* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/) * [Security Platform](https://origin-researchcenter.paloaltonetworks.com/blog/category/security-platform/) * Step-By-Step: Using AutoF... # Step-By-Step: Using AutoFocus API and Postman for Automation [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F01%2Fstep-by-step-using-autofocus-api-and-postman-for-automation%2F) [](https://twitter.com/share?text=Step-By-Step%3A+Using+AutoFocus+API+and+Postman+for+Automation&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F01%2Fstep-by-step-using-autofocus-api-and-postman-for-automation%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F01%2Fstep-by-step-using-autofocus-api-and-postman-for-automation%2F&title=Step-By-Step%3A+Using+AutoFocus+API+and+Postman+for+Automation&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2016/01/step-by-step-using-autofocus-api-and-postman-for-automation/&ts=markdown) \[\](mailto:?subject=Step-By-Step: Using AutoFocus API and Postman for Automation) Link copied By [Etay Nir](https://www.paloaltonetworks.com/blog/author/etay-nir/?ts=markdown "Posts by Etay Nir") Jan 14, 2016 5 minutes [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown) [AutoFocus](https://www.paloaltonetworks.com/blog/tag/autofocus/?ts=markdown) [AutoFocus API](https://www.paloaltonetworks.com/blog/tag/autofocus-api/?ts=markdown) [Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown) [Postman](https://www.paloaltonetworks.com/blog/tag/postman/?ts=markdown) One of the important components baked into the Palo Alto Networks next-generation security platform is our API. You can use our API to interact with and automate the various components of our platform, such as bulk searches, push and pull configurations, leveraging third-party applications and services, and more. In this post, I'll explain, step-by-step, how to use our API with [AutoFocus](https://www.paloaltonetworks.com/products/platforms/subscriptions/autofocus.html) utilizing the [Postman app.](https://www.getpostman.com/) Postman is a useful development and testing client for REST API, creating complex HTTP requests and giving you the ability to interact with the API as it presents a friendly GUI for constructing requests and for reading responses. We'll be using this application to demonstrate Palo Alto Networks AutoFocus API capabilities. ### Prerequisites Before you can start using the AutoFocus API, there are a few steps needed to ensure things run smoothly: * Make sure you have portal access credentials to AutoFocus (Contact your Palo Alto Networks representative or partner if you'd like to purchase or trial AutoFocus) * Get your API Key (use the [API Key process](https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_api/get-started-with-the-autofocus-api/get-your-api-key.html#36712) to obtain one) * Get familiarized with the AutoFocus portal and read our [AutoFocus Administrator's Guide](https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_admin_guide.html) * Brush up on your knowledge of web service APIs, HTTP, and JSON. * Install the Postman app NOTE: Take the following steps if you already have access to the AutoFocus portal and want to retrieve your API Key: * Login to the [AutoFocus instance](https://autofocus.paloaltonetworks.com/) * Click the [Settings](https://autofocus.paloaltonetworks.com/#/settings) option on the left side menu * The API Key will display for you to copy [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-1.png) [![autofocus api 1](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-1-500x366.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-1.png) ### Making your API Call In this example, we want to find all the Dridex instances in our network that WildFire convicted as malware and where the destination files are the United States. We want those results in JSON format so we can use this data any way we want: parse it, use parts of it, export it to third-party-services or applications, or integrate the information into the SOC. Many of the resources in the AutoFocus API require API calls to two resources. The first call is to initiate a search and the next is to check for the results of that search. Take the following steps to configure the Postman Application. #### Step 1: Configuring the search query As mentioned before, you need to craft two API calls to two different resources. The first call is the query itself to pull the data and the second one is to fetch and present the results. Both calls use the POST method. Crafting the AutoFocus query itself can get complicated depending on the query you want to design. The best way to create your own query is to use the AutoFocus search option and then export the query into a file using the following process: * Log in to the AutoFocus portal * Create the query as described [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-2.png) [![autofocus api 2](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-2-500x198.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-2.png) * Use the export option to export your search [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-3.png) [![autofocus api 3](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-3-500x172.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-3.png) * You can then copy the search or save it to a file and use it later when you need it [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-4.png) [![autofocus api 4](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-4-500x237.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-4.png) As a side note, the same rule applies when you want to create an API call using a shell/python script using the CLI instead of the Postman Application. For the first call: * Configure Postman POST method to communicate to: [https://autofocus.paloaltonetworks.com/api/v1.0/samples/search/](https://autofocus.paloaltonetworks.com/api/v1.0/samples/search/) * Choose the "raw" option under the "Body" tab * Select the JSON (application/json) output * In the query field, use the API Key you copied into the "apiKey": "XXXXX" * Type in the query and click the "Send" button [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-5.png) [![autofocus api 5](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-5-500x314.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-5.png) * If everything went well and the apiKey value you have entered is correct, you will get the query result values in the results window. * The specific value you need to look for is the af\_cookie. Once you find it, copy the value. * **The af\_cookie expires 120 seconds after the search results are complete (when af\_complete\_percentage is 100) or after you view completed search results.** [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-6.png) [![autofocus api 6](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-6-500x322.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-6.png) #### Step 2: Viewing the Results To view the results and retrieve the af\_cookie, you need to configure Postman to perform the second POST method and point it to the results link. * Open a second tab on the Postman Application * Configure the POST method to point to: [https://autofocus.paloaltonetworks.com/api/v1.0/sessions/results/1-bac82b7d-2502-4da5-8b9c-d5f6d9c9632e+0](https://autofocus.paloaltonetworks.com/api/v1.0/sessions/results/1-bac82b7d-2502-4da5-8b9c-d5f6d9c9632e+0) Note that the af\_cookie value is entered to the link itself * Choose the "raw" option under the "Body" tab * Select the JSON (application/json) output * In the query field, paste the API Key you copied into the "apiKey": "XXXXX" * Click the "Enter" button [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-7.png) [![autofocus api 7](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-7-500x262.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-7.png) You should be able to view the output in the results/output window at the bottom of the Postman Application. [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-8.png) [![autofocus api 8](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-8-500x203.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/01/autofocus-api-8.png) Then copy and search the results you pulled from AutoFocus. You can also save the output to a file and perform regular expression and parsing as needed, export the data, etc... ### Conclusion This was just one example of the different ways you can leverage and use the AutoFocus API to perform automation and link between various third-party-tools and streamline your threat intelligence analysis, perform bulk searches, import and export queries, leverage IOC, and so on. AutoFocus is a powerful tool for performing threat intelligence, leveraging the rich data Wildfire provides and shortening the analysis time needed to reach a quicker resolution and root cause analysis. By adding the power of the API, you achieve integration and automation between the Palo Alto Networks platform and your existing infrastructure, further streamlining analysis and getting the results you need, quickly and easily. For more information, visit the [AutoFocus API website](https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_api.html) to find different examples, configurations, prerequisites, rate limits, and other resources. *** ** * ** *** ## Related Blogs ### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown) [#### Tech Docs: The May Release of AutoFocus is Now Live!](https://origin-researchcenter.paloaltonetworks.com/blog/2018/05/tech-docs-may-release-autofocus-now-live/) ### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown) [#### AutoFocus 2.0.3 Release Documentation is Now Live!](https://origin-researchcenter.paloaltonetworks.com/blog/2018/01/tech-docs-autofocus-2-0-3-release-documentation-now-live/) ### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown) [#### Customer Spotlight: Telkom Indonesia Protects Expansion Plans With Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/2017/11/customer-spotlight-telkom-indonesia-protects-expansion-plans-palo-alto-networks/) ### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### Customer Spotlight: Domain Group Keeps the Presses Rolling With Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/customer-spotlight-domain-group-keeps-presses-rolling-palo-alto-networks/) ### [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown) [#### Tech Docs: Collect and Refine Threat Intelligence with MineMeld](https://origin-researchcenter.paloaltonetworks.com/blog/2017/01/tech-docs-collect-refine-threat-intelligence-minemeld/) ### [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### What is Automated Cybersecurity?](https://origin-researchcenter.paloaltonetworks.com/blog/2016/12/what-is-automated-cybersecurity/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language