Skip to main content

Get Started with CDSS APIs

The Palo Alto Networks Cloud-Delivered Security Service APIs provide Palo Alto Networks customers operating SIEM tools, custom security applications, and other threat assessment software with the ability to access threat intelligence/analysis data used and generated by supported CDSS security subscriptions.

Currently available is the Threat Vault API and DNS Security API (currently in BETA).

The Threat Vault API provides access to threat signature metadata and published release note contents that's only available in the Threat Vault, through a programmatic RESTful API. Advanced Threat Prevention subscription holders can additionally access cloud reports and related PCAP data using the malicious session data analyzed by the inline deep learning and machine learning models. This allows you to leverage Palo Alto Networks threat analytics data and threat intelligence to improve your incident response processes by providing additional threat context. To access the Threat Vault API, you must have an active Advanced Threat Prevention or Threat Prevention subscription.

The DNS Security API provides access to a programmatic RESTful API that allows you to retrieve DNS domain details, including categorization information and the contextual information based on your network access statistics. To access the DNS Security API, you must have an active DNS Security subscription.


The DNS Security API is currently in BETA. To inquire about joining the beta or to receive support or provide suggestions, please contact

First Steps

Review Documentation

The Cloud-Delivered Security Services Developer's Guide (this document) describes the requirements to authenticate to an API service, manage API keys, and make API calls. It also includes general information about using CDSS APIs, including best-practices, access limitations, examples, and supplementary reference information, such as expanded response field definitions. Consider reviewing the examples for use-cases that might be applicable to your deployment.

The API Reference for each available service describes the API endpoint parameters. If you are already familiar with the operation and usage of APIs, you can proceed to the reference documentation for usage specifics.

Make Your First API Call

After familiarizing yourself with the API usage details, first, retrieve your API key from the Palo Alto Networks Support Portal. Then, using the parameter guidelines outlined in the API reference, format and submit your API requests to the API service. For a simple example, refer to Make API Calls.