I keep running into issues when trying to attach compliance standards to existing policies using the Palo Alto Prisma Cloud REST API. Every time I make the request I get a 500 internal server error back from the server.
The API docs aren’t very clear about the exact payload structure needed. When I skip the basic required fields like name, policyType, and severity I get a 400 error which makes sense. But even with all those included I still hit the 500 error.
Here’s basically what my request looks like:
import requests
api_endpoint = "https://api2.redlock.io/policy/{id}"
request_headers = {
'Content-Type': 'application/json',
'x-redlock-auth': 'auth_token'
}
request_data = {
'name': 'my_policy_name',
'policyType': 'config_type',
'severity': 'high',
'complianceMetadata': [
{
'standardName': 'compliance_standard',
'requirementId': 'req_123',
'sectionId': 'section_456'
}
]
}
api_response = requests.put(api_endpoint, json=request_data, headers=request_headers)
Expected result should be a 200 status with the updated policy details including the new compliance mapping. Anyone know what I might be missing in the payload structure?
Had this exact problem a few months ago - it’s a field ordering issue in your request payload. Prisma Cloud’s API is picky about compliance metadata arrays. Your code looks fine, but you’re missing the complianceStandardId field that’s required with standardName. Each compliance metadata object needs both the readable name AND the internal ID. Hit /v1/compliance with a GET request first to grab the actual compliance standard ID, then add it to your payload: 'complianceStandardId': 'actual_uuid_here'. Double-check your requirement and section IDs are exact matches too - even tiny formatting differences will break it. The API docs suck on this point, but those ID fields are mandatory even though they don’t say so.
The 500 error indicates that your backend lacks the compliance framework setup necessary for the operation. Before updating policies with compliance metadata, ensure that the compliance standards are properly configured in your Prisma Cloud tenant. Based on my experience with a similar issue last year during policy automation, your payload seems correct, but it relies on existing compliance framework components. Initiate a GET request to /compliance to verify the existence of your compliance standard. Additionally, check /compliance/{compliance-id}/requirement and /compliance/{compliance-id}/requirement/{requirement-id}/section to confirm the validity of your IDs. The API may not provide helpful errors for broken references, often responding with a 500 instead. Be mindful that certain policy types impose restrictions on the applicability of compliance standards; configuration policies generally offer more flexibility compared to IAM or network policies.
check ur api version in the endpoint - I got the same 500 errors until I switched from v1 to v2 for policy updates. try removing the complianceMetadata array completely first to see if the basic policy update works, then add the compliance stuff back. the api sometimes craps out on malformed compliance refs.
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.