Palo Alto Networks

SASE Authentication Service API

The OAuth 2.0 authentication service that provides access tokens for all Prisma SASE platform APIs. Uses Client ID and Client Secret credentials to generate short-lived bearer tokens with a 15-minute lifespan. All SASE platform APIs including Prisma Access, SD-WAN, SSPM, and management services require tokens from this endpoint. Supports tenant service group (TSG) scoping for multi-tenant environments.

GitHub

Documentation

📖
Documentation
https://pan.dev/sase/api/auth/
📖
GettingStarted
https://pan.dev/sase/docs/getstarted/

API entry from apis.yml

apis.yml Raw ↑ 
aid: palo-alto-networks:sase-authentication-service-api
name: SASE Authentication Service API
tags:
- Access Tokens
- Authentication
- Identity
- OAuth 2.0
- SASE
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
baseURL: https://auth.apps.paloaltonetworks.com
humanURL: https://pan.dev/sase/api/auth/
properties:
- url: https://pan.dev/sase/api/auth/
  type: Documentation
- url: https://pan.dev/sase/docs/getstarted/
  type: GettingStarted
description: The OAuth 2.0 authentication service that provides access tokens for all Prisma SASE platform
  APIs. Uses Client ID and Client Secret credentials to generate short-lived bearer tokens with a 15-minute
  lifespan. All SASE platform APIs including Prisma Access, SD-WAN, SSPM, and management services require
  tokens from this endpoint. Supports tenant service group (TSG) scoping for multi-tenant environments.