Palo Alto Networks

SASE IAM API

A REST API for managing identity and access on the SASE platform including creating service accounts, managing access policies, and configuring role-based access control for SASE API consumers. The API supports provisioning service account credentials used for OAuth 2.0 authentication across all SASE platform APIs. Part of the common SASE management services layer.

Documentation GitHub OpenAPI

Documentation

https://pan.dev/sase/api/iam/

Specifications

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-sase-iam-api-openapi-original.yml

Examples

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/sase-iam-api-access-policy-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/sase-iam-api-access-policy-request-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/sase-iam-api-role-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/sase-iam-api-service-account-credentials-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/sase-iam-api-service-account-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/sase-iam-api-service-account-request-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/sase-iam-api-service-account-update-example.json

Schemas & Data

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-iam-api-access-policy-request-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-iam-api-access-policy-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-iam-api-role-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-iam-api-service-account-credentials-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-iam-api-service-account-request-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-iam-api-service-account-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-iam-api-service-account-update-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-iam-api-access-policy-request-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-iam-api-access-policy-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-iam-api-role-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-iam-api-service-account-credentials-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-iam-api-service-account-request-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-iam-api-service-account-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-iam-api-service-account-update-structure.json

Other Resources

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-ld/palo-alto-sase-iam-api-context.jsonld

OpenAPI Specification

openapi: 3.1.0
info:
  title: Palo Alto Networks SASE IAM Service API
  description: >-
    SASE Identity and Access Management (IAM) Service API. Provides
    programmatic management of service accounts, API key credentials,
    and access policies for the Palo Alto Networks SASE platform. Service
    accounts are machine identities used for API automation. Access policies
    bind roles to service accounts or users, controlling what operations
    they can perform within a Tenant Service Group scope.
  version: '1.0'
  contact:
    name: Palo Alto Networks Developer Support
    url: https://pan.dev/
  license:
    name: Proprietary
    url: https://www.paloaltonetworks.com/legal
servers:
- url: https://api.sase.paloaltonetworks.com/iam/v1
  description: SASE IAM Service API production server.
security:
- oauth2Bearer: []
tags:
- name: Access Policies
  description: Access policy management for role-based access control.
- name: Roles
  description: Available IAM roles and their permissions.
- name: Service Accounts
  description: Service account management and credential generation.
paths:
  /service-accounts:
    get:
      operationId: listServiceAccounts
      summary: Palo Alto Networks List Service Accounts
      description: >-
        Returns the list of service accounts for the authenticated tenant.
        Service accounts are machine identities used to authenticate API
        automation workflows using the client_credentials OAuth 2.0 grant.
      tags:
      - Service Accounts
      parameters:
      - name: tsg_id
        in: query
        description: Filter service accounts by Tenant Service Group ID.
        schema:
          type: string
        example: '863313'
      - name: offset
        in: query
        description: Number of results to skip for pagination.
        schema:
          type: integer
          default: 0
        example: 0
      - name: limit
        in: query
        description: Maximum number of service accounts to return.
        schema:
          type: integer
          default: 50
          maximum: 200
        example: 50
      responses:
        '200':
          description: Service accounts returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  total:
                    type: integer
                  offset:
                    type: integer
                  limit:
                    type: integer
                  items:
                    type: array
                    items:
                      $ref: '#/components/schemas/ServiceAccount'
              examples:
                ListServiceAccounts200Example:
                  summary: Default listServiceAccounts 200 response
                  x-microcks-default: true
                  value:
                    total: 799
                    offset: 654
                    limit: 730
                    items:
                    - id: example-id
                      name: Branch Agent 97
                      display_name: Sarah Wilson
                      description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation.
                      tsg_id: '758466'
                      key_count: 11
                      created_at: '2026-11-23T17:14:36Z'
                      updated_at: '2025-05-26T22:44:02Z'
                    - id: example-id
                      name: Branch Agent 97
                      display_name: Sarah Wilson
                      description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation.
                      tsg_id: '758466'
                      key_count: 11
                      created_at: '2026-11-23T17:14:36Z'
                      updated_at: '2025-05-26T22:44:02Z'
        '400':
          description: Invalid query parameters.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                ListServiceAccounts400Example:
                  summary: Default listServiceAccounts 400 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '401':
          description: Invalid or missing Bearer token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                ListServiceAccounts401Example:
                  summary: Default listServiceAccounts 401 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '403':
          description: Insufficient permissions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                ListServiceAccounts403Example:
                  summary: Default listServiceAccounts 403 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '500':
          description: Internal server error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                ListServiceAccounts500Example:
                  summary: Default listServiceAccounts 500 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      operationId: createServiceAccount
      summary: Palo Alto Networks Create Service Account
      description: >-
        Creates a new service account. After creation, use the
        POST /service-accounts/{id}/keys endpoint to generate credentials.
        Service accounts are scoped to a Tenant Service Group and must be
        assigned access policies to grant API permissions.
      tags:
      - Service Accounts
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ServiceAccountRequest'
            examples:
              CreateServiceAccountRequestExample:
                summary: Default createServiceAccount request
                x-microcks-default: true
                value:
                  name: Primary Policy 99
                  display_name: Priya Chen
                  description: Traffic malware configured firewall suspicious investigation activity applied on incident.
                  tsg_id: '512892'
      responses:
        '201':
          description: Service account created successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceAccount'
              examples:
                CreateServiceAccount201Example:
                  summary: Default createServiceAccount 201 response
                  x-microcks-default: true
                  value:
                    id: example-id
                    name: Branch Agent 97
                    display_name: Sarah Wilson
                    description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation.
                    tsg_id: '758466'
                    key_count: 11
                    created_at: '2026-11-23T17:14:36Z'
                    updated_at: '2025-05-26T22:44:02Z'
        '400':
          description: Invalid request body.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                CreateServiceAccount400Example:
                  summary: Default createServiceAccount 400 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '401':
          description: Invalid or missing Bearer token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                CreateServiceAccount401Example:
                  summary: Default createServiceAccount 401 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '403':
          description: Insufficient permissions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                CreateServiceAccount403Example:
                  summary: Default createServiceAccount 403 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '409':
          description: A service account with this name already exists.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                CreateServiceAccount409Example:
                  summary: Default createServiceAccount 409 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '500':
          description: Internal server error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                CreateServiceAccount500Example:
                  summary: Default createServiceAccount 500 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /service-accounts/{id}:
    get:
      operationId: getServiceAccount
      summary: Palo Alto Networks Get Service Account
      description: Returns full details for a specific service account.
      tags:
      - Service Accounts
      parameters:
      - name: id
        in: path
        required: true
        description: Unique identifier of the service account.
        schema:
          type: string
        example: example-id
      responses:
        '200':
          description: Service account details returned.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceAccount'
              examples:
                GetServiceAccount200Example:
                  summary: Default getServiceAccount 200 response
                  x-microcks-default: true
                  value:
                    id: example-id
                    name: Branch Agent 97
                    display_name: Sarah Wilson
                    description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation.
                    tsg_id: '758466'
                    key_count: 11
                    created_at: '2026-11-23T17:14:36Z'
                    updated_at: '2025-05-26T22:44:02Z'
        '401':
          description: Invalid or missing Bearer token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                GetServiceAccount401Example:
                  summary: Default getServiceAccount 401 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '403':
          description: Insufficient permissions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                GetServiceAccount403Example:
                  summary: Default getServiceAccount 403 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '404':
          description: Service account not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                GetServiceAccount404Example:
                  summary: Default getServiceAccount 404 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '500':
          description: Internal server error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                GetServiceAccount500Example:
                  summary: Default getServiceAccount 500 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    put:
      operationId: updateServiceAccount
      summary: Palo Alto Networks Update Service Account
      description: Updates the display name or description of an existing service account.
      tags:
      - Service Accounts
      parameters:
      - name: id
        in: path
        required: true
        description: Unique identifier of the service account to update.
        schema:
          type: string
        example: example-id
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ServiceAccountUpdate'
            examples:
              UpdateServiceAccountRequestExample:
                summary: Default updateServiceAccount request
                x-microcks-default: true
                value:
                  display_name: Alex Kumar
                  description: Network on network threat policy threat traffic detected network endpoint incident configured.
      responses:
        '200':
          description: Service account updated successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceAccount'
              examples:
                UpdateServiceAccount200Example:
                  summary: Default updateServiceAccount 200 response
                  x-microcks-default: true
                  value:
                    id: example-id
                    name: Branch Agent 97
                    display_name: Sarah Wilson
                    description: Investigation suspicious blocked threat on firewall suspicious Security Security alert investigation.
                    tsg_id: '758466'
                    key_count: 11
                    created_at: '2026-11-23T17:14:36Z'
                    updated_at: '2025-05-26T22:44:02Z'
        '400':
          description: Invalid request body.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                UpdateServiceAccount400Example:
                  summary: Default updateServiceAccount 400 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '401':
          description: Invalid or missing Bearer token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                UpdateServiceAccount401Example:
                  summary: Default updateServiceAccount 401 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '403':
          description: Insufficient permissions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                UpdateServiceAccount403Example:
                  summary: Default updateServiceAccount 403 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '404':
          description: Service account not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                UpdateServiceAccount404Example:
                  summary: Default updateServiceAccount 404 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '500':
          description: Internal server error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                UpdateServiceAccount500Example:
                  summary: Default updateServiceAccount 500 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    delete:
      operationId: deleteServiceAccount
      summary: Palo Alto Networks Delete Service Account
      description: >-
        Deletes a service account and revokes all associated credentials.
        Any active API sessions using credentials from this account will
        be invalidated.
      tags:
      - Service Accounts
      parameters:
      - name: id
        in: path
        required: true
        description: Unique identifier of the service account to delete.
        schema:
          type: string
        example: example-id
      responses:
        '204':
          description: Service account deleted successfully.
        '401':
          description: Invalid or missing Bearer token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                DeleteServiceAccount401Example:
                  summary: Default deleteServiceAccount 401 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '403':
          description: Insufficient permissions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                DeleteServiceAccount403Example:
                  summary: Default deleteServiceAccount 403 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '404':
          description: Service account not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                DeleteServiceAccount404Example:
                  summary: Default deleteServiceAccount 404 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '500':
          description: Internal server error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                DeleteServiceAccount500Example:
                  summary: Default deleteServiceAccount 500 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /service-accounts/{id}/keys:
    post:
      operationId: generateServiceAccountCredentials
      summary: Palo Alto Networks Generate Service Account Credentials
      description: >-
        Generates a new client ID and client secret for a service account.
        The client secret is returned only once in the response and cannot
        be retrieved again. Store the credentials securely. Use these
        credentials with the OAuth 2.0 client_credentials grant to obtain
        Bearer tokens for API authentication.
      tags:
      - Service Accounts
      parameters:
      - name: id
        in: path
        required: true
        description: Unique identifier of the service account.
        schema:
          type: string
        example: example-id
      requestBody:
        required: false
        content:
          application/json:
            schema:
              type: object
              properties:
                description:
                  type: string
                  description: Optional description for this set of credentials.
                expires_in_days:
                  type: integer
                  description: >-
                    Number of days until the credentials expire. If omitted,
                    credentials do not expire.
                  minimum: 1
                  maximum: 365
            examples:
              GenerateServiceAccountCredentialsRequestExample:
                summary: Default generateServiceAccountCredentials request
                x-microcks-default: true
                value:
                  description: Applied traffic investigation network Security endpoint investigation.
                  expires_in_days: 79
      responses:
        '201':
          description: Credentials generated successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceAccountCredentials'
              examples:
                GenerateServiceAccountCredentials201Example:
                  summary: Default generateServiceAccountCredentials 201 response
                  x-microcks-default: true
                  value:
                    key_id: '805173'
                    client_id: '846434'
                    client_secret: example-client_secret
                    description: Suspicious on firewall policy applied violation rule policy policy.
                    expires_at: '2024-05-22T20:49:01Z'
                    created_at: '2024-09-21T21:03:36Z'
        '401':
          description: Invalid or missing Bearer token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                GenerateServiceAccountCredentials401Example:
                  summary: Default generateServiceAccountCredentials 401 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '403':
          description: Insufficient permissions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                GenerateServiceAccountCredentials403Example:
                  summary: Default generateServiceAccountCredentials 403 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '404':
          description: Service account not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                GenerateServiceAccountCredentials404Example:
                  summary: Default generateServiceAccountCredentials 404 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '500':
          description: Internal server error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                GenerateServiceAccountCredentials500Example:
                  summary: Default generateServiceAccountCredentials 500 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /service-accounts/{id}/keys/{key_id}:
    delete:
      operationId: revokeServiceAccountKey
      summary: Palo Alto Networks Revoke Service Account Key
      description: >-
        Revokes a specific set of credentials for a service account. Any
        active API sessions using these credentials will be invalidated
        immediately.
      tags:
      - Service Accounts
      parameters:
      - name: id
        in: path
        required: true
        description: Unique identifier of the service account.
        schema:
          type: string
        example: example-id
      - name: key_id
        in: path
        required: true
        description: Unique identifier of the key to revoke.
        schema:
          type: string
        example: '973646'
      responses:
        '204':
          description: Credentials revoked successfully.
        '401':
          description: Invalid or missing Bearer token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                RevokeServiceAccountKey401Example:
                  summary: Default revokeServiceAccountKey 401 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '403':
          description: Insufficient permissions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                RevokeServiceAccountKey403Example:
                  summary: Default revokeServiceAccountKey 403 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '404':
          description: Service account or key not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                RevokeServiceAccountKey404Example:
                  summary: Default revokeServiceAccountKey 404 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
        '500':
          description: Internal server error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                RevokeServiceAccountKey500Example:
                  summary: Default revokeServiceAccountKey 500 response
                  x-microcks-default: true
                  value:
                    error: example-error
                    message: Malware endpoint traffic incident on on traffic rule endpoint traffic.
                    request_id: 1e1e39dd-16dd-4699-a272-365b75e92268
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /access-policies:
    get:
      operationId: listAccessPolicies
      summary: Palo Alto Networks List Access Policies
      description: >-
        Returns the access policies defined for the tenant. Access policies
        bind a principal (service account or user) to a role within a
        specific TSG scope, controlling what API operations the principal
        can perform.
      tags:
      - Access Policies
      parameters:
      - name: principal_id
        in: query
        description: Filter policies by principal ID (service account or user).
        schema:
          type: string
        example: '179028'
      - name: tsg_id
        in: query
        description: Filter policie

# --- truncated at 32 KB (60 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-sase-iam-api-openapi-original.yml