To use the API, you must generate the API
key required for authenticating API calls.
Then, when you
use this API key in your request, you can either provide the URL
encoded API key in the request URL, or use the custom X-PAN-KEY:
<key> parameter to add the key as a name-value pair in the HTTP
header.
If you have an existing key and generate another
key for the same user, all existing sessions will end for the user
and previous API sessions will be deleted. If the cookie for the
request doesn’t exist but you make subsequent requests, configuration
logs will show the user as unknown.
To generate an API key, make a GET or POST request
to the firewall’s hostname or IP addresses using the administrative
credentials and
type=keygen
:
curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'
Code copied to clipboard
Unable to copy due to lack of browser support.
or
curl -k -X POST 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'
You can
revoke all currently valid
API keys, in the event one or more keys are compromised. To change
an API key associated with an administrator account
change the password associated
with the administrator account. API keys that were generated
before you expired all keys, or a key that was created using the
previous credentials will no longer be valid.
If
you use Panorama to manage your firewalls, Panorama and all of the
firewalls that it manages must have the
same master key.
