This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Advanced Authentication Cortex API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Advanced Authentication Cortex API

ianatgrafton
L1 Bithead

‎12-10-2025 06:13 AM

Does anybody have any examples of how they have implemented Advanced Auth for the Cortex API

I only have PowerShell available examples using that that would be preferred, but I can probably interpret most scripting languages.

If not examples, maybe links to articles discussing the process to implement it more generally.
Cortex XDR 

Cortex XDR
Thumbnail of Cortex XDR
Palo Alto Networks
Cortex XDR
Security Operations
View on Product Page
0 Likes Likes
1 REPLY 1

susekar
L2 Linker

‎12-24-2025 12:43 PM

Hello @ianatgrafton ,

 

Greetings for the day!


Implementing Advanced Authentication for the Cortex Public API requires specific cryptographic logic to prevent replay attacks. While official Knowledge Base articles primarily provide PowerShell examples for Standard authentication, the logic for Advanced authentication is documented in Python and can be translated to PowerShell using .NET classes.

 

Advanced Authentication Requirements:
Unlike Standard authentication, which passes the raw API key in the Authorization header, Advanced authentication requires a dynamic signature for every request. The following headers are mandatory:

 

x-xdr-auth-id: The API Key ID retrieved from the Cortex XDR console.
x-xdr-timestamp: The current UTC time in milliseconds.
x-xdr-nonce: A unique, randomly generated 64-character alphanumeric string.


Authorization: A SHA256 hex digest of the combined string: API_KEY + NONCE + TIMESTAMP.

---------


General Reference for Standard Auth (PowerShell):
For reference, the simpler Standard implementation looks like this:

 

$headers = @{
"x-xdr-auth-id" = "<API_ID>"
"Authorization" = "<API_KEY>" # Note: Raw key, no hashing
}

Invoke-RestMethod -Method 'Post' -Uri $url -Headers $headers -Body $jsonBody -ContentType "application/json"

 

Ref Article: (How to make a request to the Cortex XDR API using the PowerShell only)

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGi7CAE

 

If you feel this has answered your query, please let us know by clicking Like and "Mark this as a Solution".

Thanks & Regards,
S. Subashkar Sekar

0 Likes Likes
  • 189 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks