Fortinet white logo
Fortinet white logo

REST API Solution Guide

Push authentication response (/pushauthresp/)

Push authentication response (/pushauthresp/)

URL: https://[server_name]/api/[api_version]/pushauthresp/

This endpoint is used by FortiToken Mobile devices to submit the response to a token code validation request triggered by a prior call to the /pushauth/ endpoint. This API is for use by FTM2 to send back the OTP for login verification.

Supported fields

Field Display name Type Required Other restrictions
session_id Authentication session ID string Yes unique
action Requested action string Yes Must be "validate" or "alert"
token_code Security token code string Yes Only required when "action" is "validate"
message Alert message string Yes Only required when "action" is "alert"
hmac HMAC verification string Yes Only required when "action" is "alert"

Allowed methods

HTTP method Resource URI Action
POST /api/v1/pushauthresp/ Validate the token code for the specified authentication session.

Response codes

In addition to the general codes defined in General API response codes, a POST request to this resource can also result in the following return codes:

Code Response content Description
200 OK Valid credentials
401 Unauthorized Invalid credentials

Push authentication response (/pushauthresp/)

Push authentication response (/pushauthresp/)

URL: https://[server_name]/api/[api_version]/pushauthresp/

This endpoint is used by FortiToken Mobile devices to submit the response to a token code validation request triggered by a prior call to the /pushauth/ endpoint. This API is for use by FTM2 to send back the OTP for login verification.

Supported fields

Field Display name Type Required Other restrictions
session_id Authentication session ID string Yes unique
action Requested action string Yes Must be "validate" or "alert"
token_code Security token code string Yes Only required when "action" is "validate"
message Alert message string Yes Only required when "action" is "alert"
hmac HMAC verification string Yes Only required when "action" is "alert"

Allowed methods

HTTP method Resource URI Action
POST /api/v1/pushauthresp/ Validate the token code for the specified authentication session.

Response codes

In addition to the general codes defined in General API response codes, a POST request to this resource can also result in the following return codes:

Code Response content Description
200 OK Valid credentials
401 Unauthorized Invalid credentials