Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide

    API keys

    API keys

    For information on leveraging FortiCNAPP functionality by an API through FortiCloud, see API access to FortiCNAPP through FortiCloud.

    FortiCNAPP provides a combination of API keys and tokens that you can use to access the FortiCNAPP API. You can create an API key in the console. You can then use that key to generate temporary access (bearer) tokens to authenticate calls to the FortiCNAPP API. API calls made using the bearer token are subject to the permissions of the user to whom the API key is assigned.

    You can create an API key for a human user or a service user. Service users have access to the full API, but are unable to log in to the console. They are intended for enabling programmatic access, for example, to access the API from services or scripts, or to integrate Lacework with other applications. For more information, see Service Users.

    About API keys

    To create an API key, you must have the account admin role or otherwise have write permissions for API keys in the console. Each console user can have up to 20 keys. See Access Control Overview for more information.

    An API key doesn't expire but it can be disabled or deleted. After creating a key, you should download and securely store it.

    After creating the key, API users can use the key to generate bearer access tokens that they can use in API requests. For information on creating and using bearer access tokens, see the FortiCNAPP API Reference.

    API keys

    To create an API key:

    1. Navigate to Settings > Configuration > API keys.

    2. Choose the User API keys tab to add a key for a human user, or Service user API keys for programmatic API users, such as scripts or integrations.

    3. Click + Add New.

    4. Enter a name for the key and an optional description.

      Toggle on Assign this to a service user if you want the API Key to emulate a Service User, and select the assigned Service User from the drop-down.

    5. Click Save.

    Download the generated API key file and open it in an editor to view and use the key ID and generated secret in your API requests.

    If an API key is created by an administrator that is later relegated to the user role, that API key can't be used to generate tokens or access the FortiCNAPP API.

    See the FortiCNAPP API Reference for information on how to generate temporary bearer tokens from an API key.

    Previous
    Next

    API keys

    API keys

    For information on leveraging FortiCNAPP functionality by an API through FortiCloud, see API access to FortiCNAPP through FortiCloud.

    FortiCNAPP provides a combination of API keys and tokens that you can use to access the FortiCNAPP API. You can create an API key in the console. You can then use that key to generate temporary access (bearer) tokens to authenticate calls to the FortiCNAPP API. API calls made using the bearer token are subject to the permissions of the user to whom the API key is assigned.

    You can create an API key for a human user or a service user. Service users have access to the full API, but are unable to log in to the console. They are intended for enabling programmatic access, for example, to access the API from services or scripts, or to integrate Lacework with other applications. For more information, see Service Users.

    About API keys

    To create an API key, you must have the account admin role or otherwise have write permissions for API keys in the console. Each console user can have up to 20 keys. See Access Control Overview for more information.

    An API key doesn't expire but it can be disabled or deleted. After creating a key, you should download and securely store it.

    After creating the key, API users can use the key to generate bearer access tokens that they can use in API requests. For information on creating and using bearer access tokens, see the FortiCNAPP API Reference.

    API keys

    To create an API key:

    1. Navigate to Settings > Configuration > API keys.

    2. Choose the User API keys tab to add a key for a human user, or Service user API keys for programmatic API users, such as scripts or integrations.

    3. Click + Add New.

    4. Enter a name for the key and an optional description.

      Toggle on Assign this to a service user if you want the API Key to emulate a Service User, and select the assigned Service User from the drop-down.

    5. Click Save.

    Download the generated API key file and open it in an editor to view and use the key ID and generated secret in your API requests.

    If an API key is created by an administrator that is later relegated to the user role, that API key can't be used to generate tokens or access the FortiCNAPP API.

    See the FortiCNAPP API Reference for information on how to generate temporary bearer tokens from an API key.

    Previous
    Next