>
    Strata Copilot
    Rest API or Streaming Connection Method
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. AI Red Teaming
    4. Identify AI System Risks with AI Red Teaming
    5. Get Started with Prisma AIRS AI Red Teaming
    6. Targets
    7. Rest API or Streaming Connection Method
    Download PDF
    Prisma AIRS

    Rest API or Streaming Connection Method

    Table of Contents

    Rest API or Streaming Connection Method

    Use Rest API or Streaming connection method for adding targets.
    Use this information in this section to configure a custom method for connecting to the endpoint, either Rest API or Streaming.
    About Custom Connection Methods
    Prisma AIRS AI Red Teaming supports REST and streaming APIs as targets. If you are using a model hosted on Hugging Face or a model served by OpenAI there are pre-configured connection methods also available which will make it easier for you to configure your target.
    If you are adding a REST or Streaming API endpoint, you need to select if it is a public endpoint that can be accessed over the internet or a private endpoint. If you are using a private endpoint, you can select either:
    • IP whitelisting. A static IP address is shown that will be used by AI Red Teaming to access your target. Make a note of this IP address as it will have to be whitelisted by your infrastructure or IT team to be able to access the Target.
    1. After specifying Target Details, set the Connection Method to Rest API or Streaming.
    2. Configure Endpoint Accessibility. This field indicates if your endpoint is Public or Private (secured within a private network).
      1. Select IP Whitelisting and verify the allowable list of IP addresses to your firewall to establish a connection:
      2. Select Network Management to configure private channels for endpoint connectivity. If a network channel was previously configured, it appears as an option in a drop-down menu.
        If channels were previously created, they appear as options in a drop-down menu. Click Go to Network management to create a channel to establish or manage your network channels.
    3. Select Next: Choose Method. Use this page to select whether you want to import a cURL string, or enter the details manually.
      To configure the API request, you can use a cURL to import a sample request, or manually configure the request:
      • Using a cURL to import sample Request. The easiest method to import the request format is to use a cURL string that captures all the necessary headers for your request. Once you click next AI Red Teaming will extract all the necessary information from the cURL string.
      • Manually configure all headers. You can configure the API endpoint and all necessary headers by selecting the Manual Entry option.
      1. Configure the input request JSON based on the requirement of your application. Make sure the value where the user prompt is expected is replaced with {INPUT}. This is the value where AI Red Teaming will add its attack prompts and send to the target application.
        For example, if your cURL string is as follows:
        
curl \
-X POST \
-H "Authorization: <api_token>" \
-H "Content-Type: application/json" \
-d '{
    "messages": [
        {
            "role": "system",
            "content": "You are a helpful assistant."
        },
        {
            "role": "user",
            "content": "<prompt>"
        }
    ],
    "temperature": 0.7
}' \
https://<model_endpoint_url>
        Replace the <prompt> with {INPUT}.
        To accommodate testing with different system prompts and hyperparameters without modifying the original request, the following approach can be implemented:
        • Multiple Targets with Different System Prompts. When testing different system prompts on the same model, you can create multiple target configurations with identical settings except for the system prompt. This allows for direct comparison of the impact of different system prompts while keeping other variables constant.
        • Hyperparameter Testing. For testing other hyperparameters:
            1. Create separate target configurations for each set of hyperparameters you want to test.
            1. Keep all other settings identical across these targets, changing only the specific hyperparameter(s) you're evaluating.
      2. Configure the API Response.
        The easiest way to configure the Response is to first get a sample response from your target and paste the entire JSON here. Then replace the LLM output with {RESPONSE}. This is the value that will be used to determine if the response was a successful attack or a failed attack. For example, if the response structure is as follows:
        
{
  "id": "",
  "object": "chat.completion",
  "created": 1732070187,
  "model": "meta-llama-3.1",
  "choices": [
    {
      "index": 0,
      "message": {
        "role": "assistant",
        "content": "It seems like you haven't provided any input yet. Could you please provide more context or information about what you need help with?"
      },
      "finish_reason": "stop",
      "logprobs": null
    }
  ]
}
        Paste the payload as it and replace the value for the key content with {RESPONSE}, like as follows:
        
{
  "id": "",
  "object": "chat.completion",
  "created": 1732070187,
  "model": "meta-llama-3.1",
  "choices": [
    {
      "index": 0,
      "message": { "role": "assistant", "content": "{RESPONSE}" },
      "finish_reason": "stop",
      "logprobs": null
    }
  ]
}
    4. Select Next: Add/Verify Parameters.
      1. In the Add/Verify Parameters page, enter API Details. This URL represents the API endpoint. For example, https://api.openai.com/v1/chat/completions.
      2. Next, determine if you want to enable HTML Headers. Use this option to enter any custom HTTP headers required for authentication. Once enabled, a list of configured HTML Headers appears. You can delete an existing header, or, click Add New for a new HTML header.
    5. In the Verify & Edit JSON page, specify the JSON structure of the request.
    6. Click Next: Advanced Configurations.
      In the Advanced Configurations page you'll configure Rate Limits and set Guardrails/Content Filters.
    7. Enable Rate Limits for applications on the target endpoint.
      1. Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
      2. Specify the Endpoint Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
      3. Provide a Sample Exception JSON.
    8. Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
      1. Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
      2. Provide a Sample Exception JSON.
    9. Select Add Target.
      Once the target is created you can start a scan, or view previously created targets:

    © 2025 Palo Alto Networks, Inc. All rights reserved.