: Generate Your OAuth Client Credentials
Focus
Focus

Generate Your OAuth Client Credentials

Table of Contents
End-of-Life (EoL)

Generate Your OAuth Client Credentials

Learn how generate your API OAuth credentials.
Palo Alto Networks uses OAuth 2.0 to limit access to the Software NGFW Credit AP. To use Software NGFW Credit API to manage your deployment profiles, you must first generate OAuth credentials–client ID and secret key–on the Palo Alto Networks CSP. The client ID and secret key are required to make API calls to the Palo Alto Networks licensing server.
If the option to generate the client credentials does not appear in the CSP, contact your sales representative.
  1. Log in to the CSP.
  2. Select Account ManagementOAuth API Management.
  3. Select the fwflex-service scope.
  4. Click Create OAuth Credentials.
  5. Copy your Client ID and Secret Key. Save your secret key in a safe place. You will not be able to retrieve the secret key again.

Generate Your OAuth Token

After generating your OAuth credentials, you must generate a unique OAuth token associated with your CSP account. This token acts as the bearer token in the request header of http request. Use the Client ID and Secret Key you generated on the CSP.
Header Parameters: token
Request Body Parameters: yourClientId, yourSecret,
Request Method: POST
URL: https://identity.paloaltonetworks.com/as/token.oauth2
Sample API request:
curl --location 'https://identity.paloaltonetworks.com/as/token.oauth2' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_secret=yourSecret' \ --data-urlencode 'client_id=yourClientId' \ --data-urlencode 'scope=fwflex-service' \ --data-urlencode 'grant_type=client_credentials'
Sample API response:
{ "access_token": "your-token-for-api-use", "token_type": "Bearer", "expires_in": 3599 }