This article serves as a home for frequently asked questions about the WildFire API.
1. What happens when you reach the daily upload remaining value?
When the max value for the daily upload limit is reached, future uploads/queries (depending on which limit is hit) are blocked, and responded to with a "Quota Exceeded" error by the WildFire cloud.
2. If the daily upload/query limit values are not consumed, do they get carried over to the next day?
No. The numbers reset every day at 5PM Pacific.
3. Is there any email notification when an API key upload/query limit is about to be reached?
No. This could feasibly be implemented in usage of the API by keeping track of submissions in the client side code, and clearing the value at 5PM Pacific, daily.
4. When integrating WildFire API key with Carbon Black (Bit9), do these submissions count against the daily upload limit?
5. When integrating WildFire API key with Proof Point, do these submissions count against the daily upload limit?
They do not; Proof Point's integration is custom, and as such, submissions via this method do not count towards the daily limit value.
6. Does the firewall to WildFire Cloud communication(uploads/queries) count against the API key usage?
No. Firewall<>Wildfire communication is not affected by WildFire API key limits
7. How are manual uploads accounted for?
Each manual upload to the Wildfire Portal counts against the WildFire API key upload limit.
8. What does "manual upload limit:5" in the WildFire Portal mean?
For users without a wildfire license, they are limited to 5 manual uploads to the WildFire Portal per day.
9. How many Uploads/Queries can be done by using WildFire API key per day?
- Daily Upload limit: 1000
- Daily Query limit: 10000
- Daily Upload limit: 1000000
- Daily Query limit: 1000000
10. How is the daily limit consumed?
The daily limit is consumed when request is made using API. It's counted by request basis, meaning that if the same request is made multiple times by using API, the number of requests will be consumed and be minus from the limit. This happens even if there's no valid response for the request. For example, API key is consumed even if a query is made for a hash which report doesn't exist on the WildFire cloud. In the same manner, if unsupported file is attempted to upload to the cloud manually, the file isn't uploaded but API key is consumed.
11. How is WildFire API Key generated?
WildFire API key is generated per company accout (not per Firewall device nor per WildFire subscription). Basically there should be only one API key for one account.
When WildFire subscription is activated at the first time, API key will be generated immediately and automatically. If a firewall device is transferred from one account to another account and if the device has WildFire subscription then the WildFire API key will NOT be generated automatically. In this case, customer can contact Palo Alto Networks support and request to generate WildFire API key.
12. How is WildFire API Key expiration date updated?
When there're more than one firewall devices that have WildFire subscription under an account, the max expiration date among all WildFire subscriptions is taken and reflected to WildFire API Key expiration date. When the WildFire subscription is renewed, WildFire API Key expiration date is updated. In the renewal process, WildFire API Key itself will not change, in other words, new API Key is not regenerated upon renewal.
If a firewall device is transferred from one account to another account, WildFire API Key expiration date is NOT updated. In this case, customer can contact Palo Alto Networks support and request to update WildFire API key expiration date.
13. My Traps API key is not visible in the WildFire portal, why?
This is expected behavior - the WildFire API key for Traps is not visible in the Wildfire Portal > Account view.
To view/modify your Traps Wildfire API key, please navigate to the “Settings” tab in your ESM console.