Strata Copilot
    WildFire API Reference
    : Advanced WildFire Cloud API Migration
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire API Reference
    4. Get Started with the WildFire API
    5. WildFire API Key Authentication
    6. Advanced WildFire Cloud API Migration
    Download PDF

    WildFire API Reference

    Advanced WildFire Cloud API Migration

    Table of Contents

    Advanced WildFire Cloud API Migration

    Palo Alto Networks is transitioning the Advanced WildFire cloud API infrastructure to a token-based authentication model using the TSG-ID (Tenant Service Group ID) identity standard, which provides stronger security and enhanced tenant isolation. If you currently use legacy, CSP-ID based WildFire API keys, you can use the migration workflow to bind your existing keys to service accounts and transition to this new token format. To ensure minimal operational disruption, existing Advanced WildFire customers are provided a period to gracefully transition your API workflows. During this time, your current legacy WildFire API keys will continue to function normally. Please note that after this period concludes, all customers must adopt token-based authentication for any communication with the Advanced WildFire API backend infrastructure systems.
    Palo Alto Networks recommends migrating all of your previously generated WildFire API keys as a single batch effort to minimize interruptions to your existing admin and developer workflows. You may experience the service changes during this process:
    • Minimize the duration of the migration window to prevent the temporary loss of sample and PCAP download capabilities for specific keys.
    • Continue submitting samples as usual, as the submission process remains entirely unaffected throughout the migration period.
    • Expect a full restoration of all functions immediately upon completion, including access to any samples submitted while the migration was in progress.
    1. You can access the dedicated Advanced WildFire Settings by selecting Strata Cloud ManagerConfigurationWildFire Setting.
    2. If you have previously generated WildFire API keys, you can migrate the keys to the newer WildFire token-based authentication arrangement.
      This option is not available if there are no available or valid WildFire API keys that can be migrated.
      1. Select Start Migration to open the Migrate API Key dialog.
      2. Select the WildFire API keys that you want to migrate to use WildFire token-based authentication and select Next.
      3. For each selected WildFire API key designated for migration, you must select a valid service account. For general information about Identity and Access, refer to: Common Services: Identity and Access.
      4. Migrate after assigning service accounts for all selected API keys.
      5. Verify that the migrated WildFire API keys are present. The migrated keys display in the Keys List and indicates a Status of Valid.
    3. Apply Change to save the configuration.

    © 2026 Palo Alto Networks, Inc. All rights reserved.