jworl/palo-alto-api-notes

## palo-alto-api-notes
## upload config
curl -u admin:${p} -k --form file="@./path/to/cloud-portal-template.xml" "https://${ip}/api/?type=import&category=configuration"
<response status="success"><msg><line>cloud-portal-template.xml saved</line></msg></response>

## load config
curl -u admin:${p} -k "https://${ip}/api/?type=op&cmd=<load><config><from>cloud-portal-template.xml</from></config></load>"
<response status="success"><result><msg><line>Config loaded from cloud-portal-template.xml</line></msg></result></response>

## commit config
curl -u admin:${p} -k "https://${ip}/api/?type=commit&cmd=<commit><force></force></commit>"
<response status="success" code="19"><result><msg><line>Commit job enqueued with jobid 3</line></msg><job>3</job></result></response>

## Auto license but FYI-- haven't found way to retrieve on FW through API
curl -i -H "apikey:${licensetoken}" --data-urlencode cpuid="AWS:ASDFASDGASDG" --data-urlencode uuid="EC2NOTEE-CTHE-REAL-FKEY-7FEAAAAAF0B9" --data-urlencode authCode=${AUTHCODE} https://api.paloaltonetworks.com/api/license/activate


## request API token
curl -k "https://${ip}/api/?type=keygen&user=admin&password=${p}"
<response status = 'success'><result><key>NOTTHEREALKEYD</key></result></response>

## globalprotect client download
curl -k "https://${ip}/api/?type=op&cmd=<request><global-protect-client><software><download><version>5.1.1</version></download></software></global-protect-client></request>&key=${apitok}"
<response status="success" code="19"><result><msg><line>Download job enqueued with jobid 6</line></msg><job>6</job></result></response>

## globalprotect client activate
curl -k "https://${ip}/api/?type=op&cmd=<request><global-protect-client><software><activate><version>5.1.1</version></activate></software></global-protect-client></request>&key=${apitok}"
<response status="success" code="19"><result><msg><line>client package activate job enqueued with jobid 7. Run 'show jobs id 7' to monitor its status. </line></msg><job>7</job></result></response>

## import xml for saml
curl -k -F file=@sa-east-1.xml -g "https://${ip}/api/?key=${apitok}&type=import&category=idp-metadata&profile-name=Okta-Prod"
<response status="success"><result>Successfully imported Okta-Prod into candidate configuration</result></response>
	## upload config
	curl -u admin:${p} -k --form file="@./path/to/cloud-portal-template.xml" "https://${ip}/api/?type=import&category=configuration"
	<response status="success"><msg><line>cloud-portal-template.xml saved</line></msg></response>

	## load config
	curl -u admin:${p} -k "https://${ip}/api/?type=op&cmd=<load><config><from>cloud-portal-template.xml</from></config></load>"
	<response status="success"><result><msg><line>Config loaded from cloud-portal-template.xml</line></msg></result></response>

	## commit config
	curl -u admin:${p} -k "https://${ip}/api/?type=commit&cmd=<commit><force></force></commit>"
	<response status="success" code="19"><result><msg><line>Commit job enqueued with jobid 3</line></msg><job>3</job></result></response>

	## Auto license but FYI-- haven't found way to retrieve on FW through API
	curl -i -H "apikey:${licensetoken}" --data-urlencode cpuid="AWS:ASDFASDGASDG" --data-urlencode uuid="EC2NOTEE-CTHE-REAL-FKEY-7FEAAAAAF0B9" --data-urlencode authCode=${AUTHCODE} https://api.paloaltonetworks.com/api/license/activate


	## request API token
	curl -k "https://${ip}/api/?type=keygen&user=admin&password=${p}"
	<response status = 'success'><result><key>NOTTHEREALKEYD</key></result></response>

	## globalprotect client download
	curl -k "https://${ip}/api/?type=op&cmd=<request><global-protect-client><software><download><version>5.1.1</version></download></software></global-protect-client></request>&key=${apitok}"
	<response status="success" code="19"><result><msg><line>Download job enqueued with jobid 6</line></msg><job>6</job></result></response>

	## globalprotect client activate
	curl -k "https://${ip}/api/?type=op&cmd=<request><global-protect-client><software><activate><version>5.1.1</version></activate></software></global-protect-client></request>&key=${apitok}"
	<response status="success" code="19"><result><msg><line>client package activate job enqueued with jobid 7. Run 'show jobs id 7' to monitor its status. </line></msg><job>7</job></result></response>

	## import xml for saml
	curl -k -F file=@sa-east-1.xml -g "https://${ip}/api/?key=${apitok}&type=import&category=idp-metadata&profile-name=Okta-Prod"
	<response status="success"><result>Successfully imported Okta-Prod into candidate configuration</result></response>