Documentation link
Describe the problem
Prisma AIRS OAuth Token endpoint doc issue**
While working with the Management API endpoint POST /v1/mgmt/oauth/client_credential/accesstoken (https://pan.dev/prisma-airs/api/airuntimesecurity/management/get-apigee-oauth-token/)), I found that the client_id field in the request body is misleading.
What the doc says:
The body expects client_id (string) — which implies the OAuth Client ID from your service account.
What actually works:
The client_id field must be your API key (the x-pan-token value), not the OAuth Client ID.
So the working curl looks like this:
curl -L 'https://api.sase.paloaltonetworks.com/aisec/v1/mgmt/oauth/client_credential/accesstoken' \
-H 'Authorization: Bearer <SASE_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"client_id": "<YOUR_X_PAN_TOKEN>",
"customer_app": "<YOUR_APP_NAME>"
}'
Using the actual OAuth Client ID returns "GetApigeeOauthToken: API key not found".
Suggested fix
What actually works:
The client_id field must be your API key (the x-pan-token value), not the OAuth Client ID.
So the working curl looks like this:
Documentation link
Describe the problem
Prisma AIRS OAuth Token endpoint doc issue**
While working with the Management API endpoint
POST /v1/mgmt/oauth/client_credential/accesstoken(https://pan.dev/prisma-airs/api/airuntimesecurity/management/get-apigee-oauth-token/)), I found that theclient_idfield in the request body is misleading.What the doc says:
The body expects
client_id(string) — which implies the OAuth Client ID from your service account.What actually works:
The
client_idfield must be your API key (thex-pan-tokenvalue), not the OAuth Client ID.So the working curl looks like this:
Using the actual OAuth Client ID returns
"GetApigeeOauthToken: API key not found".Suggested fix
What actually works:
The
client_idfield must be your API key (thex-pan-tokenvalue), not the OAuth Client ID.So the working curl looks like this: