Strata Copilot
    WildFire API Reference
    : WildFire API Key Authentication
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire API Reference
    4. Get Started with the WildFire API
    5. WildFire API Key Authentication
    Download PDF

    WildFire API Reference

    WildFire API Key Authentication

    Table of Contents

    WildFire API Key Authentication

    Authenticate WildFire API requests using a static API key passed as a form field in the request body.
    Where Can I Use This?What Do I Need?
    • Advanced WildFire public cloud
    • Active WildFire subscription (NGFW, Prisma Access, or standalone WildFire API)
    • Access to the WildFire portal or Palo Alto Networks Customer Support Portal
    Palo Alto Networks is transitioning to token-based API authentication as the primary standard for the WildFire cloud API. API key authentication remains supported during a transitional period but will be fully deprecated. After the cutoff date, only token-based authentication (Bearer tokens) will be accepted. Migrate your workflows to token-based authentication at the earliest opportunity to avoid service disruption.
    WildFire API key authentication uses a static API key passed as a form field (apikey) in the request body to authenticate programmatic requests to the Advanced WildFire cloud. This method ties the key to your CSP-ID (Customer Support Portal identifier) and provides a single shared credential for all API interactions within your account.
    When you make API calls using key-based authentication, you include the API key as a form parameter:
    curl https://wildfire.paloaltonetworks.com/publicapi/submit/file \
  -F apikey=YOUR_API_KEY \
  -F file=@sample.exe
    You can share the same API key within your organization. Your WildFire public cloud API key is assigned when you purchase your WildFire subscription (either firewall-attached or as a standalone WildFire API subscription), Prisma Access, or Prisma Cloud Compute subscription. The key expires when the subscription expiration date is reached. If you have multiple firewalls with WildFire subscriptions, the API key is tied to the subscription that expires last.
    You can retrieve your API key from the WildFire portal or from the Palo Alto Networks Customer Support Portal. You can't delete a WildFire public cloud API key; it only expires. If you need a WildFire public cloud API key removed for security reasons, open a support case.
    To transition your existing API keys to the modern token-based system, use the migration workflow in Strata Cloud Manager.

    © 2026 Palo Alto Networks, Inc. All rights reserved.