Getting Started with the Cato API: Your First API Call
Want to start automating tasks in Cato? This tutorial walks through the fundamentals of the Cato Management API, how it fits into automation workflows, and how to make your first API call using the Cato API Explorer.
Why Use the Cato API?
The Cato API enables you to automate and integrate with the Cato platform, including:
- Provisioning sites and network configurations
- Creating or updating security and networking rules
- Integrating with infrastructure automation tools such as Terraform, Pulumi, and Azure DevOps
- Connecting with operational tools like Ansible, Chef, Puppet, and Salt
- Exporting security events, incidents, and network data
- Sending data to platforms such as ServiceNow, Splunk, and other operational or security workflows
In short, the API allows you to connect Cato with the rest of your technology ecosystem.
Understanding the Cato API
The Cato Management API uses GraphQL, which differs slightly from traditional REST APIs.
Two key concepts:
- Queries → Retrieve information and data from Cato
- Mutations → Create, update, or delete configurations
The official API documentation is the best place to explore available queries and mutations.
Introducing the Cato API Explorer
The Cato API Explorer is an open-source tool available on GitHub that simplifies working with the Cato API.
Key benefits:
- Automatically loads the latest production API schema
- Displays all available API calls
- Generates request parameters automatically
- Provides live API responses
- Creates ready-to-use examples in:
This makes it much easier for users who are new to APIs or GraphQL.
Setting Up the API Explorer
Prerequisites
- Docker installed and running
- Access to the Cato API Explorer repository on GitHub
Quick Setup
- Download or copy the
docker-compose.yml file from the repository. - Save it locally.
- Run:
docker compose pulldocker compose up -d
- Open your browser and navigate to:
http://localhost:8080
The API Explorer should now be running locally.
Creating an API Key
Before making API calls, you'll need an API key.
In the Cato Management Application:
- Navigate to Resources → API Keys
- Create a new key
- Select:
- View access or Edit access
- Optional IP restrictions
- Expiration period
- Save and copy the generated key
Then, in the API Explorer:
- Enter your API key
- Enter your Account ID
- Select the appropriate API endpoint region
- Save and validate the credentials
Once validated, the Explorer is connected to your Cato account.
Making Your First API Call
One example highlighted in the tutorial is Account Snapshot.
This query provides information about:
- Sites
- Sockets
- Users
- Other account-level resources
The Explorer automatically:
- Generates required parameters
- Allows filtering (for example, by Site ID)
- Builds the GraphQL payload
- Displays live responses
This helps users understand exactly what data is returned before building larger automations.
Using Entity Lookup
Another highly useful query is Entity Lookup.
It allows you to retrieve lists of resources such as:
- Sites
- VPN users
- Network interfaces
- Site ranges
- Other account entities
You can also apply filters dynamically, making it easy to test queries and understand the structure of the returned data.
This is particularly helpful when developing scripts or integrations because you can see exactly how the response data is organized before writing code.
Built-In Code Generation
One of the most powerful features of the API Explorer is automatic code generation.
For any query, the Explorer can generate:
- Python code
- cURL commands
- Cato CLI commands
This allows you to:
- Test API calls immediately
- Copy examples into scripts
- Accelerate automation development
- Reduce errors when building GraphQL requests
Working with the Cato CLI
The tutorial also introduces the Cato CLI, which works alongside the API Explorer.
Installation:
pip3 install cato-cli
Configuration:
cato-cli configure
After adding your credentials, you can run the generated CLI commands directly from your terminal and receive the same API responses shown in the Explorer.
Key Takeaway
The Cato API Explorer significantly lowers the barrier to entry for API automation by:
- Removing much of the complexity of GraphQL
- Automatically generating request structures
- Providing live testing capabilities
- Generating ready-to-use code examples
Whether you're building integrations, automating provisioning, or extracting data from the platform, it's an excellent starting point for your Cato API journey.
----
Let us know what you think and what you'd like to learn more about.
