Skip to main content

CSPM API Request Basics

Use the following guidelines to ensure that your CSPM API request is successful.

Prerequisites of a Request#

Before you can make a CSPM API request, you need to make sure you have the right privileges and authorization for the request.


To make an API request, you must have a Prisma Cloud role with sufficient permissions. See Prisma Cloud Administrator Permissions for the permissions associated with each role.


Almost all CSPM API endpoints use JSON Web Tokens (JWT) to authorize requests. Log in to obtain a valid JWT. Note that for security, a JWT is valid for only ten minutes. If your session must be active beyond that limit, you can extend a session.

See Getting Started for steps to obtain access keys and use them when you log in.

Components of a Single Request#

The sections below describe the components of a successful CSPM API request.


The base URL of your CSPM API request depends on the region of your Prisma Cloud tenant and is similar to your Prisma Cloud administrative console URL. See URLs for a list of Prisma Cloud console URLs and corresponding CSPM API base URLs.


The CSPM API uses standard HTTP methods GET, POST, PUT, PATCH, and DELETE.

Certain resources are available through either a GET or a POST request. Examples include but are not limited to alert lists, compliance posture, and some asset inventory lists. While both options result in the same response, use POST if:

  • You don’t want to include your request parameters in the request URL.
  • Your request parameters are complex and, therefore, easier to define in the body of a POST request.

Request Headers#

See Headers for information about required request headers.

Request Parameters#

Both query and request body parameters can include certain data models in CSPM. The following sections provide details about their use:


See Error Responses for information about error handling.