https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/advanced-authentication-cortex-api/m-p/1244579#M8933 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/110844">@ianatgrafton</a>&nbsp;,</P> <P>&nbsp;</P> <P>Greetings for the day!</P> <P><BR />Implementing Advanced Authentication for the Cortex Public API requires specific cryptographic logic to prevent replay attacks. While official Knowledge Base articles primarily provide PowerShell examples for Standard authentication, the logic for Advanced authentication is documented in Python and can be translated to PowerShell using .NET classes.</P> <P>&nbsp;</P> <P><STRONG>Advanced Authentication Requirements:</STRONG><BR />Unlike Standard authentication, which passes the raw API key in the Authorization header, Advanced authentication requires a dynamic signature for every request. The following headers are mandatory:</P> <P>&nbsp;</P> <P>x-xdr-auth-id: The API Key ID retrieved from the Cortex XDR console.<BR />x-xdr-timestamp: The current UTC time in milliseconds.<BR />x-xdr-nonce: A unique, randomly generated 64-character alphanumeric string.</P> <P><BR />Authorization: A SHA256 hex digest of the combined string: API_KEY + NONCE + TIMESTAMP.</P> <P>---------</P> <P><BR /><STRONG>General Reference for Standard Auth (PowerShell):</STRONG><BR />For reference, the simpler Standard implementation looks like this:</P> <P>&nbsp;</P> <P>$headers = @{<BR />"x-xdr-auth-id" = "&lt;API_ID&gt;"<BR />"Authorization" = "&lt;API_KEY&gt;" # Note: Raw key, no hashing<BR />}</P> <P>Invoke-RestMethod -Method 'Post' -Uri $url -Headers $headers -Body $jsonBody -ContentType "application/json"</P> <P>&nbsp;</P> <P>Ref Article: (How to make a request to the Cortex XDR API using the PowerShell only)</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGi7CAE" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGi7CAE</A></P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking Like and <STRONG>"Mark this as a Solution".</STRONG><BR /><BR /></P> <P>Thanks &amp; Regards,<BR />S. Subashkar Sekar</P> Wed, 24 Dec 2025 20:43:36 GMT susekar 2025-12-24T20:43:36Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/advanced-authentication-cortex-api/m-p/1243624#M8910 <P>Does anybody have any examples of how they have implemented Advanced Auth for the Cortex API<BR /><BR />I only have PowerShell available examples using that that would be preferred, but I can probably interpret most scripting languages.<BR /><BR />If not examples, maybe links to articles discussing the process to implement it&nbsp;more generally.<BR /><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;</P> Wed, 10 Dec 2025 14:13:41 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/advanced-authentication-cortex-api/m-p/1243624#M8910 ianatgrafton 2025-12-10T14:13:41Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/advanced-authentication-cortex-api/m-p/1244579#M8933 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/110844">@ianatgrafton</a>&nbsp;,</P> <P>&nbsp;</P> <P>Greetings for the day!</P> <P><BR />Implementing Advanced Authentication for the Cortex Public API requires specific cryptographic logic to prevent replay attacks. While official Knowledge Base articles primarily provide PowerShell examples for Standard authentication, the logic for Advanced authentication is documented in Python and can be translated to PowerShell using .NET classes.</P> <P>&nbsp;</P> <P><STRONG>Advanced Authentication Requirements:</STRONG><BR />Unlike Standard authentication, which passes the raw API key in the Authorization header, Advanced authentication requires a dynamic signature for every request. The following headers are mandatory:</P> <P>&nbsp;</P> <P>x-xdr-auth-id: The API Key ID retrieved from the Cortex XDR console.<BR />x-xdr-timestamp: The current UTC time in milliseconds.<BR />x-xdr-nonce: A unique, randomly generated 64-character alphanumeric string.</P> <P><BR />Authorization: A SHA256 hex digest of the combined string: API_KEY + NONCE + TIMESTAMP.</P> <P>---------</P> <P><BR /><STRONG>General Reference for Standard Auth (PowerShell):</STRONG><BR />For reference, the simpler Standard implementation looks like this:</P> <P>&nbsp;</P> <P>$headers = @{<BR />"x-xdr-auth-id" = "&lt;API_ID&gt;"<BR />"Authorization" = "&lt;API_KEY&gt;" # Note: Raw key, no hashing<BR />}</P> <P>Invoke-RestMethod -Method 'Post' -Uri $url -Headers $headers -Body $jsonBody -ContentType "application/json"</P> <P>&nbsp;</P> <P>Ref Article: (How to make a request to the Cortex XDR API using the PowerShell only)</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGi7CAE" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGi7CAE</A></P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking Like and <STRONG>"Mark this as a Solution".</STRONG><BR /><BR /></P> <P>Thanks &amp; Regards,<BR />S. Subashkar Sekar</P> Wed, 24 Dec 2025 20:43:36 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/advanced-authentication-cortex-api/m-p/1244579#M8933 susekar 2025-12-24T20:43:36Z