Getting Started with the API

Getting Started with the API

Created On 09/25/18 19:30 PM - Last Updated 08/03/20 20:48 PM

  • First-time API users to get started and try out the basics of the PAN-OS API
  • Leverage the pan-python SDK to get started with basic examples of API usage

  • PAN-OS


Step 1:  Get python

When installing python on Windows, be sure to enable "Add python.exe to Path"

  • Mac OSX:  Python 2.7.x is already installed.  Go to step 2.
  • Linux:  Python is already installed (usually 2.7.x).  Go to step 2.


Step 2:  Get pan-python

Go to

  • Windows:  Download the Source Code (.zip)
  • Mac OSX and Linux:  Download pan-python-x.x.x.tar.gz and uncompress the file.

Step 3:  Open a terminal
  • Windows:  Press WinKey+R.  In the Run dialog, type 'cmd' and press enter
  • Mac OSX:  Navigate to Applications -> Utilities -> Terminal
  • Linux:  Most distributions have a terminal program you can run.

Step 4:  Navigate to pan-python in terminal
In the terminal, use the 'cd' command to navigate to the "bin" directory in the new directory you uncompressed earlier.
For example:  cd c:\Users\<username>\Downloads\pan-python-x.x.x\bin

Step 5:  Generate an API key for a firewall
When connecting to the PAN-OS API, the connection must include an API key that the firewall uses to authenticate the connection as coming from a specific administrator.  In this example, we will generate the API key for the default admin user.

Run this command in a terminal to generate an API Key for the admin user.  In this example, the firewall's management IP is and the firewall credentials are username admin and password admin.

python -h -l admin:admin -k

keygen: success


Record the outputted API key.  It will be used in all subsequent API calls.

Step 6:  Make a few API calls
The API has many capabilities including the ability to pull statistical data, modify the configuration, and retrieve logs, reports, and pcaps.  Here are a few example API calls you can test on any firewall.  In each API call, you pass the script the API key, an action type, and a command or xpath that tells the firewall what to retrieve or do.

Example 1:  Get interface statistics

python -h -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -x -o "<show><counter><interface>ethernet1/1</interface></counter></show>"

Example 2:  Get the firewall's hostname

python -h -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -xr -s "/config/devices/entry/deviceconfig/system/hostname"

Example 3:  Get all address objects

python -h -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -xr -s "/config/devices/entry/vsys/entry/address"

Example 4:  Create a new address object called 'testobject' with the IP

python -h -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -xr -S "<ip-netmask></ip-netmask>" "/config/devices/entry/vsys/entry/address/entry[@name='testobject']"

Example 5:  Commit

python -h -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -xr --sync -C "<commit></commit>"

Step 7:  Learn more

  • See the links in the Additional Information section. 
  • Post questions or engage in discussion in the API discussion area of the LIVEcommunity.

Additional Information

  • Print
  • Copy Link

Choose Language