Cortex XDR API Limit

cancel
Showing results for 
Search instead for 
Did you mean: 

Cortex XDR API Limit

L0 Member

I'm trying to retrieve incidents on the Cortex XDR API but, after a few tests I'm getting 401 Unauthorized errors on the same key it worked a few requests before. Is there any "request limit" on API keys or accounts? 

 

Regards

3 REPLIES 3

L1 Bithead

Did you ever figure this out? Facing same issue...{"reply": {"err_code": 401, "err_msg": "Public API request unauthorized", "err_extra": null}}

Hi There,

 

Can you please let me know the api you have been using which you queried? Each API is well documented and defines the limit on the API call.

Please refer to the documentation of Cortex XDR API below:

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/endpoint-manageme...

For example in the description of Get Endpoint you have a limitation of 100 endpoints only. You can design the call in such away that you can send the only a set of 100 endpoints in 2-5 seconds. This does the trick for us.

 

Thanks

 

ks

L0 Member

I ran into this as well. For me, the fix was updating the API_KEY_ID that was in the headers. That was mismatched with the value found in the ID column under API Keys.

 

curl -X POST https://api-{fqdn}/public_api/v1/endpoints/delete/ \

-H "x-xdr-auth-id:{API_KEY_ID}" \

-H "Authorization:{API_KEY}" \

-H "Content-Type:application/json" \

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!