Get a WildFire Verdict (WildFire API)

Use the /get/verdict resource to get a WildFire verdict for a sample based on the MD5 or SHA-256 hash.
When requesting multiple WildFire verdicts, use the /get/verdicts resource to reduce the number of requests that count toward your daily limit. Learn how to Get Multiple WildFire Verdicts (WildFire API) and learn about request limits as part of WildFire API Access Control.

Resource

/get/verdict/
Code copied to clipboard
Unable to copy due to lack of browser support.

Request Parameters

Use the following form parameters when requesting a WildFire verdict for a sample:
Parameters
Description
Example
apikey
Code copied to clipboard
Unable to copy due to lack of browser support.
(Required) API key
Example:
apikey=b0e0e395614d46170ee7498452967c71
Code copied to clipboard
Unable to copy due to lack of browser support.
hash
Code copied to clipboard
Unable to copy due to lack of browser support.
(Required) MD5 or SHA-256 hash value of the sample
Example:
hash=afe6b95ad95bc689c356f34
	ec8d9094c495e4af57c932ac413b65ef132063acc------
Code copied to clipboard
Unable to copy due to lack of browser support.

Example Request

Make a POST request to the /get/verdict resource and include the API key along with the MD5 or SHA-256 hash value of the sample, similar to the following cURL command:
curl -F 'apikey=b0e0e395614d46170ee7498452967c71'
-F 'hash=afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc' 'https://wildfire.paloaltonetworks.com/publicapi/get/verdict'
Code copied to clipboard
Unable to copy due to lack of browser support.
The XML response contains the WildFire verdict along with the related hash values:
<wildfire> 
    <get-verdict-info> 
        <sha256>afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc</sha256> 
        <verdict>1</verdict> 
        <md5>0e4e3c2d84a9bc726a50b3c91346fbb1</md5> 
    </get-verdict-info> 
</wildfire> 
Code copied to clipboard
Unable to copy due to lack of browser support.
The verdict element value can be one of the following:
  • 0: benign
  • 1: malware
  • 2: grayware
  • 4: phishing
  • -100: pending, the sample exists, but there is currently no verdict
  • -101: error
  • -102: unknown, cannot find sample record in the database
  • -103: invalid hash value
When sending an invalid hash value, an HTTP 421 status is returned.

Related Documentation