API Results browser versus cURL

L1 Bithead

API Results browser versus cURL

Hi all,

I'm trying to setup automatic config backups via the API per this article:

https://live.paloaltonetworks.com/docs/DOC-1714

I use a command like this to get my key:

https://pan-firewall.example.com/esp/restapi.esp?type=keygen&user=jmesser&password=notmypassword

And then use the key in this command to get the config:

https://pan-firewall.example.com/esp/restapi.esp?type=config&action=show&key=abcde-random-bunch-of-l...

I have superuser permissions and these commands work great in my browser. I've tested both Chrome and Firefox. I get the key no problem and the config comes up without issue. Slick. But what I can't figure out is that when I use cURL or wget instead of the browser I get a 403 "User not authorized to perform this operation" error. The command I use is simply:

curl --insecure <the_URLs_above>

Anybody know why the browser would work but not cURL? I just can't think why they would be different.

Thanks,

Chris

L3 Networker

Re: API Results browser versus cURL

What is the PAN-OS version?

In 4.0 the user must be superuser.

In 4.1 the user can be superreader, though I recall it not working in early 4.1.x versions.  superreader works for me with action=show using 4.1.6.

L1 Bithead

Re: API Results browser versus cURL

I'm running 4.1.6 and am using a superuser account. It works fine with a browser. Just not from the command line.

L3 Networker

Re: API Results browser versus cURL

you might run 'tail follow yes mp-log appWeb.log' in the CLI then do a request with browser then

curl and compare the logs.  In particular the line with the key to see if there is a difference:

panPhpSymbolLookupInArray(pan_php.c:197): panPhpSymbolLookupInArray, _REQUEST[key] = kxA5lTLW3OoJ5E/8KCLRfplJvALJ1cAJufitTERVxpY=

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!