Connect FortiGate device via API Token
FortiConverter can import configurations through REST-API. Each API request can use an API token to be authenticated.
An API token is generated by creating a new REST API admin on FortiGate GUI.
Create new REST API admin
Step 1: Create an administrator profile
- On the FortiGate GUI, select System > Admin Profiles > Create New.
- Create a New Profile.
- Enter a profile name and enable all the Read/Write permissions. Please note the profile name, it will be used in Step 2.
- Click OK.
Step 2: Set up the global scope in the admin profile:
If your device is in multiple VDOM mode, please set the scope of the admin profile into "global":
- Open the CLI console.
- Input the following commands:
config global
config system accprofile
edit <your admin profile>
set scope global
next
end
end
Step 3: Create a REST API Admin:
- On the FortiGate GUI, select System > Administrators > Create New > REST API Admin.
- Enter the API-user's name and select the profile name you created from Step 1.
- The trusted host must be specified to ensure that the machine of your FortiConverter installed can reach the FortiGate.
- Click OK and an API token will be generated.
- Make a note of the API token as it’s only shown once and cannot be retrieved.
- Click Close to complete creation of the REST API Admin.
Regenerate an API token for API-user:
In FortiGate GUI, go to System > Administrators.
- Edit your REST API admin user
- Click Regenerate.
In CLI console, use the CLI command below:
execute api-user generate-key [API user name]
The steps above must be performed from the FortiGate GUI as an administrator with the super_admin profile. |
Next: Connecting FortiGate devices