After you have onboarded to the Third-Party Device-ID service using the Cloud Identity Engine user interface, you can use these APIs to manage the verdicts, or IP address-to-device mappings, detected in your network and stored in the Third-Party Device-ID service. These mappings tell Prisma Access which attributes belong to a device with a particular IP address so that you can define Security policy that targets devices with specific attributes.

These APIs don't directly access the data stored in your Cloud Identity Engine tenant. Rather, the APIs interact with the IP address-to-device mappings in the Third-Party Device-ID service, which shares those mappings with Cloud Identity Engine.

The Third-Party Device-ID APIs use a certificate, an API key, and a base URL for API requests. To authenticate Third-Party Device-ID API requests, you must use the signed certificate and API token you obtained during onboarding in the Cloud Identity Engine user interface.

When you have a certificate and an API key, you can make requests against the Third-Party Device-ID service. Provide the certificate with its public key, the API key, and the base URL in each request. Example:

curl --cert onida1.crt --key onida.key "https://device-identity-broker-beta.service-edge.panservicetest.com/:443/api/v1/token/{apiKey}/verdicts"