openapi: 3.1.0 info: title: Palo Alto Networks SASE IAM Service API description: >- SASE Identity and Access Management (IAM) Service API. Provides programmatic management of service accounts, API key credentials, and access policies for the Palo Alto Networks SASE platform. Service accounts are machine identities used for API automation. Access policies bind roles to service accounts or users, controlling what operations they can perform within a Tenant Service Group scope. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.sase.paloaltonetworks.com/iam/v1 description: SASE IAM Service API production server. security: - oauth2Bearer: [] tags: - name: Access Policies description: Access policy management for role-based access control. - name: Roles description: Available IAM roles and their permissions. - name: Service Accounts description: Service account management and credential generation. paths: /service-accounts: get: operationId: listServiceAccounts summary: Palo Alto Networks List Service Accounts description: >- Returns the list of service accounts for the authenticated tenant. Service accounts are machine identities used to authenticate API automation workflows using the client_credentials OAuth 2.0 grant. tags: - Service Accounts parameters: - name: tsg_id in: query description: Filter service accounts by Tenant Service Group ID. schema: type: string example: '863313' - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of service accounts to return. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: Service accounts returned. content: application/json: schema: type: object properties: total: type: integer offset: type: integer limit: type: integer items: type: array items: $ref: '#/components/schemas/ServiceAccount' examples: ListServiceAccounts200Example: summary: Default listServiceAccounts 200 response x-microcks-default: true value: total: 799 offset: 654 limit: 730 items: - id: example-id name: Branch Agent 97 display_name: Sarah Wilson description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation. tsg_id: '758466' key_count: 11 created_at: '2026-11-23T17:14:36Z' updated_at: '2025-05-26T22:44:02Z' - id: example-id name: Branch Agent 97 display_name: Sarah Wilson description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation. tsg_id: '758466' key_count: 11 created_at: '2026-11-23T17:14:36Z' updated_at: '2025-05-26T22:44:02Z' '400': description: Invalid query parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListServiceAccounts400Example: summary: Default listServiceAccounts 400 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListServiceAccounts401Example: summary: Default listServiceAccounts 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListServiceAccounts403Example: summary: Default listServiceAccounts 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListServiceAccounts500Example: summary: Default listServiceAccounts 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createServiceAccount summary: Palo Alto Networks Create Service Account description: >- Creates a new service account. After creation, use the POST /service-accounts/{id}/keys endpoint to generate credentials. Service accounts are scoped to a Tenant Service Group and must be assigned access policies to grant API permissions. tags: - Service Accounts requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServiceAccountRequest' examples: CreateServiceAccountRequestExample: summary: Default createServiceAccount request x-microcks-default: true value: name: Primary Policy 99 display_name: Priya Chen description: Traffic malware configured firewall suspicious investigation activity applied on incident. tsg_id: '512892' responses: '201': description: Service account created successfully. content: application/json: schema: $ref: '#/components/schemas/ServiceAccount' examples: CreateServiceAccount201Example: summary: Default createServiceAccount 201 response x-microcks-default: true value: id: example-id name: Branch Agent 97 display_name: Sarah Wilson description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation. tsg_id: '758466' key_count: 11 created_at: '2026-11-23T17:14:36Z' updated_at: '2025-05-26T22:44:02Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateServiceAccount400Example: summary: Default createServiceAccount 400 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateServiceAccount401Example: summary: Default createServiceAccount 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateServiceAccount403Example: summary: Default createServiceAccount 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '409': description: A service account with this name already exists. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateServiceAccount409Example: summary: Default createServiceAccount 409 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateServiceAccount500Example: summary: Default createServiceAccount 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK /service-accounts/{id}: get: operationId: getServiceAccount summary: Palo Alto Networks Get Service Account description: Returns full details for a specific service account. tags: - Service Accounts parameters: - name: id in: path required: true description: Unique identifier of the service account. schema: type: string example: example-id responses: '200': description: Service account details returned. content: application/json: schema: $ref: '#/components/schemas/ServiceAccount' examples: GetServiceAccount200Example: summary: Default getServiceAccount 200 response x-microcks-default: true value: id: example-id name: Branch Agent 97 display_name: Sarah Wilson description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation. tsg_id: '758466' key_count: 11 created_at: '2026-11-23T17:14:36Z' updated_at: '2025-05-26T22:44:02Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetServiceAccount401Example: summary: Default getServiceAccount 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetServiceAccount403Example: summary: Default getServiceAccount 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '404': description: Service account not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetServiceAccount404Example: summary: Default getServiceAccount 404 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetServiceAccount500Example: summary: Default getServiceAccount 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateServiceAccount summary: Palo Alto Networks Update Service Account description: Updates the display name or description of an existing service account. tags: - Service Accounts parameters: - name: id in: path required: true description: Unique identifier of the service account to update. schema: type: string example: example-id requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServiceAccountUpdate' examples: UpdateServiceAccountRequestExample: summary: Default updateServiceAccount request x-microcks-default: true value: display_name: Alex Kumar description: Network on network threat policy threat traffic detected network endpoint incident configured. responses: '200': description: Service account updated successfully. content: application/json: schema: $ref: '#/components/schemas/ServiceAccount' examples: UpdateServiceAccount200Example: summary: Default updateServiceAccount 200 response x-microcks-default: true value: id: example-id name: Branch Agent 97 display_name: Sarah Wilson description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation. tsg_id: '758466' key_count: 11 created_at: '2026-11-23T17:14:36Z' updated_at: '2025-05-26T22:44:02Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateServiceAccount400Example: summary: Default updateServiceAccount 400 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateServiceAccount401Example: summary: Default updateServiceAccount 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateServiceAccount403Example: summary: Default updateServiceAccount 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '404': description: Service account not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateServiceAccount404Example: summary: Default updateServiceAccount 404 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateServiceAccount500Example: summary: Default updateServiceAccount 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteServiceAccount summary: Palo Alto Networks Delete Service Account description: >- Deletes a service account and revokes all associated credentials. Any active API sessions using credentials from this account will be invalidated. tags: - Service Accounts parameters: - name: id in: path required: true description: Unique identifier of the service account to delete. schema: type: string example: example-id responses: '204': description: Service account deleted successfully. '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteServiceAccount401Example: summary: Default deleteServiceAccount 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteServiceAccount403Example: summary: Default deleteServiceAccount 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '404': description: Service account not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteServiceAccount404Example: summary: Default deleteServiceAccount 404 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteServiceAccount500Example: summary: Default deleteServiceAccount 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK /service-accounts/{id}/keys: post: operationId: generateServiceAccountCredentials summary: Palo Alto Networks Generate Service Account Credentials description: >- Generates a new client ID and client secret for a service account. The client secret is returned only once in the response and cannot be retrieved again. Store the credentials securely. Use these credentials with the OAuth 2.0 client_credentials grant to obtain Bearer tokens for API authentication. tags: - Service Accounts parameters: - name: id in: path required: true description: Unique identifier of the service account. schema: type: string example: example-id requestBody: required: false content: application/json: schema: type: object properties: description: type: string description: Optional description for this set of credentials. expires_in_days: type: integer description: >- Number of days until the credentials expire. If omitted, credentials do not expire. minimum: 1 maximum: 365 examples: GenerateServiceAccountCredentialsRequestExample: summary: Default generateServiceAccountCredentials request x-microcks-default: true value: description: Applied traffic investigation network Security endpoint investigation. expires_in_days: 79 responses: '201': description: Credentials generated successfully. content: application/json: schema: $ref: '#/components/schemas/ServiceAccountCredentials' examples: GenerateServiceAccountCredentials201Example: summary: Default generateServiceAccountCredentials 201 response x-microcks-default: true value: key_id: '805173' client_id: '846434' client_secret: example-client_secret description: Suspicious on firewall policy applied violation rule policy policy. expires_at: '2024-05-22T20:49:01Z' created_at: '2024-09-21T21:03:36Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GenerateServiceAccountCredentials401Example: summary: Default generateServiceAccountCredentials 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GenerateServiceAccountCredentials403Example: summary: Default generateServiceAccountCredentials 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '404': description: Service account not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GenerateServiceAccountCredentials404Example: summary: Default generateServiceAccountCredentials 404 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GenerateServiceAccountCredentials500Example: summary: Default generateServiceAccountCredentials 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK /service-accounts/{id}/keys/{key_id}: delete: operationId: revokeServiceAccountKey summary: Palo Alto Networks Revoke Service Account Key description: >- Revokes a specific set of credentials for a service account. Any active API sessions using these credentials will be invalidated immediately. tags: - Service Accounts parameters: - name: id in: path required: true description: Unique identifier of the service account. schema: type: string example: example-id - name: key_id in: path required: true description: Unique identifier of the key to revoke. schema: type: string example: '973646' responses: '204': description: Credentials revoked successfully. '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RevokeServiceAccountKey401Example: summary: Default revokeServiceAccountKey 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RevokeServiceAccountKey403Example: summary: Default revokeServiceAccountKey 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '404': description: Service account or key not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RevokeServiceAccountKey404Example: summary: Default revokeServiceAccountKey 404 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RevokeServiceAccountKey500Example: summary: Default revokeServiceAccountKey 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK /access-policies: get: operationId: listAccessPolicies summary: Palo Alto Networks List Access Policies description: >- Returns the access policies defined for the tenant. Access policies bind a principal (service account or user) to a role within a specific TSG scope, controlling what API operations the principal can perform. tags: - Access Policies parameters: - name: principal_id in: query description: Filter policies by principal ID (service account or user). schema: type: string example: '179028' - name: tsg_id in: query description: Filter policies by TSG scope. schema: type: string example: '561662' - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of policies to return. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: Access policies returned. content: application/json: schema: type: object properties: total: type: integer offset: type: integer limit: type: integer items: type: array items: $ref: '#/components/schemas/AccessPolicy' examples: ListAccessPolicies200Example: summary: Default listAccessPolicies 200 response x-microcks-default: true value: total: 216 offset: 770 limit: 432 items: - id: example-id principal_id: '228082' principal_type: service_account role_id: '930355' role_name: Primary Policy 48 tsg_id: '568011' created_at: '2025-08-17T04:28:20Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAccessPolicies401Example: summary: Default listAccessPolicies 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAccessPolicies403Example: summary: Default listAccessPolicies 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAccessPolicies500Example: summary: Default listAccessPolicies 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createAccessPolicy summary: Palo Alto Networks Create Access Policy description: >- Creates a new access policy binding a principal to a role within a TSG scope. The role determines which API operations the principal can perform on resources within the specified TSG. tags: - Access Policies requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessPolicyRequest' examples: CreateAccessPolicyRequestExample: summary: Default createAccessPolicy request x-microcks-default: true value: principal_id: '988877' principal_type: user role_id: '955130' tsg_id: '732912' responses: '201': description: Access policy created successfully. content: application/json: schema: $ref: '#/components/schemas/AccessPolicy' examples: CreateAccessPolicy201Example: summary: Default createAccessPolicy 201 response x-microcks-default: true value: id: example-id principal_id: '228082' principal_type: service_account role_id: '930355' role_name: Primary Policy 48 tsg_id: '568011' created_at: '2025-08-17T04:28:20Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateAccessPolicy400Example: summary: Default createAccessPolicy 400 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateAccessPolicy401Example: summary: Default createAccessPolicy 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateAccessPolicy403Example: summary: Default createAccessPolicy 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateAccessPolicy500Example: summary: Default createAccessPolicy 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK /access-policies/{id}: get: operationId: getAccessPolicy summary: Palo Alto Networks Get Access Policy description: Returns full details for a specific access policy. tags: - Access Policies parameters: - name: id in: path required: true description: Unique identifier of the access policy. schema: type: string example: example-id responses: '200': description: Access policy details returned. content: application/json: schema: $ref: '#/components/schemas/AccessPolicy' examples: GetAccessPolicy200Example: summary: Default getAccessPolicy 200 response x-microcks-default: true value: id: example-id principal_id: '228082' principal_type: service_account role_id: '930355' role_name: Primary Policy 48 tsg_id: '568011' created_at: '2025-08-17T04:28:20Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAccessPolicy401Example: summary: Default getAccessPolicy 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAccessPolicy403Example: summary: Default getAccessPolicy 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '404': description: Access policy not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAccessPolicy404Example: summary: Default getAccessPolicy 404 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAccessPolicy500Example: summary: Default getAccessPolicy 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateAccessPolicy summary: Palo Alto Networks Update Access Policy description: Updates the role assignment for an existing access policy. tags: - Access Policies parameters: - name: id in: path required: true description: Unique identifier of the access policy to update. schema: type: string example: example-id requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessPolicyRequest' examples: UpdateAccessPolicyRequestExample: summary: Default updateAccessPolicy request x-microcks-default: true value: principal_id: '988877' principal_type: user role_id: '955130' tsg_id: '732912' responses: '200': description: Access policy updated successfully. content: application/json: schema: $ref: '#/components/schemas/AccessPolicy' examples: UpdateAccessPolicy200Example: summary: Default updateAccessPolicy 200 response x-microcks-default: true value: id: example-id principal_id: '228082' principal_type: service_account role_id: '930355' role_name: Primary Policy 48 tsg_id: '568011' created_at: '2025-08-17T04:28:20Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateAccessPolicy400Example: summary: Default updateAccessPolicy 400 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateAccessPolicy401Example: summary: Default updateAccessPolicy 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateAccessPolicy403Example: summary: Default updateAccessPolicy 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '404': description: Access policy not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateAccessPolicy404Example: summary: Default updateAccessPolicy 404 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateAccessPolicy500Example: summary: Default updateAccessPolicy 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteAccessPolicy summary: Palo Alto Networks Delete Access Policy description: Deletes an access policy, revoking the role binding from the principal. tags: - Access Policies parameters: - name: id in: path required: true description: Unique identifier of the access policy to delete. schema: type: string example: example-id responses: '204': description: Access policy deleted successfully. '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteAccessPolicy401Example: summary: Default deleteAccessPolicy 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteAccessPolicy403Example: summary: Default deleteAccessPolicy 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '404': description: Access policy not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteAccessPolicy404Example: summary: Default deleteAccessPolicy 404 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteAccessPolicy500Example: summary: Default deleteAccessPolicy 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK /roles: get: operationId: listRoles summary: Palo Alto Networks List Available Roles description: >- Returns the list of available IAM roles that can be assigned in access policies. Each role defines a set of API permissions for specific SASE services and operations. tags: - Roles responses: '200': description: Available roles returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/Role' examples: ListRoles200Example: summary: Default listRoles 200 response x-microcks-default: true value: total: 293 items: - id: example-id name: Branch Policy 17 display_name: Carlos Garcia description: Alert network suspicious applied blocked detected. permissions: &id001 - example-permissions_item - example-permissions_item '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListRoles401Example: summary: Default listRoles 401 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListRoles403Example: summary: Default listRoles 403 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListRoles500Example: summary: Default listRoles 500 response x-microcks-default: true value: error: example-error message: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: 1e1e39dd-16dd-4699-a272-365b75e92268 x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: oauth2Bearer: type: http scheme: bearer bearerFormat: JWT description: >- OAuth 2.0 Bearer token for SASE platform authentication. Obtain using the client_credentials grant with your SASE service account client ID and client secret. schemas: ServiceAccount: type: object properties: id: type: string description: Unique identifier of the service account. example: example-id name: type: string description: Unique name of the service account within the TSG. example: Branch Agent 97 display_name: type: string description: Human-readable display name. example: Sarah Wilson description: type: string description: Description of the service account's purpose. example: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation. tsg_id: type: string description: Tenant Service Group ID this service account belongs to. example: '758466' key_count: type: integer description: Number of active credential keys for this service account. example: 11 created_at: type: string format: date-time example: '2026-11-23T17:14:36Z' updated_at: type: string format: date-time example: '2025-05-26T22:44:02Z' ServiceAccountRequest: type: object required: - name - tsg_id properties: name: type: string description: Unique name for the service account within the TSG. pattern: '^[a-z][a-z0-9-]{0,63}$' example: Primary Policy 99 display_name: type: string description: Human-readable display name. example: Priya Chen description: type: string description: Description of the service account's purpose. example: Traffic malware configured firewall suspicious investigation activity applied on incident. tsg_id: type: string description: Tenant Service Group ID to create this service account in. example: '512892' ServiceAccountUpdate: type: object properties: display_name: type: string description: Updated display name. example: Alex Kumar description: type: string description: Updated description. example: Network on network threat policy threat traffic detected network endpoint incident configured. ServiceAccountCredentials: type: object properties: key_id: type: string description: Unique identifier of the generated key. example: '805173' client_id: type: string description: OAuth 2.0 client ID for this credential set. example: '846434' client_secret: type: string description: >- OAuth 2.0 client secret. Returned only once at creation time. Store this value securely as it cannot be retrieved again. writeOnly: true example: example-client_secret description: type: string description: Description provided when the key was created. example: Suspicious on firewall policy applied violation rule policy policy. expires_at: type: string format: date-time description: Expiration timestamp, or null if credentials do not expire. example: '2024-05-22T20:49:01Z' created_at: type: string format: date-time example: '2024-09-21T21:03:36Z' AccessPolicy: type: object properties: id: type: string description: Unique identifier of the access policy. example: example-id principal_id: type: string description: ID of the service account or user this policy applies to. example: '228082' principal_type: type: string enum: - service_account - user description: Type of principal. example: service_account role_id: type: string description: ID of the role assigned by this policy. example: '930355' role_name: type: string description: Name of the role assigned. example: Primary Policy 48 tsg_id: type: string description: TSG scope this policy applies to. example: '568011' created_at: type: string format: date-time example: '2025-08-17T04:28:20Z' AccessPolicyRequest: type: object required: - principal_id - principal_type - role_id - tsg_id properties: principal_id: type: string description: ID of the service account or user to grant access to. example: '988877' principal_type: type: string enum: - service_account - user description: Type of principal. example: user role_id: type: string description: ID of the role to assign. example: '955130' tsg_id: type: string description: TSG scope for this policy. example: '732912' Role: type: object properties: id: type: string description: Unique identifier of the role. example: example-id name: type: string description: Role name (e.g., superuser, network_admin, readonly). example: Branch Policy 17 display_name: type: string description: Human-readable role display name. example: Carlos Garcia description: type: string description: Description of the permissions granted by this role. example: Alert network suspicious applied blocked detected. permissions: type: array items: type: string description: List of permission identifiers included in this role. example: *id001 ErrorResponse: type: object properties: error: type: string description: Error code identifying the error type. example: example-error message: type: string description: Human-readable description of the error. example: Malware endpoint traffic incident on on traffic rule endpoint traffic. request_id: type: string description: Request identifier for support correlation. example: 1e1e39dd-16dd-4699-a272-365b75e92268