This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Managing Prisma Cloud APIs With Postman

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Managing Prisma Cloud APIs With Postman

RPrasadi
L4 Transporter

‎02-10-2025 01:53 PM - edited ‎02-11-2025 09:15 AM

No ratings

By Tunde Adenugba, Customer Success Engineer

 

Summary

 

This article will cover any gaps in regards to utilizing Postman for managing Prisma Cloud APIs.

 

This would cover the various use cases including Cloud Security for CSPM, Runtime Security for CWP,  Application Security for CAS, and Data Security to cover the DSPM part of Prisma Cloud.

 

Key Objectives

 

Address how one can use the Prisma Cloud APIs with Postman to manage the various parts of Prisma Cloud.

 

  1. Cloud Security
  2. Runtime Security
  3. Application Security
  4. Data Security

 

Introduction

 

What is Postman?

 

Postman is the collaboration platform for API development. Postman simplifies each step of building an API and streamlines collaboration so you can create better APIs faster, you can download the postman community edition here.

 

Why use Postman?

 

Postman is an API client that makes it easy for developers to create, share, test, and document APIs. This is done by allowing users to create and save simple and complex HTTP/s requests and read their responses. The result - More efficient and less tedious work.

 

Why use Prisma Cloud API?

 

Prisma Cloud Cloud Security, Runtime Security, Application Security, and Data Security Posture management all have documented and Supported API endpoints that allow customers to easily use them in getting useful information as required. This can be added as part of a process or pipeline for effective operationalization of the product. It could also be used in gathering information that can be displayed in various dashboards that different teams can consume.

 

How do I use the Prisma Cloud Postman collection?

 

  • Download the Prisma Cloud.postman_collection-012025.json file attached at the bottom of this post[a]
  • Import the postman collection pack

 

image3.png

Figure 1: Postman-Collection-import_PaloAltoNetworks

 

image10.png

Figure 2: Postman-Collection-dropfile-import_PaloAltoNetworks

 

Environmental Variables in Postman?

 

Create your environmental Variable or edit, if importing as part of collections.

 

image2.png

Figure 3: Postman-Environmental-Variables_PaloAltoNetworks

 

NOTE: Do not set the Token yet as we would use a script to auto-populate it, after we use the API endpoint to pull it in the next steps:

The collection when imported should pull a number of these variables, so you may need to only update in step 6. Otherwise, you may have to enter this in manually completing steps 1 to 6.

 

 

API Endpoint : Prisma Cloud Login

Request Type: POST https://api.prismacloud.io/login 

Request body example:

 

{

    "username": "{{ACCESS_KEY}}",

    "password": "{{SECRET_KEY}}"

}

 

Header

 

Here is the API Header for Prisma Cloud (Note: this is different for a CWP endpoint). Here is what it looks like in postman:

 

image8.png

Figure 4: Postman-Prisma-Cloud-Login-API_PaloAltoNetworks

 

{{api-endpoint}} variable will vary depending on the stack you want and hence what you specify in the environmental variable. For example: api2.prismacloud.io represents api2.io stack and api2.eu.prismacloud.io will represent app2.eu stack.

 

Postman script to pull the token from the above Login response into the Environmental variable that can be re-used before expiration.

 

var jsonData = JSON.parse(responseBody);

postman.setEnvironmentVariable("token", jsonData.token);

 

This is defined under Request Scripts in Postman for the above mentioned API Login request with Prisma Cloud Access Key and Secret specified as Request Body. See what it looks like below:

 

image5.png

Figure 5: Postman-Collection-import_PaloAltoNetworks

 

Making yourPrisma Cloud Postman API Request?

 

Follow the below steps if you are looking to make an API Call using postman to Prisma Cloud:

 

Step 1: Identify what platform (CSPM, CWP, CAS, DSPM) and endpoint you are looking to make a request to. In the Prisma Cloud API documentation, they are defined into the following:

Cloud SecurityRuntime SecurityApplication Security, and Data Security Posture Management respectively (See also image in step 2 below).

 

Step 2: Identify in the exported collection (if it already exists) the API endpoint you need to call and use it. You may need to update with relevant additional information.

 

In the below example, a CAS Get Asset request was identified to get data assets from Prisma Cloud. It's important to be mindful of the Required parameters that would need to be passed into the body of the Get Request. It is worth knowing also that there are optional parameters that may be helpful for different use cases.

 

image9.png

Figure 6: Prisma-Cloud-API-Doc_PaloAltoNetworks

 

Step 3: Identify the base API URL, your tenant should point to depending on the Prisma Cloud Stack your tenant is hosted on. Once identified, you could pass this into your environmental variable and replace the base URL as seen in below request:

 

image7.png

Figure 7: Using-Prisma-Variables-in-Postman_PaloAltoNetworks

 

Step 4: Where the desired request does not exist in your collection and you have the Curl command, you can use the same above-mentioned import button to import the request into the the Postman Tool.

 

image11.png

Figure 8: Using-cURL-inPostman_PaloAltoNetworks

 

Step 5: Ensure that your Environmental Variables are linked to your relevant Collection Request.

As seen in the screenshot below, the Get Request for the List User Role API endpoint is using the Prisma Cloud Environmental Variables updated earlier.

 

image4.png

Figure 9: Checking-Prisma-Variables-in-Postmant_PaloAltoNetworks

 

Step 6: Using developer tools when required. Where you have a use case and the endpoint is not documented or part of the imported Prisma Cloud Collection. You may be able to get the endpoint using Developer tolls from your browser. To do this, follow the steps below:

 

  1. Log into Prisma Cloud and locate the endpoint you are looking for. In this use case, the list of Account Groups under Settings / Resource Lists.
  2. Right click on the page to inspect, then select Network from the Sidebar.

 

image1.png

Figure 10: Getting-cURL-in-Prisma-Cloud-Using-Dev-Tools_PaloAltoNetworks

 

 

  1. Identify the Named API - Resource, then right click and select Copy > Copy as cURL (BASH)
  2. Import into Postman Collection by clicking on the Import, paste the copied cURL
  3. Set your desired collection and click on import into collection; if you want to save, otherwise import without saving.

 

image6.png

Figure 11: cURL-import-to-Postman_PaloAltoNetworks

 

 

  1. In Postman as seen in the right screenshot above, under Headers, set your “x-redlock-auth” header parameter to your “token” Environmental Variable, if set. Here, you may need to re-login to get the JWT using the Prisma Cloud Login, as mentioned above.
  2. You can now hit the Send button to make the GRT request for Postman to return the list of your Resource lists.

 

Note: While those API endpoints are available and can be used, if they are not documented, they are unsupported. Hence they can not be guaranteed to always be available and or may be changed or removed without advance notice.

 

Using the Postman Collection runner?

 

Postman allows you to group a number of API endpoints together which allows you to group for organization purposes. There are other useful things you can do like duplicate, edit, move, share but the most important is Run collection. The Run Collection allows you to all the API requests sequentially with additional flexibility; as seen in the screenshot below:

 

image13.png

Figure 12: Postman-Collection-runner-with-Prisma-Cloud-APIs_PaloAltoNetworks

 

 

  1. Run Manually: Allows you to run the collection of API endpoints in sequence with an opportunity to set the number of Iterations or Delays (in ms).
  2. Schedule Runs: This allows you to run periodically at a specified time of your choosing.
  3. Automate Runs via CLI: This is where you can configure CLI commands of your collection to run in your build pipeline. It comes with additional flexibility of:

 I. Run on Postman CLI: Automate using Postman’s command-line tool.

 

image12.png

Figure 13: Postman-Automated-CLI-run_PaloAltoNetworks

 

Ii. Run on CI/CD: Configure command to run collection on CI/CD pipeline of your choosing, with options including Jenkins, Gitlab, Circle CI, and Azure Pipelines to mention a few.

 

 

Configure Command: When you click the configure command at the bottom of the above mentioned screenshot, you get a pop up as seen below, where you can set your desired collection that you intend to run in your CICD pipeline, your desired Environmental Variable, your CI/CD provider, and the Operating System of your CI/CD.

You can thereafter copy the generated template and paste in your specified CI/CD provider to run the collection as a pipeline there.

 

image14.png

Figure 14: Postman-CI/CD-run-with-Prisma-API_PaloAltoNetworks

 

Conclusion

 

One can leverage the Prisma Cloud API Collections with Postman tool in operationalizing the Prisma Cloud Platform. This becomes particularly useful when a collection is grouped to be run as a collection runner either as a manual run, a scheduled run, or as an automated CLI run in a CI/CD pipeline of one’s choosing.

 

References

 

CSPM API Header

CSPM API Login

Runtime Security (CWP) APIs

Cloud Application Security APIs

Data Security Posture Management APIs

Prisma Cloud Base URL

 

Useful Documentation on using Developer tools for API testing:

How to Use Chrome Developer tools API Testing

Using Chrome Developer tools to detect endpoints

 

Postman Collections can be forked here: https://github.com/PaloAltoNetworks/pcs-postman 

Postman Documentation

Using scripts in Postman

 

About the Author

Tunde Adenugba is a Customer Success Engineer in the EMEA Region working with Palo Alto Network's Prisma Cloud platform.

 

Rate this article:
  • 810 Views
  • 0 comments
  • 1 Likes
Register or Sign-in
Contributors
Labels
Article Dashboard
Version history
Last Updated:
‎02-11-2025 09:15 AM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks