Skip to main content

Application Security API Request Basics

Use the following guidelines to ensure that your Application Security API requests to Prisma Cloud are successful.

See Prisma Cloud Application Security for more information and for directions to enable Application Security on Prisma Cloud.

Prerequisites for a Application Security Request

To make a Application Security API request, you must have the right privileges and authorization for the request.

Application Security Access

To have the right privileges to make a Application Security API request, you must set up:

Application Security API Authorization

To have the right authorization for a Application Security API request, follow the high-level steps below:

  1. Obtain an access key from your Prisma Cloud system administrator.
  2. Make a CSPM API request to log in . A successful request returns a JSON Web Token (JWT).

All the Application Security API requests use this JWT in the API request header for authorization. Note that for security, a JWT is valid for only ten minutes. If your session must be active beyond that limit, you can extend a session.

See Getting Started for detailed steps to obtain an access key and to log in to obtain a JWT token.

Components of a Application Security Request

The sections below note specific details about some of the components of a successful CSPM API request.

Base URL

The base URL of your Application Security API request depends on the region of your Prisma Cloud tenant and is similar to your Prisma Cloud administrative console URL. See the Prisma Cloud URLs for a list of Prisma Cloud console URLs and corresponding API base URLs.

HTTP Methods

The Application Security API uses standard HTTP methods, such as GET, POST, PUT, and DELETE.

Required Request Headers

See Headers for information about required request headers.