To use the PAN-OS® and Panorama™ REST API, first use your administrative credentials to get an API key. You can then use the API key to make API requests.

The PAN-OS REST API covers a subset of the firewall and Panorama functions, and you’ll need to use the XML API to complete the configuration and commit your changes.

The API requests in this guide use cURL commands. However, you can make API requests with other tools such as Postman or a RESTClient. By default, PAN-OS uses a self-signed certificate, so you will need to use the -k parameter with cURL requests. Alternatively, you can replace the self-signed certificate with one from a trusted certificate authority. If you have an internal certificate authority, generate your own certificate and install it on the firewall.

You can use the REST API to Create, Read, Update, Delete (CRUD) Objects and Policies on the firewalls; you can access the REST API directly on the firewall or use Panorama to perform these operation on policies and objects from a central location and push them to the managed firewalls.

The inputs in the PAN-OS REST API generally match the web interface, and you can use the PAN-OS Web Interface Help to familiarize yourself with the field properties, descriptions, and supported values for each product. Reading relevant portions of the PAN-OS Administrator’s Guide will help you get a better understanding of firewall capabilities that you can access using the API. To use the API, you should also be knowledgeable about web service APIs and HTTP.

For performance considerations, limit the number of concurrent API calls to five. The suggested limit ensures that there is no performance impact to the firewall web interface as the management plane web server handles requests from both the API and the web interface. Limits may vary depending on the type of request. The limit may be higher depending on requests.