Demisto API Client

3.2.22 verified Mon Apr 27 auth: no python

A Python library for interacting with the Palo Alto Networks Cortex XSOAR (formerly Demisto) API. Version 3.2.22 supports Python 3.9–3.13. The library provides methods for incidents, indicators, integrations, jobs, and generic API requests. Maintained by Palo Alto Networks; releases follow roughly monthly cadence.

pip install demisto-py

Common errors

error ModuleNotFoundError: No module named 'demisto_client' ↓

cause Direct import of `demisto_client` is not the correct module; the package provides `demisto_sdk.demisto_client`.

fix

Use from demisto_sdk.demisto_client import DemistoClient.

error AttributeError: 'str' object has no attribute 'read' ↓

cause Passing a file path string instead of a file-like object to methods that expect files, such as `upload_incident_file`.

fix

Open the file handler first: with open('path', 'rb') as f: client.upload_incident_file(file_obj=f).

Warnings

breaking In v3.0+, `DemistoClient(api_key)` replaced older authentication via username/password. You must now provide an API key, not a password. ↓

fix Generate an API key from Settings > API Keys in XSOAR and pass as `api_key`.

gotcha The correct import path requires a sub-package: `from demisto_sdk.demisto_client import DemistoClient`. `pip show demisto-py` shows the package name but not the import path. ↓

fix Use `from demisto_sdk.demisto_client import DemistoClient`.

deprecated In v3.2.21+ `pkg_resources` is deprecated; the library now uses importlib.metadata internally. If you see warnings about `pkg_resources`, update to latest version. ↓

fix Upgrade demisto-py to >=3.2.21.

Imports

DemistoClient
wrong
```
from demisto_client import DemistoClient
```
correct
```
from demisto_sdk.demisto_client import DemistoClient
```
demisto-py installs as `demisto_sdk.demisto_client`; direct import of `demisto_client` is a stub.

generic_request_func

from demisto_sdk.demisto_client import generic_request_func

Quickstart

Initialize client and fetch a list of incidents.

from demisto_sdk.demisto_client import DemistoClient

client = DemistoClient(
    base_url=os.environ.get('DEMISTO_BASE_URL', 'https://my-dhost.example.com'),
    api_key=os.environ.get('DEMISTO_API_KEY', ''),
    verify_ssl=True
)
client.check_health()
# List all incidents
incidents = client.search_incidents()
print(incidents[:2])