Generate an API Access Key in Prisma Cloud

Steps for generating an API access key in Prisma Cloud to use in the API integration with Cortex Xpanse.
Before configuring the Prisma Cloud API connector in Cortex Xpanse Expander, you must generate an API access key in Prisma Cloud. While generating the API access key, gather the following information which will be required to create the API connector in Expander:
  • Access Key ID
  • Secret Access Key
  • Prisma Cloud API URL for your tenant
  1. Log into Prisma Cloud CSPM as an Administrator level user.
  2. Select Settings from the left-side menu.
  3. Within Settings, go to
    Account Groups
    and click
    Add Account Group
  4. Name the new account group, and select the cloud accounts that you want to be accessible for this group.
  5. After creating the new Account Group, select
    Access Controls > Roles
    from the left-side menu. Click
    to add a new role.
  6. Give your new role a descriptive
    , select the permissions desired (the Xpanse integration requires a minimum of
    Account Group Read Only
    ) and select your newly created Account Group (from step 4) as the
    Account Group
  7. After creating the new role, go to
    Access Control > Users
    . Click
    and select
    Service Account
  8. Give your new service account a descriptive
    Service Account Name
    and select your newly created role as the assigned
    . Click
  9. On the Access Key Details screen, provide an Access Key Name for the generated access key. We recommend that you do
    Enable Expiration
    for this access key since it will cause the connector to fail in Xpanse when the key expires.
  10. Copy the generated
    Access Key ID
    Secret Access Key
    and keep them secure. You will use these to configure a new API connector within Xpanse.
  11. Find the correct API URL to use by referencing this table.

Recommended For You