Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

REST api for updating addresses

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

REST api for updating addresses

L1 Bithead

i'm trying to update a field on an address using the api (switching it from 'ip-netmask' to 'fqdn') i have called this api:

https://10.30.100.31/api/?key=<API_KEY>&type=config&action=edit&xpath=/config/shared/address    as a PUT, and passed in the entry.  the api response is 200.  i then commit the action, and get another 200. 

but the changes aren't reflected in the ui when i check. 

i looked at this page in the documentation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/get-started-with-the-pan-os-rest-a...

and it gives me a completely different api than i have used for anything else ("https://<firewall>/restapi/v10.2/Objects/Addresses" as opposed to "https://<firewall>/api/?key") and that api gives me a 'Not implemented" error when i try it.  

i am able (using the top api) to query the firewalls and get all the data that i need, but i cannot update it.

 

any ideas?

 

1 accepted solution

Accepted Solutions

Hi @MarketAxess,

 

That API call looks like a mixture of the XML API and the REST API. I suggest going to the documentation I linked (link) and reading the differences between the two, and then choosing one. An alternative would be to use either pan-python (thin SDK) or pan-os-python (object-oriented SDK) Python SDKs so you don't have to reinvent the API calls in your own Python code.

 

 

An XML API call to Panorama to edit an address object from IP to FQDN would look something like this:

https://{{host}}/api/?key={{key}}&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='{{device-group-name}}']/address/entry[@name='{{object-name-1}}']&element=<entry name="{{object-name-1}}"><fqdn>{{fqdn-1}}</fqdn></entry>

Docs: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/pan-os-xml-api-request-types/confi...

 

 

A REST API call to Panorama to edit an address object from IP to FQDN would look something like this, with PUT as the method, X-PAN-KEY in the headers:

https://{{host}}/restapi/v10.0/Objects/Addresses?location=device-group&device-group={{device-group-name}}&name={{object-name}}

 and a body like this:

{
    "entry": {
        "@name": "{{object-name-1}}",
        "fqdn": "{{fqdn-1}}"
    }
}

Docs: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/get-started-with-the-pan-os-rest-a...

 

 

Hope that helps!

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

View solution in original post

4 REPLIES 4

L5 Sessionator

Hi @MarketAxess, there are two APIs for PAN-OS; the XML API (broadest coverage) and the REST API (documented on-box at /restapi-doc and has fuller RBAC), ad these two are discussed in the docs: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/about-the-pan-os-xml-api

 

On both your first API query (XML API) and your second API query (REST API) we'd need to see the entire API call and all parameters and JSON body to understand why it did not achieve your objective. If you could clarify if this is Panorama or NGFW direct that would also help.

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

Hello, Jimmy.  thanks for your response.  here's what i have:

 

 

change_call: https://10.30.100.31/api/?key=API_KEY&type=config&action=edit&xpath=/config/shared/address
headers: {'X-PAN-KEY': 'API_KEY'}
data: {'entry': [{'@name': 'QA1ASHSQLDB01_10.31.44.61', 'fqdn': 'qa1ashmfdb01.qad.root', 'description': 'CHG0038490'}]}
change response: Response [200]
commit_call: https://10.30.100.31/api/?key=API_KEY&type=commit&cmd=\<commit\>\</commit\>
commit response: Response [200]

 

 

i am using python to make the calls, using the request object.  the first call is a PUT

response = requests.put(change_call, data=entry,headers=head,verify=Falsetimeout=120)

the second is a GET

resp = requests.get(commit_call, verify=Falsetimeout=120)
 

in debugging, i see this error with the 200 response:

'Invalid target object in edit handler'

 

this is connecting to panorama

 

Hi @MarketAxess,

 

That API call looks like a mixture of the XML API and the REST API. I suggest going to the documentation I linked (link) and reading the differences between the two, and then choosing one. An alternative would be to use either pan-python (thin SDK) or pan-os-python (object-oriented SDK) Python SDKs so you don't have to reinvent the API calls in your own Python code.

 

 

An XML API call to Panorama to edit an address object from IP to FQDN would look something like this:

https://{{host}}/api/?key={{key}}&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='{{device-group-name}}']/address/entry[@name='{{object-name-1}}']&element=<entry name="{{object-name-1}}"><fqdn>{{fqdn-1}}</fqdn></entry>

Docs: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/pan-os-xml-api-request-types/confi...

 

 

A REST API call to Panorama to edit an address object from IP to FQDN would look something like this, with PUT as the method, X-PAN-KEY in the headers:

https://{{host}}/restapi/v10.0/Objects/Addresses?location=device-group&device-group={{device-group-name}}&name={{object-name}}

 and a body like this:

{
    "entry": {
        "@name": "{{object-name-1}}",
        "fqdn": "{{fqdn-1}}"
    }
}

Docs: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-panorama-api/get-started-with-the-pan-os-rest-a...

 

 

Hope that helps!

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

thanks so much.  that was the problem, i was trying to meld the two.  all is working now.

 

  • 1 accepted solution
  • 3287 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!