https://live.paloaltonetworks.com/t5/general-topics/call-api-key-via-invoke-restmethod/m-p/185372#M56728 <P>I finally figured it out...simple (usually is).</P><P>Set a variable in your script that looks for your apikey elsewhere, like:</P><P><STRONG>$apikey = Get-Content "&lt;path_to_file&gt;"</STRONG></P><P>Then, simply make your "key" a variable in the HTTPS request.&nbsp; For example:</P><P>https://hostname/api/?type=config$action=get&amp;xpath=/config&amp;<STRONG>key=$apikey</STRONG></P><P>&nbsp;</P><P>Done.</P><P>&nbsp;</P><P>However, I'm now having other problems with the x-path...back to the drawing board.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 03 Nov 2017 15:22:07 GMT turturici 2017-11-03T15:22:07Z https://live.paloaltonetworks.com/t5/general-topics/call-api-key-via-invoke-restmethod/m-p/185217#M56690 <P>Is Palo Alto's API able to accept GET requests from the PowerShell "invoke-restmethod" cmdlet which have the api key set as a variable?&nbsp; I ask this because I would like to run these requests without embedding my API key in the HTTPS GET request.&nbsp; This does not seem secure to me.&nbsp; Rather, I would like to store the API key elsewhere and have PowerShell call that file to insert the key in to the string, or elsewhere in the request, like in the Authorization header.&nbsp; I've been toying around with this to no avail.&nbsp; I'm wondering if the API can handle this type of request?&nbsp; Has anyone come up against this and prevailed?</P> Thu, 02 Nov 2017 18:08:12 GMT https://live.paloaltonetworks.com/t5/general-topics/call-api-key-via-invoke-restmethod/m-p/185217#M56690 turturici 2017-11-02T18:08:12Z https://live.paloaltonetworks.com/t5/general-topics/call-api-key-via-invoke-restmethod/m-p/185227#M56693 <P>I haven't used it yet, but came across a pan-python module on the api-lab site that uses a .panrc file on the local host to reference a Palo Alto firewall IP and the associated API key.&nbsp; That file is referenced during api calls to pass in the key without specifying it on the command line.</P><P>&nbsp;</P><P>Obviously not Powershell, but may be adaptable.</P><P>&nbsp;</P><P><A href="http://api-lab.paloaltonetworks.com/module-1.html" target="_blank">http://api-lab.paloaltonetworks.com/module-1.html</A></P><P>&nbsp;</P><P>chrislss</P> Thu, 02 Nov 2017 19:05:19 GMT https://live.paloaltonetworks.com/t5/general-topics/call-api-key-via-invoke-restmethod/m-p/185227#M56693 chrislss 2017-11-02T19:05:19Z https://live.paloaltonetworks.com/t5/general-topics/call-api-key-via-invoke-restmethod/m-p/185372#M56728 <P>I finally figured it out...simple (usually is).</P><P>Set a variable in your script that looks for your apikey elsewhere, like:</P><P><STRONG>$apikey = Get-Content "&lt;path_to_file&gt;"</STRONG></P><P>Then, simply make your "key" a variable in the HTTPS request.&nbsp; For example:</P><P>https://hostname/api/?type=config$action=get&amp;xpath=/config&amp;<STRONG>key=$apikey</STRONG></P><P>&nbsp;</P><P>Done.</P><P>&nbsp;</P><P>However, I'm now having other problems with the x-path...back to the drawing board.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 03 Nov 2017 15:22:07 GMT https://live.paloaltonetworks.com/t5/general-topics/call-api-key-via-invoke-restmethod/m-p/185372#M56728 turturici 2017-11-03T15:22:07Z