Getting Started with the API

Getting Started with the API

31951
Created On 09/25/18 19:30 PM - Last Updated 08/03/20 20:48 PM


Symptom
  • First-time API users to get started and try out the basics of the PAN-OS API
  • Leverage the pan-python SDK to get started with basic examples of API usage


Environment
  • PAN-OS


Resolution

Step 1:  Get python

When installing python on Windows, be sure to enable "Add python.exe to Path"

  • Mac OSX:  Python 2.7.x is already installed.  Go to step 2.
  • Linux:  Python is already installed (usually 2.7.x).  Go to step 2.

 

Step 2:  Get pan-python

Go to https://github.com/kevinsteves/pan-python/releases

  • Windows:  Download the Source Code (.zip)
  • Mac OSX and Linux:  Download pan-python-x.x.x.tar.gz and uncompress the file.

Step 3:  Open a terminal
  • Windows:  Press WinKey+R.  In the Run dialog, type 'cmd' and press enter
  • Mac OSX:  Navigate to Applications -> Utilities -> Terminal
  • Linux:  Most distributions have a terminal program you can run.


Step 4:  Navigate to pan-python in terminal
In the terminal, use the 'cd' command to navigate to the "bin" directory in the new directory you uncompressed earlier.
For example:  cd c:\Users\<username>\Downloads\pan-python-x.x.x\bin

Step 5:  Generate an API key for a firewall
When connecting to the PAN-OS API, the connection must include an API key that the firewall uses to authenticate the connection as coming from a specific administrator.  In this example, we will generate the API key for the default admin user.

Run this command in a terminal to generate an API Key for the admin user.  In this example, the firewall's management IP is 10.1.1.5 and the firewall credentials are username admin and password admin.

python panxapi.py -h 10.1.1.5 -l admin:admin -k

keygen: success

API key:  "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09"


Record the outputted API key.  It will be used in all subsequent API calls.
 

Step 6:  Make a few API calls
The API has many capabilities including the ability to pull statistical data, modify the configuration, and retrieve logs, reports, and pcaps.  Here are a few example API calls you can test on any firewall.  In each API call, you pass the script the API key, an action type, and a command or xpath that tells the firewall what to retrieve or do.

Example 1:  Get interface statistics

python panxapi.py -h 10.1.1.5 -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -x -o "<show><counter><interface>ethernet1/1</interface></counter></show>"
 

Example 2:  Get the firewall's hostname

python panxapi.py -h 10.1.1.5 -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -xr -s "/config/devices/entry/deviceconfig/system/hostname"


Example 3:  Get all address objects

python panxapi.py -h 10.1.1.5 -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -xr -s "/config/devices/entry/vsys/entry/address"
 

Example 4:  Create a new address object called 'testobject' with the IP 5.5.5.5
 

python panxapi.py -h 10.1.1.5 -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -xr -S "<ip-netmask>5.5.5.5</ip-netmask>" "/config/devices/entry/vsys/entry/address/entry[@name='testobject']"
 

Example 5:  Commit

python panxapi.py -h 10.1.1.5 -K "LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09" -xr --sync -C "<commit></commit>"
 

Step 7:  Learn more

  • See the links in the Additional Information section. 
  • Post questions or engage in discussion in the API discussion area of the LIVEcommunity.


Additional Information


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZLCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language