API Results browser versus cURL

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

API Results browser versus cURL

L1 Bithead

Hi all,

I'm trying to setup automatic config backups via the API per this article:

https://live.paloaltonetworks.com/docs/DOC-1714

I use a command like this to get my key:

https://pan-firewall.example.com/esp/restapi.esp?type=keygen&user=jmesser&password=notmypassword

And then use the key in this command to get the config:

https://pan-firewall.example.com/esp/restapi.esp?type=config&action=show&key=abcde-random-bunch-of-l...

I have superuser permissions and these commands work great in my browser. I've tested both Chrome and Firefox. I get the key no problem and the config comes up without issue. Slick. But what I can't figure out is that when I use cURL or wget instead of the browser I get a 403 "User not authorized to perform this operation" error. The command I use is simply:

curl --insecure <the_URLs_above>

Anybody know why the browser would work but not cURL? I just can't think why they would be different.

Thanks,

Chris

3 REPLIES 3

L3 Networker

What is the PAN-OS version?

In 4.0 the user must be superuser.

In 4.1 the user can be superreader, though I recall it not working in early 4.1.x versions.  superreader works for me with action=show using 4.1.6.

I'm running 4.1.6 and am using a superuser account. It works fine with a browser. Just not from the command line.

you might run 'tail follow yes mp-log appWeb.log' in the CLI then do a request with browser then

curl and compare the logs.  In particular the line with the key to see if there is a difference:

panPhpSymbolLookupInArray(pan_php.c:197): panPhpSymbolLookupInArray, _REQUEST[key] = kxA5lTLW3OoJ5E/8KCLRfplJvALJ1cAJufitTERVxpY=

  • 2456 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!