![nopsec-full-logo-white.png]](https://support.nopsec.com/hs-fs/hubfs/Images/Logos/NopSec%20Logos/nopsec-full-logo-white.png?height=40&name=nopsec-full-logo-white.png){kind=logo}
Integrating Palo Alto Cortex
Below are detailed instructions on how to create a Palo Alto Cortex API key with view-only permissions to assets and vulnerability findings
Creating a Read-Only API Key in Palo Alto Cortex
In the Palo Alto Cortex platform (which unified the API key generation process for Cortex XDR and Cortex Xpanse), API keys are assigned permissions directly based on the Role you select during creation.
To create a key with read-only permissions to view assets and findings (issues or incidents), you can use the built-in Viewer role or create a custom role with restricted scope.
Step 1: Generate the API Key
- Log in to your Cortex platform console using an account with administrative privileges.
- In the navigation menu, go to Settings (the gear icon) > Configurations.
- On the left-hand menu, under Integrations, select API Keys.
- In the upper-right corner of the screen, click the + New Key button.
Step 2: Configure Key Settings and Permissions
- In the generation window, set the Security Level:
- Standard: Recommended for basic API calls, Python scripts, and cURL commands.
- Advanced: Requires cryptographic nonce and timestamp hashing. Choose this only if you are integrating with a tool that requires it (like Cortex XSOAR) to prevent replay attacks.
- Under Role, select the built-in Viewer role. This restricts the API key to read-only access across the platform, allowing it to view assets and findings without being able to modify them or trigger response actions.
Note: If "Viewer" grants too much visibility across your tenant, select a Custom role instead. Ensure you have previously configured this custom role in the Access Management settings with explicitly defined "View" permissions for only the specific asset and incident components you want the API to reach. - (Optional) Check the Enable Expiration Date box to enforce key rotation, and add a Comment (e.g., "Read-Only Key for Asset Dashboard") to identify the key's purpose.
- Click Generate.
Step 3: Secure Your Credentials
Palo Alto Cortex requires two separate pieces of information to authenticate an API call: the API Key and the API Key ID.
- Immediately upon clicking Generate, a window will display your new API Key. Copy this string and store it securely in a secrets manager.
Important: Cortex will never display this API Key again after you close this window. - Close the generation window to return to the main API Keys table.
- Locate the row for the key you just created and copy the number in the ID column. This is your API Key ID.
Step 4: Enable the integration in the Nopsec Platform
- Navigate to Integrations in the NopSec UI and select the option to add the Palo Alto Cortex
- Enter Integration Access Info: When prompted enter the following information and click the "Save and Connect" button:
- Connection Name: Unique name for this integration
- API Key: The API Key created in the previous steps
- API Key ID: The API Key ID created in previous steps
- URL: Your organization url used to access Palo Alto Cortex
- SAVE and CLOSE