secrets detection.
AI Application Security
Integrate Prisma AIRS API Intercept into AI application code to scan LLM prompts and responses for security threats in real time.
Compliance Monitoring
Continuously assess cloud infrastructure against CIS benchmarks, PCI DSS, HIPAA, SOC 2, and custom compliance standards using Prisma Cloud.
Log Forwarding and SIEM Integration
Forward security logs from firewalls and cloud services to Splunk, QRadar, and other SIEMs using Strata Logging Service APIs.
Multi-Tenant Security Operations
Manage security across tenant hierarchies with aggregate monitoring, shared notifications, and delegated administration for MSSPs.
Splunk
Splunk App and Add-on for ingesting PAN-OS, Prisma Cloud, and Cortex logs with pre-built dashboards, reports, and data models.
Terraform
Official Terraform providers for PAN-OS, Strata Cloud Manager, Prisma Cloud, Cloud NGFW, and Prisma Cloud Compute for infrastructure as code.
Ansible
Official Ansible collection with 60+ modules for PAN-OS firewall and Panorama configuration automation.
AWS
Cloud NGFW for AWS, VM-Series on AWS, Prisma Cloud AWS account onboarding, and CloudFormation template support.
Azure
Cloud NGFW for Azure, VM-Series on Azure, Prisma Cloud Azure subscription onboarding, and Azure AD integration.
Google Cloud
VM-Series on GCP, Prisma Cloud GCP project onboarding, and Google Workspace integration with Cloud Identity Engine.
ServiceNow
Cortex XSOAR integration for bi-directional ticket synchronization and automated incident response workflows.
Slack
Cortex XSOAR Slack integration for alert notifications, war room collaboration, and ChatOps-driven security operations.
Active Directory
Cloud Identity Engine directory sync with on-premises Active Directory for user-to-IP mapping and identity-aware firewall policies.
Okta
Cloud Identity Engine integration with Okta for SSO user context and identity-aware security policy enforcement.
4 classes · 32 properties
JSON-LD
6 classes · 39 properties
JSON-LD
13 classes · 12 properties
JSON-LD
16 classes · 55 properties
JSON-LD
7 classes · 66 properties
JSON-LD
1 classes · 32 properties
JSON-LD
2 classes · 10 properties
JSON-LD
8 classes · 60 properties
JSON-LD
8 classes · 57 properties
JSON-LD
3 classes · 8 properties
JSON-LD
11 classes · 61 properties
JSON-LD
2 classes · 25 properties
JSON-LD
4 classes · 55 properties
JSON-LD
2 classes · 23 properties
JSON-LD
3 classes · 25 properties
JSON-LD
19 classes · 66 properties
JSON-LD
6 classes · 54 properties
JSON-LD
0 classes · 72 properties
JSON-LD
63 classes · 6 properties
JSON-LD
3 classes · 27 properties
JSON-LD
12 classes · 57 properties
JSON-LD
7 classes · 56 properties
JSON-LD
8 classes · 41 properties
JSON-LD
7 classes · 34 properties
JSON-LD
7 classes · 45 properties
JSON-LD
5 classes · 28 properties
JSON-LD
6 classes · 53 properties
JSON-LD
12 classes · 81 properties
JSON-LD
3 classes · 28 properties
JSON-LD
9 classes · 49 properties
JSON-LD
6 classes · 50 properties
JSON-LD
66 classes · 124 properties
JSON-LD
1 classes · 11 properties
JSON-LD
8 classes · 59 properties
JSON-LD
6 classes · 36 properties
JSON-LD
7 classes · 34 properties
JSON-LD
5 classes · 17 properties
JSON-LD
3 classes · 21 properties
JSON-LD
8 classes · 34 properties
JSON-LD
7 classes · 17 properties
JSON-LD
8 classes · 35 properties
JSON-LD
14 classes · 49 properties
JSON-LD
7 classes · 34 properties
JSON-LD
5 classes · 19 properties
JSON-LD
3 classes · 11 properties
JSON-LD
3 classes · 22 properties
JSON-LD
6 classes · 32 properties
JSON-LD
6 classes · 36 properties
JSON-LD
17 classes · 51 properties
JSON-LD
5 classes · 51 properties
JSON-LD
9 classes · 29 properties
JSON-LD
9 classes · 50 properties
JSON-LD
6 classes · 27 properties
JSON-LD
11 classes · 25 properties
JSON-LD
aid: palo-alto-networks
name: Palo Alto Networks
description: >-
Palo Alto Networks is a global cybersecurity leader providing advanced security
platforms and services across network security, cloud security, and security operations.
Its developer platform at pan.dev offers REST and XML APIs for PAN-OS firewalls,
Strata Cloud Manager, Prisma Cloud (CSPM, CWPP, code security), Prisma Access and
SD-WAN for SASE, Cortex XDR/XSOAR/XSIAM for security operations, and cloud-delivered
security services including WildFire, Threat Vault, IoT Security, and DLP.
url: https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/apis.yml
tags:
- Cloud Security
- Cybersecurity
- Firewall
- Network Security
- SASE
- SOAR
- Threat Intelligence
- XDR
created: '2024-01-01'
modified: '2026-04-17'
maintainers:
- name: Kin Lane
email: [email protected]
apis:
- aid: palo-alto-networks:pan-os-rest-api
name: PAN-OS REST API
tags:
- Configuration
- Firewall
- Network Security
- Policies
- REST API
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://{firewall}/restapi/v10.2
humanURL: https://pan.dev/panos/docs/restapi/
properties:
- url: https://pan.dev/panos/docs/restapi/
type: Documentation
- url: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/get-started-with-the-pan-os-rest-api
type: GettingStarted
- url: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/pan-os-rest-api-reference
type: APIReference
- url: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/get-started-with-the-pan-os-rest-api/get-your-api-key
type: Authentication
- url: openapi/palo-alto-pan-os-rest-api-openapi-original.yml
type: OpenAPI
- url: json-schema/pan-os-rest-api-address-group-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-address-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-commit-status-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-nat-rule-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-pan-os-response-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-qos-rule-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-security-rule-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-service-group-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-service-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-tag-schema.json
type: JSONSchema
- url: json-schema/pan-os-rest-api-virtual-system-schema.json
type: JSONSchema
- url: json-schema/pan-os-security-rule-schema.json
type: JSONSchema
- url: json-structure/pan-os-rest-api-address-group-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-address-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-commit-status-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-nat-rule-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-pan-os-response-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-qos-rule-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-security-rule-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-service-group-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-service-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-tag-structure.json
type: JSONStructure
- url: json-structure/pan-os-rest-api-virtual-system-structure.json
type: JSONStructure
- url: json-structure/pan-os-security-rule-structure.json
type: JSONStructure
- url: json-ld/palo-alto-pan-os-rest-api-context.jsonld
type: JSON-LD
- url: examples/pan-os-rest-api-address-example.json
type: Example
- url: examples/pan-os-rest-api-address-group-example.json
type: Example
- url: examples/pan-os-rest-api-commit-status-example.json
type: Example
- url: examples/pan-os-rest-api-nat-rule-example.json
type: Example
- url: examples/pan-os-rest-api-pan-os-response-example.json
type: Example
- url: examples/pan-os-rest-api-qos-rule-example.json
type: Example
- url: examples/pan-os-rest-api-security-rule-example.json
type: Example
- url: examples/pan-os-rest-api-service-example.json
type: Example
- url: examples/pan-os-rest-api-service-group-example.json
type: Example
- url: examples/pan-os-rest-api-tag-example.json
type: Example
- url: examples/pan-os-rest-api-virtual-system-example.json
type: Example
- url: examples/pan-os-security-rule-example.json
type: Example
- url: json-ld/palo-alto-pan-os-context.jsonld
type: JSON-LD
description: >-
A RESTful API for managing PAN-OS next-generation firewalls including
security policies, network objects, address groups, and device
configuration. The REST API provides simplified JSON-based access to
common firewall operations as an alternative to the XML API. Supports
CRUD operations on policy rules, address objects, service objects, and
security profiles. Authentication uses API keys generated from the
firewall management interface or via the XML API keygen command.
- aid: palo-alto-networks:pan-os-xml-api
name: PAN-OS XML API
tags:
- Configuration
- Firewall
- Monitoring
- Operations
- XML
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://{firewall}/api/
humanURL: https://pan.dev/panos/docs/xmlapi/
properties:
- url: https://pan.dev/panos/docs/xmlapi/
type: Documentation
- url: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/get-started-with-the-pan-os-xml-api
type: GettingStarted
- url: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/pan-os-xml-api-request-types
type: APIReference
- url: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key
type: Authentication
- url: json-schema/pan-os-security-rule-schema.json
type: JSONSchema
description: >-
The comprehensive XML-based API for PAN-OS providing full access to all firewall
configuration, operational commands, reporting, logging, and commit operations.
Supports request types including keygen for authentication, config for configuration
changes using XPath, op for operational commands, report for generating reports,
log for retrieving traffic and threat logs, and user-id for dynamic user-to-IP
mapping.
- aid: palo-alto-networks:openconfig-api
name: PAN-OS OpenConfig API
tags:
- Firewall
- gNMI
- Network Automation
- OpenConfig
- Telemetry
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://{firewall}
humanURL: https://docs.paloaltonetworks.com/openconfig
properties:
- url: https://docs.paloaltonetworks.com/openconfig
type: Documentation
- url: https://docs.paloaltonetworks.com/openconfig/2-0/openconfig-admin/getting-started
type: GettingStarted
- url: https://docs.paloaltonetworks.com/openconfig/2-0/openconfig-admin/pan-os-models/pan-os-openconfig-xmlapi
type: APIReference
description: >-
Management interface for PAN-OS based on OpenConfig standard data models,
providing gNMI and gNOI services through the OpenConfig plugin. Supports
network automation for BGP, interfaces, LACP, LLDP, VLANs, local routes,
system, and platform configuration, as well as telemetry streaming.
Includes a PAN-OS OpenConfig XML API for integration with standard
network management tools.
- aid: palo-alto-networks:panorama-api
name: Panorama API
tags:
- Centralized Management
- Device Groups
- Firewall
- Orchestration
- Templates
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://{panorama}/api/
humanURL: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/panorama-api
properties:
- url: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/panorama-api
type: Documentation
- url: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api
type: APIReference
description: >-
The Panorama API uses the same PAN-OS XML and REST API interfaces but
provides centralized management of multiple firewalls from a single
management server. Supports device group and template stack operations
for pushing configuration to managed firewalls, centralized logging
and reporting, and multi-device commit workflows. Panorama-specific
API operations include managing device groups, template stacks, log
collectors, and performing push operations to managed devices.
- aid: palo-alto-networks:strata-cloud-manager-api
name: Strata Cloud Manager API
tags:
- Cloud Management
- Configuration
- NGFW
- SASE
- Unified Management
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://api.strata.paloaltonetworks.com
humanURL: https://pan.dev/scm/docs/home/
properties:
- url: https://pan.dev/scm/docs/home/
type: Documentation
- url: https://pan.dev/scm/api/
type: APIReference
- url: https://pan.dev/scm/docs/getstarted/
type: GettingStarted
- url: https://pan.dev/scm/docs/api-call/
type: GettingStarted
- url: https://pan.dev/scm/docs/api-best-practices/
type: BestPractices
- url: https://pan.dev/scm/docs/release-notes/
type: ChangeLog
- url: openapi/palo-alto-strata-cloud-manager-api-openapi-original.yml
type: OpenAPI
- url: https://github.com/PaloAltoNetworks/scm-go
type: SDK
title: Go SDK
- url: json-schema/strata-cloud-manager-api-address-group-list-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-address-group-request-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-address-group-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-address-list-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-address-request-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-address-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-delete-response-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-job-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-nat-rule-list-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-nat-rule-request-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-nat-rule-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-security-rule-list-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-security-rule-request-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-security-rule-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-service-list-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-service-request-schema.json
type: JSONSchema
- url: json-schema/strata-cloud-manager-api-service-schema.json
type: JSONSchema
- url: json-structure/strata-cloud-manager-api-address-group-list-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-address-group-request-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-address-group-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-address-list-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-address-request-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-address-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-delete-response-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-job-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-nat-rule-list-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-nat-rule-request-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-nat-rule-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-security-rule-list-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-security-rule-request-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-security-rule-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-service-list-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-service-request-structure.json
type: JSONStructure
- url: json-structure/strata-cloud-manager-api-service-structure.json
type: JSONStructure
- url: json-ld/palo-alto-strata-cloud-manager-api-context.jsonld
type: JSON-LD
- url: examples/strata-cloud-manager-api-address-example.json
type: Example
- url: examples/strata-cloud-manager-api-address-group-example.json
type: Example
- url: examples/strata-cloud-manager-api-address-group-list-example.json
type: Example
- url: examples/strata-cloud-manager-api-address-group-request-example.json
type: Example
- url: examples/strata-cloud-manager-api-address-list-example.json
type: Example
- url: examples/strata-cloud-manager-api-address-request-example.json
type: Example
- url: examples/strata-cloud-manager-api-delete-response-example.json
type: Example
- url: examples/strata-cloud-manager-api-job-example.json
type: Example
- url: examples/strata-cloud-manager-api-nat-rule-example.json
type: Example
- url: examples/strata-cloud-manager-api-nat-rule-list-example.json
type: Example
- url: examples/strata-cloud-manager-api-nat-rule-request-example.json
type: Example
- url: examples/strata-cloud-manager-api-security-rule-example.json
type: Example
- url: examples/strata-cloud-manager-api-security-rule-list-example.json
type: Example
- url: examples/strata-cloud-manager-api-security-rule-request-example.json
type: Example
- url: examples/strata-cloud-manager-api-service-example.json
type: Example
- url: examples/strata-cloud-manager-api-service-list-example.json
type: Example
- url: examples/strata-cloud-manager-api-service-request-example.json
type: Example
description: >-
A unified cloud-based API for managing Palo Alto Networks next-generation
firewalls and SASE from a single management plane. Strata Cloud Manager
provides configuration management for security policies, network objects,
and device settings across hardware, virtual, and cloud-native firewalls.
The API uses OAuth 2.0 authentication with bearer tokens and provides
RESTful endpoints for policy lifecycle management, object CRUD
operations, and deployment workflows.
- aid: palo-alto-networks:cloud-ngfw-api
name: Cloud NGFW API
tags:
- AWS
- Azure
- Cloud Security
- Cloud-Native Firewall
- Managed Service
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://api.{region}.aws.cloudngfw.paloaltonetworks.com
humanURL: https://pan.dev/cloudngfw/aws/api/
properties:
- url: https://pan.dev/cloudngfw/aws/api/
type: Documentation
- url: https://pan.dev/cloudngfw/docs/getstarted_azure/
type: GettingStarted
- url: openapi/palo-alto-cloud-ngfw-api-openapi-original.yml
type: OpenAPI
- url: json-schema/cloud-ngfw-api-firewall-request-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-firewall-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-firewall-summary-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-fqdn-list-request-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-fqdn-list-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-fqdn-list-summary-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-prefix-list-request-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-prefix-list-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-prefix-list-summary-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-response-status-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-rule-destination-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-rule-source-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-rule-stack-request-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-rule-stack-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-rule-stack-summary-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-security-rule-request-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-security-rule-schema.json
type: JSONSchema
- url: json-schema/cloud-ngfw-api-security-rule-summary-schema.json
type: JSONSchema
- url: json-structure/cloud-ngfw-api-firewall-request-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-firewall-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-firewall-summary-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-fqdn-list-request-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-fqdn-list-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-fqdn-list-summary-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-prefix-list-request-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-prefix-list-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-prefix-list-summary-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-response-status-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-rule-destination-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-rule-source-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-rule-stack-request-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-rule-stack-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-rule-stack-summary-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-security-rule-request-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-security-rule-structure.json
type: JSONStructure
- url: json-structure/cloud-ngfw-api-security-rule-summary-structure.json
type: JSONStructure
- url: json-ld/palo-alto-cloud-ngfw-api-context.jsonld
type: JSON-LD
- url: examples/cloud-ngfw-api-firewall-example.json
type: Example
- url: examples/cloud-ngfw-api-firewall-request-example.json
type: Example
- url: examples/cloud-ngfw-api-firewall-summary-example.json
type: Example
- url: examples/cloud-ngfw-api-fqdn-list-example.json
type: Example
- url: examples/cloud-ngfw-api-fqdn-list-request-example.json
type: Example
- url: examples/cloud-ngfw-api-fqdn-list-summary-example.json
type: Example
- url: examples/cloud-ngfw-api-prefix-list-example.json
type: Example
- url: examples/cloud-ngfw-api-prefix-list-request-example.json
type: Example
- url: examples/cloud-ngfw-api-prefix-list-summary-example.json
type: Example
- url: examples/cloud-ngfw-api-response-status-example.json
type: Example
- url: examples/cloud-ngfw-api-rule-destination-example.json
type: Example
- url: examples/cloud-ngfw-api-rule-source-example.json
type: Example
- url: examples/cloud-ngfw-api-rule-stack-example.json
type: Example
- url: examples/cloud-ngfw-api-rule-stack-request-example.json
type: Example
- url: examples/cloud-ngfw-api-rule-stack-summary-example.json
type: Example
- url: examples/cloud-ngfw-api-security-rule-example.json
type: Example
- url: examples/cloud-ngfw-api-security-rule-request-example.json
type: Example
- url: examples/cloud-ngfw-api-security-rule-summary-example.json
type: Example
description: >-
REST APIs for managing Palo Alto Networks Cloud NGFW, a cloud-native managed
firewall service available on AWS and Azure. The API supports creating and managing
firewall resources, configuring security rules and rule stacks, managing FQDN
lists and prefix lists, and retrieving firewall logs. On AWS, authentication
uses IAM roles; on Azure, authentication uses Azure Active Directory.
- aid: palo-alto-networks:wildfire-api
name: WildFire API
tags:
- File Analysis
- Malware Analysis
- Sandbox
- Threat Prevention
- Verdicts
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://wildfire.paloaltonetworks.com/publicapi/
humanURL: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-api
properties:
- url: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-api
type: Documentation
- url: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-api/get-started-with-the-wildfire-api
type: GettingStarted
- url: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-api
type: APIReference
- url: openapi/palo-alto-wildfire-api-openapi-original.yml
type: OpenAPI
- url: json-schema/wildfire-api-analysis-report-schema.json
type: JSONSchema
- url: json-schema/wildfire-api-bulk-verdict-response-schema.json
type: JSONSchema
- url: json-schema/wildfire-api-sandbox-report-schema.json
type: JSONSchema
- url: json-schema/wildfire-api-submit-response-schema.json
type: JSONSchema
- url: json-schema/wildfire-api-verdict-response-schema.json
type: JSONSchema
- url: json-structure/wildfire-api-analysis-report-structure.json
type: JSONStructure
- url: json-structure/wildfire-api-bulk-verdict-response-structure.json
type: JSONStructure
- url: json-structure/wildfire-api-sandbox-report-structure.json
type: JSONStructure
- url: json-structure/wildfire-api-submit-response-structure.json
type: JSONStructure
- url: json-structure/wildfire-api-verdict-response-structure.json
type: JSONStructure
- url: json-ld/palo-alto-wildfire-api-context.jsonld
type: JSON-LD
- url: examples/wildfire-api-analysis-report-example.json
type: Example
- url: examples/wildfire-api-bulk-verdict-response-example.json
type: Example
- url: examples/wildfire-api-sandbox-report-example.json
type: Example
- url: examples/wildfire-api-submit-response-example.json
type: Example
- url: examples/wildfire-api-verdict-response-example.json
type: Example
description: >-
A cloud-based API for submitting files, URLs, and links for advanced malware
analysis in the WildFire sandbox environment. The API returns threat verdicts
(benign, malware, grayware, phishing) and detailed analysis reports including
behavioral indicators, network activity, and file artifacts. Supports file submission
via multipart form upload, verdict queries by hash (MD5, SHA-256), and retrieval
of PCAP files and detailed analysis reports.
- aid: palo-alto-networks:threat-vault-api
name: Threat Vault API
tags:
- Antivirus
- CVE
- IPS
- Signatures
- Threat Intelligence
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://api.threatvault.paloaltonetworks.com
humanURL: https://pan.dev/threat-vault/api/
properties:
- url: https://pan.dev/threat-vault/api/
type: Documentation
- url: https://pan.dev/cdss/docs/getstarted/
type: GettingStarted
- url: https://pan.dev/cdss/docs/authentication/
type: Authentication
- url: https://pan.dev/cdss/docs/api-call/
type: GettingStarted
- url: openapi/palo-alto-threat-vault-api-openapi-original.yml
type: OpenAPI
- url: json-schema/threat-vault-api-api-stats-schema.json
type: JSONSchema
- url: json-schema/threat-vault-api-atp-report-list-schema.json
type: JSONSchema
- url: json-schema/threat-vault-api-atp-report-schema.json
type: JSONSchema
- url: json-schema/threat-vault-api-release-note-schema.json
type: JSONSchema
- url: json-schema/threat-vault-api-release-notes-list-schema.json
type: JSONSchema
- url: json-schema/threat-vault-api-threat-history-entry-schema.json
type: JSONSchema
- url: json-schema/threat-vault-api-threat-history-list-schema.json
type: JSONSchema
- url: json-schema/threat-vault-api-threat-list-schema.json
type: JSONSchema
- url: json-schema/threat-vault-api-threat-signature-schema.json
type: JSONSchema
- url: json-structure/threat-vault-api-api-stats-structure.json
type: JSONStructure
- url: json-structure/threat-vault-api-atp-report-list-structure.json
type: JSONStructure
- url: json-structure/threat-vault-api-atp-report-structure.json
type: JSONStructure
- url: json-structure/threat-vault-api-release-note-structure.json
type: JSONStructure
- url: json-structure/threat-vault-api-release-notes-list-structure.json
type: JSONStructure
- url: json-structure/threat-vault-api-threat-history-entry-structure.json
type: JSONStructure
- url: json-structure/threat-vault-api-threat-history-list-structure.json
type: JSONStructure
- url: json-structure/threat-vault-api-threat-list-structure.json
type: JSONStructure
- url: json-structure/threat-vault-api-threat-signature-structure.json
type: JSONStructure
- url: json-ld/palo-alto-threat-vault-api-context.jsonld
type: JSON-LD
- url: examples/threat-vault-api-api-stats-example.json
type: Example
- url: examples/threat-vault-api-atp-report-example.json
type: Example
- url: examples/threat-vault-api-atp-report-list-example.json
type: Example
- url: examples/threat-vault-api-release-note-example.json
type: Example
- url: examples/threat-vault-api-release-notes-list-example.json
type: Example
- url: examples/threat-vault-api-threat-history-entry-example.json
type: Example
- url: examples/threat-vault-api-threat-history-list-example.json
type: Example
- url: examples/threat-vault-api-threat-list-example.json
type: Example
- url: examples/threat-vault-api-threat-signature-example.json
type: Example
description: >-
A REST API for querying Palo Alto Networks threat signature metadata, content
release notes, and threat intelligence data. The API provides access to antivirus
signatures, anti-spyware signatures, vulnerability protection (IPS) signatures,
and file type identification data. Supports queries by signature ID, CVE, threat
name, and content release version. Replaces the deprecated AutoFocus API for
threat intelligence lookups. Requires an Advanced Threat Prevention or Threat
Prevention subscription.
- aid: palo-alto-networks:autofocus-api
name: AutoFocus API (Deprecated)
tags:
- Analysis
- Deprecated
- Malware
- Threat Intelligence
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://autofocus.paloaltonetworks.com/api/v1.0/
humanURL: https://docs.paloaltonetworks.com/autofocus/autofocus-api
properties:
- url: https://docs.paloaltonetworks.com/autofocus/autofocus-api
type: Documentation
- url: https://docs.paloaltonetworks.com/autofocus/autofocus-api/get-started-with-the-autofocus-api
type: GettingStarted
description: >-
A threat intelligence API that provided contextual information about
malware, campaigns, and threat actors observed across the Palo Alto
Networks global threat intelligence network. AutoFocus reached
end-of-sale on September 30, 2022, and end-of-support on September 30,
2025. Developers should migrate to the Threat Vault API for threat
signature lookups and to Cortex XDR or XSIAM for advanced threat
intelligence and investigation capabilities.
- aid: palo-alto-networks:iot-security-api
name: IoT Security API
tags:
- Asset Discovery
- Device Security
- IoT
- Network Segmentation
- OT Security
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://{customer}.iot.paloaltonetworks.com/pub/v4.0/
humanURL: https://pan.dev/iot/api/
properties:
- url: https://pan.dev/iot/api/
type: Documentation
- url: openapi/palo-alto-iot-security-api-openapi-original.yml
type: OpenAPI
- url: json-schema/iot-security-api-alert-schema.json
type: JSONSchema
- url: json-schema/iot-security-api-asset-report-schema.json
type: JSONSchema
- url: json-schema/iot-security-api-device-schema.json
type: JSONSchema
- url: json-schema/iot-security-api-device-tag-schema.json
type: JSONSchema
- url: json-schema/iot-security-api-policy-recommendation-schema.json
type: JSONSchema
- url: json-schema/iot-security-api-vulnerability-schema.json
type: JSONSchema
- url: json-structure/iot-security-api-alert-structure.json
type: JSONStructure
- url: json-structure/iot-security-api-asset-report-structure.json
type: JSONStructure
- url: json-structure/iot-security-api-device-structure.json
type: JSONStructure
- url: json-structure/iot-security-api-device-tag-structure.json
type: JSONStructure
- url: json-structure/iot-security-api-policy-recommendation-structure.json
type: JSONStructure
- url: json-structure/iot-security-api-vulnerability-structure.json
type: JSONStructure
- url: json-ld/palo-alto-iot-security-api-context.jsonld
type: JSON-LD
- url: examples/iot-security-api-alert-example.json
type: Example
- url: examples/iot-security-api-asset-report-example.json
type: Example
- url: examples/iot-security-api-device-example.json
type: Example
- url: examples/iot-security-api-device-tag-example.json
type: Example
- url: examples/iot-security-api-policy-recommendation-example.json
type: Example
- url: examples/iot-security-api-vulnerability-example.json
type: Example
description: >-
A REST API for managing IoT and OT device security including device
discovery, profiling, vulnerability assessment, and security policy
recommendations. The API provides endpoints for retrieving discovered
device inventories, security alerts, vulnerability details, and
recommended network segmentation policies. Authentication uses
X-Key-Id and X-Access-Key headers with keys generated from the IoT
Security portal. Rate limited to 60 requests per minute.
- aid: palo-alto-networks:dlp-api
name: Data Loss Prevention API
tags:
- Compliance
- Data Classification
- Data Security
- DLP
- Incident Management
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://api.example.com
humanURL: https://pan.dev/dlp/api/
properties:
- url: https://pan.dev/dlp/api/
type: Documentation
- url: openapi/palo-alto-dlp-api-openapi-original.yml
type: OpenAPI
- url: json-schema/dlp-api-content-snippet-schema.json
type: JSONSchema
- url: json-schema/dlp-api-data-pattern-schema.json
type: JSONSchema
- url: json-schema/dlp-api-dlp-incident-schema.json
type: JSONSchema
- url: json-schema/dlp-api-incident-summary-schema.json
type: JSONSchema
- url: json-structure/dlp-api-content-snippet-structure.json
type: JSONStructure
- url: json-structure/dlp-api-data-pattern-structure.json
type: JSONStructure
- url: json-structure/dlp-api-dlp-incident-structure.json
type: JSONStructure
- url: json-structure/dlp-api-incident-summary-structure.json
type: JSONStructure
- url: json-ld/palo-alto-dlp-api-context.jsonld
type: JSON-LD
- url: examples/dlp-api-content-snippet-example.json
type: Example
- url: examples/dlp-api-data-pattern-example.json
type: Example
- url: examples/dlp-api-dlp-incident-example.json
type: Example
- url: examples/dlp-api-incident-summary-example.json
type: Example
description: >-
A REST API for managing enterprise data loss prevention across Palo Alto
Networks platforms. The API provides access to DLP incidents, policy
# --- truncated at 32 KB (200 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/apis.yml