04-12-2024 01:32 PM
Hi J.JohnsonRock,
For better security, we generally recommend setting the Cortex XDR API to Advanced to prevent replay attacks. However, the Advanced API key does not support cURL but it is suitable with scripts.
As outlined in the Get Started with APIs • Cortex XDR API Reference • Reader • Palo Alto Networks documentation portal,...here is a Standard Key cURL Example:
curl -X POST https://api-{fqdn}/public_api/v1/{name of api}/{name of call}/
-H "x-xdr-auth-id:{key_id}"
-H "Authorization:{key}"
-H "Content-Type:application/json"
-d '{}'
Advanced Key Python 3 Example
import requests
from datetime import datetime, timezone
import secrets
import string
import hashlib
import requests
def test_advanced_authentication(api_key_id, api_key):
# Generate a 64 bytes random string
nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)])
# Get the current timestamp as milliseconds.
timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000
# Generate the auth key:
auth_key = "%s%s%s" % (api_key, nonce, timestamp)
# Convert to bytes object
auth_key = auth_key.encode("utf-8")
# Calculate sha256:
api_key_hash = hashlib.sha256(auth_key).hexdigest()
# Generate HTTP call headers
headers = {
"x-xdr-timestamp": str(timestamp),
"x-xdr-nonce": nonce,
"x-xdr-auth-id": str(api_key_id),
"Authorization": api_key_hash
}
parameters = {}
res = requests.post(url="https://api-{fqdn}/public_api/v1/{name of api}/{name of call}",
headers=headers,
json=parameters)
return res
Also, I suggest contacting Grafana support for assistance with their plugin.
Thanks
