Skip to main content

API Keys

Choose language for code snippet

Python Php Go

In this section we present a workflow example to migrate a third party vendor configuration into a PANOS configuration.

Generating Expedition API Keys

In general, all the API calls to Expedition require user authentication, in order to validate the level of user rights to perform specific API calls. This is done through the use of API keys. The first step is to log into Expedition and retrieve an API key that would offer us access to later API calls.

As shown in Snippet 1, defines the Expedition IP to connect (ip variable),if you are using the container , the ip will be "localhost", credentials to be used for authentication (credentials) and the URL to access the login route (url).

Once those variables have been provided, creates and establishes an SSL connection (curl) to Expedition to make a request to the login URL with the specified credentials, and collects the response from the server into the response variable.

Expedition API responses are in JSON format. In the case of a generate_api_key API call, in the content section we will obtain an API key (apikey) and a CSRF Token (csrfToken). The first can be used for API consumption in scripts, while the second is intended for HTTPS Web UI requests. While the API key has an expiration time of 1 month and extends its validity time on every login (it may change in the future), a CSRF Token has a shorter validity and gets regenerated for each login call.

We collect the api_key by accessing the corresponding JSON element and remove the surrounding quotes to access the API key string and format it for future authenticated API calls.


This authentication credentials are later prepared in a hed variable that we will attach into the headers of the API calls we send in the future.

API syntax for generate API key:

MethodEndPointParametersExample Value
POSThttps://localhost/api/v1/generate_api_keyusername, password{"username":"admin", "password":"paloalto"}
import json
import sys
import argparse
import requests
from time import sleep
import urllib3



ip="localhost" #your Expedition IP reachable from the Script execution machine

url = 'https://'+ip+'/api/v1/generate_api_key'
credentials = {"username":user, "password":password}

r =, data=credentials, verify=False)
apiKey = json.dumps(response['Contents']['response']['data']['content']['api_key'])
auth_token = apiKey[1:-1]

hed = {'Authorization': 'Bearer ' + auth_token}