Configuration
All SDK clients can be configured via constructor options or environment variables. Copy .env.example to .env to get started.
cp .env.example .env
Scan API
| Env Var | Required | Default |
|---|---|---|
PANW_AI_SEC_API_KEY | One of key/token | — |
PANW_AI_SEC_API_TOKEN | One of key/token | — |
PANW_AI_SEC_API_ENDPOINT | No | https://service.api.aisecurity.paloaltonetworks.com |
Management API
| Env Var | Required | Default |
|---|---|---|
PANW_MGMT_CLIENT_ID | Yes | — |
PANW_MGMT_CLIENT_SECRET | Yes | — |
PANW_MGMT_TSG_ID | Yes | — |
PANW_MGMT_ENDPOINT | No | https://api.sase.paloaltonetworks.com/aisec |
PANW_MGMT_TOKEN_ENDPOINT | No | https://auth.apps.paloaltonetworks.com/oauth2/access_token |
Model Security API
Falls back to PANW_MGMT_* variables if service-specific ones are not set.
| Env Var | Required | Default |
|---|---|---|
PANW_MODEL_SEC_CLIENT_ID | Falls back to MGMT | — |
PANW_MODEL_SEC_CLIENT_SECRET | Falls back to MGMT | — |
PANW_MODEL_SEC_TSG_ID | Falls back to MGMT | — |
PANW_MODEL_SEC_DATA_ENDPOINT | No | https://api.sase.paloaltonetworks.com/aims/data |
PANW_MODEL_SEC_MGMT_ENDPOINT | No | https://api.sase.paloaltonetworks.com/aims/mgmt |
PANW_MODEL_SEC_TOKEN_ENDPOINT | Falls back to MGMT | — |
Red Team API
Falls back to PANW_MGMT_* variables if service-specific ones are not set.
| Env Var | Required | Default |
|---|---|---|
PANW_RED_TEAM_CLIENT_ID | Falls back to MGMT | — |
PANW_RED_TEAM_CLIENT_SECRET | Falls back to MGMT | — |
PANW_RED_TEAM_TSG_ID | Falls back to MGMT | — |
PANW_RED_TEAM_DATA_ENDPOINT | No | https://api.sase.paloaltonetworks.com/ai-red-teaming/data-plane |
PANW_RED_TEAM_MGMT_ENDPOINT | No | https://api.sase.paloaltonetworks.com/ai-red-teaming/mgmt-plane |
PANW_RED_TEAM_TOKEN_ENDPOINT | Falls back to MGMT | — |
Regional Endpoints
Override endpoint variables for non-US deployments:
# EU
export PANW_MGMT_ENDPOINT=https://api.eu.sase.paloaltonetworks.com/aisec
# UK
export PANW_MGMT_ENDPOINT=https://api.uk.sase.paloaltonetworks.com/aisec
# FedRAMP
export PANW_MGMT_ENDPOINT=https://api.gov.sase.paloaltonetworks.com/aisec
Shared Credentials
If you use the same OAuth2 client for all services, you only need to set PANW_MGMT_CLIENT_ID, PANW_MGMT_CLIENT_SECRET, and PANW_MGMT_TSG_ID. The Model Security and Red Team clients will use these automatically.