Fortinet white logo
Fortinet white logo

Identity & Access Management (IAM)

24.4.0

Accessing FortiAPIs

Accessing FortiAPIs

FortAPIs are located in the Fortinet Developer Network. To access the APIs, click FortiAPI and select a product from the list.

Note

The Fortinet Developer Network can only be accessed if you have an account registered.

Authorization

To obtain an OAuth token, an API user must send their credentials to the FortiAuthenticator API. Once the token is obtained, it should be sent in the Authorization header of the request with Bearer scheme, as in the example below:

Authorization: Bearer jVSjRMx5hpw5ZfASk8Hjo16X

For information about creating an OAuth token, see the FortiAuthenticator REST API Solution Guide > OAuth server token (/oauth/token/).

To obtain an access token:
  1. Log in to the IAM portal as an IAM User with Admin permissions.
  2. Create an IAM API user and configure the relevant permissions for the required product APIs. See Adding an API user.
  3. Download the IAM API user credentials (API Key, Password, client ID).
  4. Request the access token. For example:

    $curl -H 'Content-Type: application/json' -X POST <https://customerapiauth.fortinet.com>/api/v1/oauth/token/ -d '

    {"username": <API Key>,"password": <password>, "client_id": <clientId for FortiGate Cloud>,"grant_type": "password"}'

    Response:

    {

    "access_token": "paLreKW6YGDfgSUfreEH90UCc1915v3",

    "expires_in": 14400,

    "message": "successfully authenticated",

    "refresh_token": "WpD0HVYUdshsiWlMBR0Q6uUoV2TGUIa",

    "scope": "read write",

    "status": "success",

    "token_type": "Bearer"

    }

  5. Refresh the token. For example:

$curl -k -v -X POST <auth_url>/api/v1/oauth/token/ -H 'Content-Type: application/json' -d

'{"client_id": "fortigatecloud","grant_type": "refresh_token","refresh_token": "WpD0HVYUdshsiWlMBR0Q6uUoV2TGUIa", }'

Response:

{

"access_token": "qeOreKW6YGDfgSUfreEH90UCc1915v3",

"expires_in": 14400,

"message": "Token has been refreshed successfully",

"refresh_token": "xpD0HVYUdshsiWlMBR0Q6uUoV2TDSa",

"scope": "read write",

"status": "success",

"token_type": "Bearer"

}

Accessing FortiAPIs

Accessing FortiAPIs

FortAPIs are located in the Fortinet Developer Network. To access the APIs, click FortiAPI and select a product from the list.

Note

The Fortinet Developer Network can only be accessed if you have an account registered.

Authorization

To obtain an OAuth token, an API user must send their credentials to the FortiAuthenticator API. Once the token is obtained, it should be sent in the Authorization header of the request with Bearer scheme, as in the example below:

Authorization: Bearer jVSjRMx5hpw5ZfASk8Hjo16X

For information about creating an OAuth token, see the FortiAuthenticator REST API Solution Guide > OAuth server token (/oauth/token/).

To obtain an access token:
  1. Log in to the IAM portal as an IAM User with Admin permissions.
  2. Create an IAM API user and configure the relevant permissions for the required product APIs. See Adding an API user.
  3. Download the IAM API user credentials (API Key, Password, client ID).
  4. Request the access token. For example:

    $curl -H 'Content-Type: application/json' -X POST <https://customerapiauth.fortinet.com>/api/v1/oauth/token/ -d '

    {"username": <API Key>,"password": <password>, "client_id": <clientId for FortiGate Cloud>,"grant_type": "password"}'

    Response:

    {

    "access_token": "paLreKW6YGDfgSUfreEH90UCc1915v3",

    "expires_in": 14400,

    "message": "successfully authenticated",

    "refresh_token": "WpD0HVYUdshsiWlMBR0Q6uUoV2TGUIa",

    "scope": "read write",

    "status": "success",

    "token_type": "Bearer"

    }

  5. Refresh the token. For example:

$curl -k -v -X POST <auth_url>/api/v1/oauth/token/ -H 'Content-Type: application/json' -d

'{"client_id": "fortigatecloud","grant_type": "refresh_token","refresh_token": "WpD0HVYUdshsiWlMBR0Q6uUoV2TGUIa", }'

Response:

{

"access_token": "qeOreKW6YGDfgSUfreEH90UCc1915v3",

"expires_in": 14400,

"message": "Token has been refreshed successfully",

"refresh_token": "xpD0HVYUdshsiWlMBR0Q6uUoV2TDSa",

"scope": "read write",

"status": "success",

"token_type": "Bearer"

}