Get Started with the PAN-OS REST API
To use the PAN-OS® and Panorama™ REST API, first use
your administrative credentials to get an API key. You can then
use the API key to make API requests.
The PAN-OS REST API covers a subset of the firewall and Panorama
functions, and you’ll need to use the XML API to complete the configuration
and commit your changes.
The API requests in this guide use
cURL commands. However, you
can make API requests with other tools such as
Postman or a
RESTClient.
By default, PAN-OS uses a self-signed certificate, so you will need
to use the -k parameter with cURL requests. Alternatively, you can
replace the self-signed certificate with
one from a trusted certificate authority. If you have an internal
certificate authority, generate your own certificate and install
it on the firewall.
You can use the REST API to Create, Read, Update, Delete (CRUD) Objects and Policies on
the firewalls; you can access the REST API directly on the firewall or use Panorama to
perform these operation on policies and objects from a central location and push them to
the managed firewalls.
The inputs in the PAN-OS REST API generally match the web interface, and you can use the
PAN-OS Web Interface Help to familiarize
yourself with the field properties, descriptions, and supported values for each product.
Reading relevant portions of the
PAN-OS Administrator’s Guide will help you get a better
understanding of firewall capabilities that you can access using the API. To use the
API, you should also be knowledgeable about web service APIs and HTTP.
For performance considerations, limit the number of concurrent API calls to five. The
suggested limit ensures that there is no performance impact to the firewall web
interface as the management plane web server handles requests from both the API and the
web interface. Limits may vary depending on the type of request. The limit may be higher
depending on requests.