Multi-config Request (API)

Use the XML API to complete multiple configurations in one request.
The PAN-OS XML API provides a mechanism to perform multiple configuration API requests within a single transaction. This can be useful to simplify multi-step API configurations.
Below is an example of how a typical multi-config request is structured:
<multi-config> <action id="action-id" xpath="xpath"> <element-xml> </element-xml> </action> <action2 id="action2-id" xpath="xpath"> <element-xml> </element-xml> </action2> <actionN id="actionN-id" xpath="xpath"> <element-xml> </element-xml> </actionN> </multi-config>
The root element, which is denoted above by the multi-config element above, can be any name. The actions can be any of the listed Actions for Modifying a Configuration except complete. The ID attribute is optional and you can use the ID to identify the specific responses to a single node in the request.
This response corresponds with the example above:
<response status="success" code="20"><response status="success" code="20" id="action-id"><msg>command succeeded</msg></response><response status="success" code="20" id="action2-id"><msg>command succeeded</msg></response></response>
Besides xpath, other attributes are acceptable, for example: newname for the rename action. The request accepts the element-xml document if you can use an element argument for that particular request.
Consider the following when using the multi-config request type:
  • When a request in the multi-config operation fails, no configuration changes are performed.
  • You can add additional measures by adding the parameter
    . When set:
    • When a commit operation is active or a commit is pending, the operation will fail.
    • When there are uncommitted changes for the user performing the operation, they will be rolled back before performing the multi-config operation.


To use the multi-config XML-API, you can URL encode an XML document and send it to the firewall. For example this document is saved as multi-config.xml:
<multi-config> <set id="101" xpath="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address/entry[@name='addr10']"> <ip-netmask></ip-netmask> </set> <set id="102" xpath="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static"> <member>addr10</member> </set> </multi-config>
This file, can be sent using the following cURL request:
$ curl -ku user:pass https://firewall/api -d type=config -d action=multi-config \ > --data-urlencode element@multi-config.xml
A successful response returns:
<response status="success" code="20"><response status="success" code="20" id="101"><msg>command succeeded</msg></response><response status="success" code="20" id="102"><msg>command succeeded</msg></response></response>
If you set the
parameter you may get a different response if there is a commit in progress.
$ curl -ku user:pass https://firewall/api -d type=config -d action=multi-config -d action=multi-config -d strict-transactional=yes\ > --data-urlencode element@multi-config.xml
If you send the above command while another commit is in progress you may receive the following response:
<response status="error" code="15"><msg><line>Commit in Progress or Pending</line></msg></response>

Recommended For You