Strata Copilot
    WildFire API Reference
    : Get Started with the WildFire API
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire API Reference
    4. Get Started with the WildFire API
    Download PDF

    WildFire API Reference

    Get Started with the WildFire API

    Table of Contents

    Get Started with the WildFire API

    Set up token-based authentication and make your first programmatic request to the WildFire API.
    The WildFire® API provides programmatic access to submit files and URLs for malware analysis, retrieve verdicts, download analysis reports, and get packet captures. To get started, you set up authentication credentials in Strata Cloud Manager and use them to make API requests against the WildFire public cloud.
    Follow these steps to make your first WildFire API call using token-based authentication:
    1. Verify your subscription—Confirm you have an active WildFire or Advanced WildFire subscription through NGFW or Prisma Access. Your subscription determines your daily API quota (uploads and queries).
    2. Create a WildFire API token—In Strata Cloud Manager, provision a WildFire API token and bind it to a service account. This gives you the Client ID and Client Secret required for programmatic authentication.
    3. Generate an access token—Use your service account credentials to request a short-lived Bearer token from the Palo Alto Networks authentication service. Access tokens are valid for 15 minutes.
    4. Make an API call—Include the Bearer token in the Authorization header of your request to any WildFire API endpoint. See the token authentication example for a complete walkthrough with sample requests and responses.
    5. Monitor your usageView your API token usage statistics in Strata Cloud Manager to track remaining uploads, queries, and token status.
    If you are migrating from legacy API key authentication, you can migrate your existing keys to token-based authentication through the migration workflow in Strata Cloud Manager.
    WildFire appliance API
    If you operate an on-premises WildFire appliance (WF-500), you can use the WildFire appliance API to submit files for local malware analysis and retrieve verdicts without sending samples to the public cloud. The appliance API uses locally-generated API keys managed through the WildFire CLI—it does not use Strata Cloud Manager or token-based authentication. The TSG-ID migration and portal deprecation described above do not apply to the WildFire appliance API.

    © 2026 Palo Alto Networks, Inc. All rights reserved.