>
    Authentication Errors
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Syslog and API Client Integration on Data Security
    4. API Client Integration on Data Security
    5. Authentication Errors
    Download PDF
    SaaS Security

    Authentication Errors

    Table of Contents

    Authentication Errors

    View examples of authentication errors you may encounter when retrieving a token for Data Security.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Strata Cloud Manager)
    • Data Security license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA

    No Basic Auth Header

    Not including the basic auth header when retrieving a token results in a 401 response. To try again, see Retrieve a Token.
    All requests must use the region-specific host. The examples below use AMER region.
    • Example Request
      $ curl 'https://api.aperture.paloaltonetworks.com/oauth/token' -i -X POST -H 'Accept: 
application/json' -H 'Content-Type: application/x-www-form-urlencoded; charset=ISO- 
8859-1' -d 'grant_type=client_credentials&scope=api_access'
    • Example Request Body
      POST /oauth/token HTTP/1.1 
Accept: application/json 
Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1 
Host: api.aperture.paloaltonetworks.com 
 
grant_type=client_credentials&scope=api_access
    • Example Response
      HTTP/1.1 401 Unauthorized 
 
{ 
"error" : "unauthorized", 
"resolution" : "Please submit valid credentials.", 
"error_description" : "Invalid credentials" 
}

    Invalid Credentials

    Providing invalid credentials will result in a 401 response. To try again, see Retrieve a Token
    All requests must use the region-specific host. The examples below use AMER region.
    • Example Request
      $ curl 'https://api.aperture.paloaltonetworks.com/oauth/token' -i -X POST -H 'Accept: 
application/json' -H 'Content-Type: application/x-www-form-urlencoded; charset=ISO- 
8859-1' -d 'grant_type=client_credentials&scope=api_access'
    • Example Request Body
      POST /oauth/token HTTP/1.1 
Accept: application/json 
Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1 
Host: api.aperture.paloaltonetworks.com 
 
grant_type=client_credentials&scope=api_access
    • Example Response
      HTTP/1.1 401 Unauthorized 
 
{ 
"error" : "unauthorized", 
"resolution" : "Please submit valid credentials.", 
"error_description" : "Invalid credentials" 
}

    Token Expiration

    Performing a request with an expired token results in a 401 response. To try again, see Retrieve a Token.
    All requests must use the region-specific host. The examples below use AMER region.
    • Example Request Body
      POST /oauth/token HTTP/1.1 
Accept: application/json 
Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1 
Host: api.aperture.paloaltonetworks.com 
 
grant_type=client_credentials&scope=api_access
    • Example Response
      HTTP/1.1 401 Unauthorized 
 
{ 
"error": "invalid_token", 
"resolution": "Please retrieve a new token.", 
"error_description": "Authentication token was invalid." 
}

    © 2025 Palo Alto Networks, Inc. All rights reserved.