>
    Strata Copilot
    Add Your API Client to Data Security
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Data Security Administration
    4. Syslog and API Client Integration on Data Security
    5. API Client Integration on Data Security
    6. Add Your API Client to Data Security
    Download PDF
    SaaS Security

    Add Your API Client to Data Security

    Table of Contents

    Add Your API Client to Data Security

    Follow these steps to generate a client ID and client secret so you can add an API client to Data Security.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Data Security license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    You can configure a third-party API client (for example, Cortex XSOAR) to authenticate to Data Security using an OAuth connection for efficient incident management and remediation. To do so, you must first add an API client on Data Security to retrieve the Client ID and Client Secret that your API client requires for authentication. When you add the API client on Data Security, you specify the incident management and remediation access you want to grant the third-party API client. You can only connect one third-party API client.
    Data Security currently supports one Syslog receiver AND one API client app with access to log data. So, you can use the two protocols and connect SIEM and SOAR software separately. However, Data Security does not support using multiple Syslog receivers or multiple API clients concurrently. Alternatively, if you want to use both Splunk and Cortex XSOAR, directly connect Splunk to Cortex XSOAR using the Splunk integration, and create a Client ID and Client Secret for Cortex XSOAR to directly connect to Data Security.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationSaaS SecuritySettingsDirectory & External ServicesAdd Syslog/API Client.
    3. Choose API Client to register an API client.
    4. Enter a unique Name for the API client.
    5. Authorize the API client for specific Scopes.
      • Log File Access—Access log files. You can either provide this API client log access or add a syslog receiver for this purpose.
      • Incident Management—Retrieve and change incident status.
      • Quarantine ManagementQuarantine assets and restore quarantined assets.
      • Violation Management
      • Posture Management
      You use these scopes in the POST request to the /oauth/token endpoint.
    6. Save your changes to grant Data Security the ability to generate and display a Client ID and a Client Secret.
      Immediately record the Client Secret that displays. After dismissal, you cannot access the Client Secret again. Configure your API client with the Client ID and Client Secret to authenticate your API client to Data Security.
    7. (Optional) To delete a client, select ActionsDelete.

    © 2026 Palo Alto Networks, Inc. All rights reserved.