How To Use The CNS REST API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
L2 Linker

By Vinay Kumar M, Senior Staff Engineer 

 

Summary

 

As a Prisma Cloud user, you have access to a specific Prisma Cloud stack. When a user logs in to a stack, it gets a JWT token to access that specific stack.

To access the CNA via the REST API, we need:


1 - A valid JWT token for a given PC stack
2 - Determine the corresponding CNS stack
3- Exchange the JWT token for a Token to access the CNS stack
4 - Make API calls to the CNS stack

 

Procedure

 

Get a JWT for your given Prisma Cloud stack

 

First, you need to get a Prisma Cloud JWT token. For this, you can call the /login endpoint on your Prisma Cloud API URL with your username, password and tenant name.

curl "https://<prisma-api-url>.prismacloud.io/login"" \

 -H "Content-Type: application/json" \

 --data-raw $'{"username":"<your-username>","password":"<your-password>","customerName":"<tenant-name>"}'

{

  "token": "<prisma-token>",

  //…

}

 

As a result, you will receive a token in the response. This is the token we are going to exchange later.

 

Determine the corresponding CNS stack:

 

Given the prisma-api-url you have used above, you will get a CNS stack api url in the corresponding table:

 

If I used the following prisma-api-url

…I will use the following cns-api-url for the exchange

https://api.prismacloud.io

https://api.east-02.network.prismacloud.io

https://api2.prismacloud.io

https://api.east-01.network.prismacloud.io

  Note: Refer to the Internal notes for all the URL mapping.

 

Exchange the JWT token for a Token to access the CNS stack

 

From the PC Token, you can ask the CNS stack to get a new token with a given validity. This token will be called cns-token and can be used to make calls to the Cloud Network Analyzer.

curl 'https://<cns-api-url>/issue'; \

 -H "Content-Type: application/json" \

 -d '

 {

   "metadata": {

       "token": "<prisma-token>"

   },

   "realm": "PCIdentityToken",

   "validity": "24h"

 }'

{

  "token": "<cns-token>"

}

 

Make API calls to the CNS stack

 

Once you have your new JWT token, you can make a search query using the /cnssearches endpoint. You can pass the cns-token in the Authorization header. You should also pass the X-Namespace header which is equivalent to /<prismaID

Note: To find your prismaID, go to the UI → Settings → Licensing and get your prismaID from the License Information.

curl '<cns-api-url>/cnssearches' \

 -H 'x-namespace: /<your-prismaID>' \

 -H 'Authorization: Bearer <cns-token>' \

 -d '

 {

   "query":"<your-rql-query>",

   "timeRange": {

       "type": "to_now",

       "value": "epoch"

   }

 }'

 

Additional Information

 

If I used the following prisma-api-url

…I will use the following cns-api-url for the exchange

https://api.prismacloud.io

https://api.east-02.network.prismacloud.io

https://api2.prismacloud.io

https://api.east-01.network.prismacloud.io

https://api3.prismacloud.io

https://api.west-02.network.prismacloud.io

https://api.eu.prismacloud.io

https://api.app-eu.network.prismacloud.io

https://api.anz.prismacloud.io

https://api.app-anz.network.prismacloud.io

https://api2.eu.prismacloud.io

https://api.app2-eu.network.prismacloud.io

https://api.ca.prismacloud.io

https://api.app-ca.network.prismacloud.io

https://api.sg.prismacloud.io

https://api.app-sg.network.prismacloud.io

https://api4.prismacloud.io 

https://api.app4.network.prismacloud.io

https://api.uk.prismacloud.io 

https://api.app-uk.network.prismacloud.io

https://api.ind.prismacloud.io 

https://api.app-ind.network.prismacloud.io

 

About the Author

Vinay Kumar M is a seasoned professional with over 8 years of invaluable experience in the dynamic realm of cloud computing. As a Senior Staff Engineer, Vinay specializes in navigating the intricate landscape of Prisma Cloud and Compute, showcasing his expertise in ensuring seamless operations for accounts across the Asia-Pacific region.

 

  • 1324 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels
Top Liked Authors