Focus

Prisma Access

Third-Party Device-ID APIs

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Select a Document
- 6.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Activation & Onboarding
Administration
Select a Document
- 4.0 & Later
- Prisma Access China
Integrations
Incidents & Alerts

Configure Third-Party Device-ID in Prisma Access

Update Verdicts

Third-Party Device-ID APIs

Use APIs to manage the IP address-to-device mappings of devices in your network.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama)	Prisma Access license Device Security license

After you have onboarded to the Third-Party Device-ID service using the Cloud Identity Engine user interface, you can use these APIs to manage the verdicts, or IP address-to-device mappings, detected in your network and stored in the Third-Party Device-ID service. These mappings tell Prisma Access which attributes belong to a device with a particular IP address so that you can define a Security policy that targets devices with specific attributes.

These APIs don't directly access the data stored in your Cloud Identity Engine tenant. Rather, the APIs interact with the IP address-to-device mappings in the Third-Party Device-ID service, which shares those mappings with Cloud Identity Engine.

The Third-Party Device-ID APIs use a certificate, an API key, and a base URL for API requests. To authenticate Third-Party Device-ID API requests, you must use the signed certificate and API token you obtained during onboarding in the Cloud Identity Engine user interface.

When you have a certificate and an API key, you can make requests against the Third-Party Device-ID service.

There are two methods to retrieve data using the API.

Put the apiKey in the header. Palo Alto Networks recommends that you use this method of retrieval for the API and new
The <production-endpoint> variable depends on the location of the device being queried. For devices in the EU, use https://eu.device-identity-broker.services-edge.paloaltonetworks.com. For devices in the United States, use https://us.device-identity-broker.services-edge.paloaltonetworks.com.
Example:
```
curl --cert <cert-file> --key <key-file> 'https://<production-endpoint>/api/v1/token/verdicts?pageLen=1' -X GET -H "apiKey: <apiKey>"
```
Put the apiKey in the path of the URI.

This legacy method is being deprecated. Palo Alto Networks recommends putting the apiKey in the header.

Example:
```
curl  --cert <cert-file> --key <key-file>'https://<production-endpoint>/api/v1/token/<apiKey>/verdicts?pageLen=1' -X GET
```

Configure Third-Party Device-ID in Prisma Access

Update Verdicts

Prisma Access Docs

Third-Party Device-ID APIs

Prisma Access Docs

Third-Party Device-ID APIs

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner

Translated Documents