Skip to main content

API Workflow

SaaS Security Posture Management(SSPM) APIs enable you to manage onboarded SaaS applications, retrieve configuration details, and handle integrations efficiently.

Summary

This guide provides a structured workflow to:

  • Retrieve onboarded and cataloged applications.
  • Access detailed app configurations and settings.
  • Manage common controls for enhanced security.
  • Handle integration projects and resolves the issue.

1. Retrieve the list of onboarded applications

Use the List of Applications API to fetch all onboarded SaaS applications. Each application includes an app_id, which you will use in subsequent API calls. Refer to the SaaS Onboarding Guide for onboarding details.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

2. Fetch details for an onboarded application

Use the app_id from the previous step to access detailed information about a specific onboarded application.

Fetch basic details

Use the Application Details API to retrieve the application's basic details.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

Retrieve configuration details

Call Application Configuration to fetch configuration details.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id/configs' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

Access application settings

Use the Application Settings API to access specific settings.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id/settings' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

3. Retrieve the catalog of supported SSPM applications

Use the Supported SSPM Application Catalog API to fetch a list of all supported applications. Each catalog entry includes an app name for further API calls.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

Fetch catalog application details

Retrieve detailed information about a specific app using the app name.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

Fetch configuration details

Call the Configuration Details API to retrieve configuration settings.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/configs' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

Retrieve application catalog scope information

Use the Application Catalog Scope API to access scope details.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/scopes' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

Fetch authentication details

Call Application Authorization to retrieve authentication details.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/auth/:app/info' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

4. Retrieve common control details

Find common_control or common_control_id values in the responses from:

  • /sspm/api/v1/apps/{app_id}/configs
  • /sspm/api/v1/catalog/apps/{app}/configs

Then, call the /sspm/api/v1/catalog/controls/{common_control_id} API to retrieve detailed information about the common control.

5. Retrieve integration projects

Call JIRA Ticket Details to get a list of integration projects for a specific integration_id. The response includes project keys for further actions.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/projects' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

Fetch specific project details

Use Specific Project Details to retrieve details about a project. The response includes issue keys for further steps.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/project/:key' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'

6. Fetch details for a specific issue

Call Specific Issue Details to retrieve information about a specific issue using the issue key.

Request Example

curl -L  'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/issue/:key' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <TOKEN>'