Focus

WildFire API Reference

WildFire API Token Authentication Example

Table of Contents

WildFire API Token Authentication Example

Walk through the complete workflow to authenticate and submit a file to the WildFire API using token-based authentication.

Where Can I Use This?	What Do I Need?
Advanced WildFire public cloud	Active WildFire or Advanced WildFire subscription Strata Cloud Manager access with a configured tenant (TSG-ID) A service account with Client ID and Client Secret

This example demonstrates the complete workflow for submitting a file to the WildFire® API using token-based authentication. The same authentication pattern applies to all WildFire API endpoints—submitting files, retrieving verdicts, downloading reports, and getting packet captures.

Create a WildFire API token in Strata Cloud Manager and bind it to a service account. This gives you the Client ID and Client Secret you need to generate access tokens programmatically.

Generate an access token from the Palo Alto Networks authentication service using your service account credentials. The access token is valid for 15 minutes:

curl -X POST https://auth.apps.paloaltonetworks.com/am/oauth2/access_token \
  -u CLIENT_ID:CLIENT_SECRET \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&scope=tsg_id:YOUR_TSG_ID"

The response includes your Bearer token:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 900
}

Submit a file for analysis using the access token in the Authorization header:

curl -X POST https://wildfire.paloaltonetworks.com/publicapi/submit/file \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -F "file=@/path/to/sample.exe"

A successful submission returns file metadata confirming WildFire has queued the sample for analysis:

<wildfire>
    <upload-file-info>
        <url/>
        <filetype>PE</filetype>
        <filename>sample.exe</filename>
        <sha256>275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f</sha256>
        <md5>44d88612fea8a8f36de82e1278abb02f</md5>
        <size>68</size>
    </upload-file-info>
</wildfire>

View your API token usage statistics in Strata Cloud Manager to monitor remaining uploads, queries, and token status across your organization.

If your access token expires during a workflow (after 15 minutes), the API returns an authorization error. Repeat step 2 to generate a new token, then retry the request.

Python script example

The following Python script demonstrates the complete token generation and file submission workflow. Replace the placeholder values with your service account credentials and TSG-ID, then run the script to submit a file for WildFire analysis.

import requests

auth_url = "https://auth.apps.paloaltonetworks.com/am/oauth2/access_token"
submit_url = "https://wildfire.paloaltonetworks.com/publicapi/submit/file"

data = {
    "client_id": "<INSERT CLIENT ID HERE>",
    "client_secret": "<INSERT CLIENT SECRET HERE>",
    "grant_type": "client_credentials",
    "scope": "tsg_id:<INSERT TSG ID HERE>"
}

try:
    print(f"Requesting access token from {auth_url}...")
    response = requests.post(auth_url, data=data)
    response.raise_for_status()
    response_data = response.json()

    token = response_data["access_token"]
    print("Successfully obtained access token.")
    print(f"{token}")

except Exception as e:
    print(f"Error obtaining access token ---> {e}")
    if "response" in locals():
        print(f"Response Body: {response.text}")
    exit(1)

headers = {"Authorization": f"Bearer {token}"}
file_path = "/path/to/sample.exe"

try:
    print(f"Submitting {file_path} to WildFire...")
    with open(file_path, "rb") as f:
        submit_response = requests.post(
            submit_url,
            headers=headers,
            files={"file": f}
        )
    submit_response.raise_for_status()
    print("File submitted successfully.")
    print(submit_response.text)

except Exception as e:
    print(f"Error submitting file ---> {e}")
    if "submit_response" in locals():
        print(f"Response Body: {submit_response.text}")
    exit(1)

Example output:

Requesting access token from https://auth.apps.paloaltonetworks.com/am/oauth2/access_token...
Successfully obtained access token.
eyJ0eXAiOiJKV1QiLCJraWQiOiJyc2Etc2lnbi1wa2NzMS0yMDQ4LXNoYTI1Ni8xIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhMWIyYzNkNC1lNWY2LTc4OTAtYWJjZC1lZjEyMzQ1Njc4OTAiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwic3VibmFtZSI6ImExYjJjM2Q0LWU1ZjYtNzg5MC1hYmNkLWVmMTIzNDU2Nzg5MCIsImlzcyI6Imh0dHBzOi8vYXV0aC5hcHBzLnBhbG9hbHRvbmV0d29ya3MuY29tOjQ0My9hbS9vYXV0aDIiLCJ0b2tlbk5hbWUiOiJhY2Nlc3NfdG9rZW4iLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwiYXVkIjoiZXhhbXBsZS1zdmMtYWNjb3VudEAxMjM0NTY3ODkwLmlhbS5wYW5zZXJ2aWNlYWNjb3VudC5jb20iLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwic2NvcGUiOlsicHJvZmlsZSIsInRzZ19pZDoxMjM0NTY3ODkwIiwiZW1haWwiXSwiZXhwIjoxNzc5MTUyMzkxLCJpYXQiOjE3NzkxNTE0OTEsImV4cGlyZXNfaW4iOjkwMCwidHNnX2lkIjoiMTIzNDU2Nzg5MCJ9.Xk9mR2pLdVhNcWZ0SnlUaWdGbUNwV3BIeUViQXNEdktqTnVPd1J4WnpBYkNkRWZHaElqS2xNbk9wUXJTdFV2V3h5WkFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODk
Submitting /path/to/sample.exe to WildFire...
File submitted successfully.
<wildfire>
    <upload-file-info>
        <url/>
        <filetype>PE</filetype>
        <filename>sample.exe</filename>
        <sha256>275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f</sha256>
        <md5>44d88612fea8a8f36de82e1278abb02f</md5>
        <size>68</size>
    </upload-file-info>
</wildfire>

The access token is a JSON Web Token (JWT) that you can decode at jwt.io to verify the token credentials, including the TSG-ID and service account associated with the token.

View WildFire Cloud API Token Usage Statistics and Details in Strata Cloud Manager

WildFire API Key Authentication