Skip to main content

A lightweight SDK for the Panorama Cloud API

Project description


This is a lightweight Python SDK designed to interact with Palo Alto Networks Cloud Management API. It consists of an object-oriented library that simplifies OAuth 2.0 session estalishment, access token validation, and automatic access token refresh. Each configuration API endpoint is represented as unique object instances that provide a common set of create, read, update, delete, and list functions.


  • OAuth 2.0 session management (subclassed from requests_oauthlib.Session)
  • Supports credential config file (~/panapi/config)
  • JSON Web Key Set (JWKS) retrieval
  • JWT access token decoding and validation
  • Common create, read, update, delete, and list methods for all config objects
  • Automatic and transparent access token refresh


Upgrade to the latest pip

pip install --upgrade pip

Install using pip

$ pip install panapi

Upgrade to the latest version

$ pip install --upgrade panapi


The Cloud Management API utilizes OAuth 2.0 to authenticate and authorize incoming API calls. This requires requesting an access token from an Authorization Server. The credentials needed to request an access token can be defined in a configuration located at $HOME/.panapi/config.yml.

# my-tenant
client_secret: feea5864-f557-11ec-b939-0242ac120002
scope: tsg_id:1808050139


The following is a brief overview of how to use the pan-api-python SDK. For comprehensive details on its usage, please refer to the documentation here.

Import the modules

The entire SDK can be imported into your project.

import panapi

Specific modules can be imported as well.

from panapi.config import security, network

Individual classes can also be imported.

from import RemoteNetwork, IKEGateway, IPSecTunnel

Establish the OAuth 2.0 session

Instantiate the PanApiSession handler and authenticate to the Authorization Server.

session = panapi.PanApiSession()

If successful, the access token will become an attribute of the PanApiSession instance.


Token validation is done automatically with each API call using the pan-api-python SDK. However, manual validation of the JWT token claims and cryptographic signature can be done as well.


Working with configuration objects

Instantiate a new configuration object.

addr1 = panapi.config.objects.Address(
    folder = 'Shared',
    name = 'server1',
    ip_netmask = '',
    description = 'App server 1',
    tags = ['production']

Create the new configuration on the cloud management tenant.


The HTTP status code resulting from PanApiSession API transactions attached to the session instance.

result = session.status_code

Retrieve a configuration object by name.

gw1 =
    folder = 'Remote Networks',
    name = 'Seattle-GW'

Display the JSON payload of a configuration object.

json.dumps(gw1.payload, indent=4)

Update elements of a configuration object.

rule =
    folder = 'Shared',
    named = 'Allow monitoring'
rule1.applications = ['snmpv2', 'snmpv3']
rule1.description = 'Allow SNMPv2 and v3 from NOC'

Delete a configuration from the cloud management tenant.

id1 = panapi.config.identity.SAMLProfile(
    folder = 'Shared',
    name = 'AD-SAML'

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

panapi-0.0.1.tar.gz (8.9 kB view hashes)

Uploaded source

Built Distribution

panapi-0.0.1-py3-none-any.whl (9.1 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page