WildFire API Reference
  • WildFire API Reference
  • All Documentation
WildFire API Reference
: Submit a Remote File to WildFire (API)
Focus
Download PDF
Focus
  1. Home
  2. WildFire
  3. WildFire API Reference
  4. Submit Files and Links through the WildFire API
  5. Submit a Remote File to WildFire (API)
Download PDF

WildFire API Reference

Submit a Remote File to WildFire (API)

Table of Contents

Submit a Remote File to WildFire (API)

Submit a supported file type on a website for WildFire analysis. Use this resource for files hosted remotely and not website URLs.
  • The /submit/url resource is not available on the WildFire appliance.
  • When submitting supported script files, you must specify an accurate filename using the context parameter, otherwise WildFire is unable to parse the file and returns a 418 Unsupported File Type response.

Resource

/submit/url/

Request Parameters

Use the following form parameters when you submit a single file for WildFire analysis:
Parameters
Description
Example
 
apikey
( Required) API key
Example:
apikey=<API KEY>
agent
(Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys) Designates the API key type
Example:
agent=pcc
Options include:
  • pcc—for use with Prisma Cloud Compute-based WildFire public API keys
  • prismaaccessapi—for use with Prisma Access-based WildFire public API keys
url
( Required) Remote file URL path
Example:
url=http://www.pdf995.com/samples/pdf.pdf
context
(Required for script, ASP/ASPX, and XML/HTML filetype submissions) Specify the filename of the sample.
The following file types are supported:
  • JScript (.js)
  • VBScript (.vbs)
  • PowerShell (.ps1)
  • Shell Script (.sh)
  • Perl Script (.pl)
  • Batch files (.bat)
  • Comma-separated files (.csv)
  • Symbolic Link (.slk)
  • Internet Query (.iqy)
  • Script (.cmd)
  • HTML Application (.hta)
  • Python (.py, .pyc)
  • Markup Language (.html, .xml)
  • ASP.NET (.asp, .aspx)
context=<base64 encoded
json string>
Example:
context=eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0=
Whereby eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0= is decoded to the following JSON string: {"filename": "test.sh"}

Example Request 1

Make a POST request to the /submit/url resource and include the API key along with the URL file path to analyze, as shown in the following cURL command:
curl
-F 'apikey=<API KEY>' -F 'url=http://www.pdf995.com/samples/pdf.pdf'
'https://wildfire.paloaltonetworks.com/publicapi/submit/url'
The XML response contains the URL of the file along with the SHA256 and MD5 hash:
<wildfire>
				<upload-file-info>
				<url>http://www.pdf995.com/samples/pdf.pdf</url>
				<filetype>Adobe PDF document</filetype>
				<filename></filename>
				<sha256>857b6bb4c61fc81eee716b4cada4902f0ad73b1daa9a1fb75e005b38e62800b4</sha256>
				<md5>a4b5f81544801fa2b6007bd5046f1d73</md5>
				<size>312819</size>
				</upload-file-info>
				</wildfire>

Example Request 2

Make a POST request to the /submit/url resource and include the API key, the URL script file path to analyze, as well as the context (the filename) in a base64 encoded json string format, as shown in the following cURL command:
curl -F 'apikey=<API KEY>'
-F 'url=https://www.testserver/test.sh’ -F context=’eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0=' https://wildfire.paloaltonetworks.com/publicapi/submit/url
The XML response contains the URL of the file along with the SHA256 and MD5 hash:

				<wildfire>
				<upload-file-info>
				<url>https://testserver/test.sh</url>
				<filetype>Shell</filetype>
				<filename></filename>
				<sha256>dbc2aa04c02e06e61f3acdba528bb1536ccbb1758a29dc8d25438c2d3ce07e7d</sha256>
				<md5>b0cfc14687e42e2236db247f5c7d861a</md5>
				<size>10740</size>
				</upload-file-info>
				</wildfire>

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.