Palo Alto Networks Knowledgebase: Tips & Tricks: API configuration
Tips & Tricks: API configuration
Created On 09/25/18 18:56 PM - Last Updated 02/07/19 23:52 PM
You can do a lot of cool things with the API. One of the more common tasks an administrator can perform is accessing, updating and changing the firewall's configuration through some creative scripting while leveraging the ease of use of the API.
Just like the GUI and the CLI, accessing the API requires authentication. An authentication token can be generated with the below command using each administrator's own username and password. We don't recommend sharing this token.
As you see, when you start performing rather simple operations, the URL starts to become pretty complex quickly. Another cool way to figure out which xpaths to use for certain operations is by using the CLI debug mode:
This is the XPath in the set command above <request cmd="set" obj="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address/entry[@name='test55']" cookie="1285104864936584"> <description>API object</description><ip-netmask>10.0.0.1</ip-netmask></request> This is the element in the set command above
If you're not scared yet, please go visit our API discussion forum where you'll find a lot of interesting subjects being discussed on real-world use cases and nifty ways to automate operations using python or perl.
Please leave a comment or a like if you've found this information helpful.