Generate Client Credentials

Self-service client credentials enable Cortex® Xpanse™ Expander administrators to generate and revoke API credentials.
Cortex® Xpanse™ is moving away from refresh tokens for API access credentials and implementing the OAuth2.0 standard client credentials grant type. Self-service client credentials are currently supported for the Cortex Xpanse SDK and custom integrations. You are not required to use client credentials at this time, but it is recommended. Support for client credentials for Cortex Xpanse-built integrations will be added in a future release. We will notify you when your Cortex Xpanse integration is ready for use with client credentials.
Self-service client credentials enable Cortex® Xpanse™ Expander administrators to generate and revoke API credentials within the Expander UI. These credentials can be used for any API-related application, including the following:
  • Use of the Xpanse SDK
  • Use of custom integrations or scripts
  • Use of Xpanse integrations (Client credential support to be added in an upcoming release.)
To get started with self-service client credentials you must be an Expander administrator or reach out to your Cortex Xpanse CSM for access. There are two levels of permission associated with this feature:
  1. Individual client credentials permission
    — Allows you to create and revoke your own Cortex Xpanse client credentials.
  2. Administrator client credentials permission
    — Allows you to create and revoke your own Cortex Xpanse client credentials, and also view and revoke client credentials created by other users from your organization.
If you are unsure whether you have the necessary permission for generating client credentials, navigate to the
Settings
tab in Expander and look for the
Client Credentials
option in the left navigation pane.
  1. Navigate to the
    Settings
    tab, and select
    Client Credentials
    in the left navigation pane.
    In the Client Credentials window, you will see the list of credentials that you previously created. If you have administrator-level client credentials permission, you will also see credentials that were generated by other users in your organization
  2. Click
    Generate Credentials
    .
    Note that each user is limited to 10 client credentials at any one time.
    The
    Client Credentials/Add New
    window opens.
  3. Enter a
    Client Name
    .
    Client names must be all lowercase. Your client name will be automatically prefixed with “xpanse_expander_”.
  4. Enter a
    Description
    that will provide additional context for yourself and other administrators in your organization regarding the purpose of this credential.
  5. Click
    Generate credentials
    .
    The Client Identifier and Client Secret will be displayed.
  6. Copy and securely store both the Client Identifier and Client Secret.
    You will not be given another opportunity to retrieve the Client Secret, and Cortex Xpanse has no access to the Client Secret. Be sure to follow your organizational policies with respect to the storage and use of your new credentials.
    If you misplace or lose your Client Secret, a new client credential must be generated. Cortex Xpanse has no way to retrieve your Client Secret.
You can now use your Cortex Xpanse client credential. For information about using your credentials with an Xpanse-supported integration, see the corresponding integration guide on the Palo Alto Networks Technology Partner portal.. For more information about using your credentials with the Xpanse SDK or a custom integration, see the Cortex Xpanse developer documentation.
If you want to revoke a Cortex Xpanse client credential, see Revoke Client Credentials.

Recommended For You