API Keys

Choose language for code snippet

Python Php Go

In this section we present a workflow example to migrate a third party vendor configuration into a PANOS configuration. This code can be found at the following link:

https://conversionupdates.paloaltonetworks.com/expedition2/examples/workflows.zip

Generating Expedition API Keys#

In general, all the API calls to Expedition require user authentication, in order to validate the level of user rights to perform specific API calls. This is done through the use of API keys. The first step is to log into Expedition and retrieve an API key that would offer us access to later API calls.

As shown in Snippet 1, defines the Expedition IP to connect (ip variable), credentials to be used for authentication (credentials) and the URL to access the login route (url).

Once those variables have been provided, creates and establishes an SSL connection (curl) to Expedition to make a request to the login URL with the specified credentials, and collects the response from the server into the response variable.

Expedition API responses are in JSON format. In the case of a login API call, in the content section we will obtain an API key (apikey) and a CSRF Token (csrfToken). The first can be used for API consumption in scripts, while the second is intended for HTTPS Web UI requests. While the API key has an expiration time of 1 month and extends its validity time on every login (it may change in the future), a CSRF Token has a shorter validity and gets regenerated for each login call.

We collect the api_key by accessing the corresponding JSON element and remove the surrounding quotes to access the API key string and format it for future authenticated API calls.

info

This authentication credentials are later prepared in a hed variable that we will attach into the headers of the API calls we send in the future.

API syntax for Login to Expedition:

MethodEndPointParametersExample Value
POSThttps://<YourExpeditionIP>/api/v1/loginusername, password{"username":"admin", "password":"paloalto"}
import json
import sys
import argparse
import requests
from time import sleep
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
print('LOGIN')
ip="127.0.0.1" #your Expedition IP reachable from the Script execution machine
user="admin"
password="paloalto"
url = 'https://'+ip+'/api/v1/login'
credentials = {"username":user, "password":password}
r = requests.post(url, data=credentials, verify=False)
response=r.json()
apiKey = json.dumps(response['Contents']['response']['data']['content']['api_key'])
auth_token = apiKey[1:-1]
print(auth_token)
print('')
hed = {'Authorization': 'Bearer ' + auth_token}
Last updated on by lynn chiang