Use the following guidelines to ensure that your Cloud Security Posture Management (CSPM) API requests to Prisma Cloud are successful.
Prerequisites for a CSPM Request
To make a CSPM API request, you must have the right privileges and authorization for the request.
CSPM User Roles
To have the right privileges to make a CSPM API request, you must have a Prisma Cloud user role with sufficient permissions. See Prisma Cloud Administrator Permissions for the permissions associated with each role.
CSPM API Authorization
To have the right authorization for a CSPM API request, follow the high-level steps below:
- Obtain an access key from your Prisma Cloud system administrator.
- Make a CSPM API request to log in . A successful request returns a JSON Web Token (JWT).
Almost all CSPM API requests use this JWT for authorization. Note that for security, a JWT is valid for only ten minutes. If your session must be active beyond that limit, you can extend a session.
Components of a CSPM Request
The sections below describe the components of a successful CSPM API request.
The base URL of your CSPM API request depends on the region of your Prisma Cloud tenant and is similar to your Prisma Cloud administrative console URL. See URLs for a list of Prisma Cloud console URLs and corresponding CSPM API base URLs.
The CSPM API uses the standard HTTP methods
You can retrieve certain CSPM resources through either a
GET or a
POST request. Examples include but are not limited to alert lists, compliance posture, and some asset inventory lists. While both methods result in the same response, use
- You don’t want to include your request parameters in the request URL.
- Your request parameters are complex and, therefore, easier to define in the body of a
Required Request Headers
See Headers for information about required request headers.
Request Parameters and Common Data Models
Both query and request body parameters can include certain CSPM common data models. The following sections provide details about their use:
- The Time Range Model enables you to specify windows of time.
- The Integration Configurations are specific to API requests that add, update, or test a third-party integration with Prisma Cloud.
See Error Responses for information about error handling.