welcome-to-palo-alto-networks[bot]
commented
1 year ago :tada: Thanks for opening your first issue here! Welcome to the community!
Open dwchowscalesec opened 1 year ago
welcome-to-palo-alto-networks[bot]
commented
1 year ago :tada: Thanks for opening your first issue here! Welcome to the community!
Describe the problem
inaccuracy
The documentation says the SaaS and self hosted API's are the same. If you're a SaaS customer you can find the CWPP version and match it to your API version use which is confirmed. Unfortunately, using api2.prismacloud.io results in 404's for these endpoints documented.
After a POST request to api2.prismacloud.io/login to grab the JWT which is fine.
Yet the documentation in other endpoint stub pages: https://prisma.pan.dev/api/cloud/cwpp/stats#operation/get-stats-vulnerabilities-download show Curl using a user as part of the authentication.
Creating a subsequent request as mentioned in: https://prisma.pan.dev/api/cloud/cwpp/curl-examples for testing with the following:
Method GET request to: https://api2.prismacloud.io/api/v1/policies/compliance/container Headers: Content-Type: application/json Authorization: Bearer
This results in a 404 no matter what; even when trying other endpoints such as: https://api2.prismacloud.io/api/v22.06/stats/vulnerabilities
I have confirmed in the CWPP is the same version of the path of the URL for the endpoint consumption in Postman. Even if there were header/syntax issues from Postman or Curl. The return should not be a 404.
I have attempted variants of possible known URLs to use such as: api.prismacloud.io/ <-- also returns a 404 app2.prismacloud.io/ <-- only returns a 404 image
Please advise as the exact curl to use with SaaS hosted CWPP customers using a JWT bearer token hosted on the app2 tenant.
Suggested fix
Unknown to me