Fortinet black logo

Online Help

FortiCWP APIs

Copy Link
Copy Doc ID e4328cd7-f48b-11eb-97f7-00505692583a:793533

FortiCWP APIs

FortiCWP service endpoints supports HTTP requests through the use of REST APIs. This section contains documentation for FortiCWP REST API service endpoints. FortiCWP provides one endpoint with single authentication token to simplify developer experience. All the service endpoints can be accessed through a single access/bearer token. The HTTP requests provide access to valuable FortiCWP cloud resources. All FortiCWP REST APIs, such as Get, POST, etc. require access/bearer token in assembling HTTPS requests.

Request Authorization Methods

There are 3 methods of acquiring the access/bearer token from FortiCWP to assemble a REST API request to access ForticWP resources.

1. Client Credential

Client credential can be used to generate access/bearer token to form request headers. First, you will need to log into FortiCWP and generate a FortiCWP credential, please follow the guide in . This is only a one-time process, and only one credential is necessary to generate access/bearer token.

After you have acquired a client credential, it can be used permanently to assemble the request header to obtain an access/bearer token as long as the client credential is not revoked.

Follow the example in Get Credentials Token to use client credential to assemble HTTPS POST request header to acquire access/bearer token.

2. Username and Password

Another method of acquiring access/bearer token is through your FortiCWP account username and password. Follow the example in Get Authorization Token to assemble HTTPS POST request header to acquire access/bearer token using your username and password.

3. Refresh Token

The use of refresh token requires one of the two methods above. Once you get the response through client credential or username/password, you may use the refresh token in the response body to acquire more bearer tokens without using client credential or user/name password. Follow the example in Get Refresh Token to generate access/bearer token using refresh token. The refresh token will expire 8 hours after generated.

Fabricate Request Header and Body

After acquiring access/bearer token, use the bearer token to assemble a REST API request. Like all other REST APIT requests, FortiCWP operate through a secured channel: URI request with HTTPS protocol. The details of the request parameters are determined by the specific REST API specification.

You may take a closer look in each REST API specification to determine what additional fields are necessary to fulfill the request. Request body is an optional field, depending on the API specification, some parameters may be required and others are optional.

Send Request

There are 5 request headers that are often used in FortiCWP REST API requests. The first 3 are default request headers.

Request Header

Description

Host The domain name of the REST service endpoint or the IP address

Authorization

Access/bearer token generated earlier through one of the get token methods
Content-Type This default header is set as "application/json"
Company ID The company ID of the company which the username or the credential is originated from. Company ID can be obtained from Get Resource Map

File ID

File ID is used when requests sent associate with documents stored in the cloud accounts. File ID can be obtained from Get Alert by Filter

When you have assembled the request header and body, the request is ready to be sent to the REST endpoint. Here is a GET request example in HTTPS:

GET /api/v1/country/list? HTTP/1.1

Host: www.forticwp.com

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZSI6IkFQSSIsImlzcyI6ImZhdXRoLXNlcnZlciIsImhvc3QiOlsiRkNXUCJdLCJleHAiOjE1ODY5MTUxNjQsImFpZCI6InFhLmNhc2IxQGdtYWlsLmNvbSJ9.Hh2yVHEEd73BJ31rEjB2C-iclodmMigEPIwtuRwCObo

Content-Type: application/json

REST API Response

After you sent the request to FortiCWP service endpoint, you will receive a response header and a response body. The above request calls for the list of countries, and here is a part of the response in JSON format:

[

{

"id":"US",

"country":"United States of America"

}

]

API Throttling

API throttling refers to the limit that FortiCWP sets on the number of requests in a range of time to prevent the application sending too many requests. The API throttling of FortiCWP is 100TPM (times per minute), meaning there can have 100 requests in one minute.

FortiCWP APIs

FortiCWP service endpoints supports HTTP requests through the use of REST APIs. This section contains documentation for FortiCWP REST API service endpoints. FortiCWP provides one endpoint with single authentication token to simplify developer experience. All the service endpoints can be accessed through a single access/bearer token. The HTTP requests provide access to valuable FortiCWP cloud resources. All FortiCWP REST APIs, such as Get, POST, etc. require access/bearer token in assembling HTTPS requests.

Request Authorization Methods

There are 3 methods of acquiring the access/bearer token from FortiCWP to assemble a REST API request to access ForticWP resources.

1. Client Credential

Client credential can be used to generate access/bearer token to form request headers. First, you will need to log into FortiCWP and generate a FortiCWP credential, please follow the guide in . This is only a one-time process, and only one credential is necessary to generate access/bearer token.

After you have acquired a client credential, it can be used permanently to assemble the request header to obtain an access/bearer token as long as the client credential is not revoked.

Follow the example in Get Credentials Token to use client credential to assemble HTTPS POST request header to acquire access/bearer token.

2. Username and Password

Another method of acquiring access/bearer token is through your FortiCWP account username and password. Follow the example in Get Authorization Token to assemble HTTPS POST request header to acquire access/bearer token using your username and password.

3. Refresh Token

The use of refresh token requires one of the two methods above. Once you get the response through client credential or username/password, you may use the refresh token in the response body to acquire more bearer tokens without using client credential or user/name password. Follow the example in Get Refresh Token to generate access/bearer token using refresh token. The refresh token will expire 8 hours after generated.

Fabricate Request Header and Body

After acquiring access/bearer token, use the bearer token to assemble a REST API request. Like all other REST APIT requests, FortiCWP operate through a secured channel: URI request with HTTPS protocol. The details of the request parameters are determined by the specific REST API specification.

You may take a closer look in each REST API specification to determine what additional fields are necessary to fulfill the request. Request body is an optional field, depending on the API specification, some parameters may be required and others are optional.

Send Request

There are 5 request headers that are often used in FortiCWP REST API requests. The first 3 are default request headers.

Request Header

Description

Host The domain name of the REST service endpoint or the IP address

Authorization

Access/bearer token generated earlier through one of the get token methods
Content-Type This default header is set as "application/json"
Company ID The company ID of the company which the username or the credential is originated from. Company ID can be obtained from Get Resource Map

File ID

File ID is used when requests sent associate with documents stored in the cloud accounts. File ID can be obtained from Get Alert by Filter

When you have assembled the request header and body, the request is ready to be sent to the REST endpoint. Here is a GET request example in HTTPS:

GET /api/v1/country/list? HTTP/1.1

Host: www.forticwp.com

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZSI6IkFQSSIsImlzcyI6ImZhdXRoLXNlcnZlciIsImhvc3QiOlsiRkNXUCJdLCJleHAiOjE1ODY5MTUxNjQsImFpZCI6InFhLmNhc2IxQGdtYWlsLmNvbSJ9.Hh2yVHEEd73BJ31rEjB2C-iclodmMigEPIwtuRwCObo

Content-Type: application/json

REST API Response

After you sent the request to FortiCWP service endpoint, you will receive a response header and a response body. The above request calls for the list of countries, and here is a part of the response in JSON format:

[

{

"id":"US",

"country":"United States of America"

}

]

API Throttling

API throttling refers to the limit that FortiCWP sets on the number of requests in a range of time to prevent the application sending too many requests. The API throttling of FortiCWP is 100TPM (times per minute), meaning there can have 100 requests in one minute.