Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 23.2.0 FortiLAN Cloud User Guide
23.2.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

API Users

API Users

API users authenticate with FortiAuthenticator to obtain the access token, this token is then used with FortiLAN Cloud.

Perform these steps to obtain access token from FortiAuthenticator.

  1. Login into the FortiCloud IAM portal with the account credentials.
  2. Create an API user and set Admin permission for FortiLAN Cloud.
  3. Download the API credentials (API ID, Password and Client ID).

Use the downloaded API user credentials to obtain the access token from FortiAuthenticator.

Request

$ curl https://customerapiauth.fortinet.com/api/v1/oauth/token/ -H 'Content-Type: application/json' -d '{\"username\": \"$api_id\", \"password\": \"$password\", \"client_id\": \"fortilancloud\", \"grant_type\": \"password\"}'

Response

{

\"access_token\": \"paLreKW6YGDfgSUfreEH90UCc1915v3\",

\"expires_in\": 14400,

\"message\": \"successfully authenticated\",

\"refresh_token\": \"WpD0HVYUdshsiWlMBR0Q6uUoV2TGUIa\",

\"scope\": \"read write\",

\"status\": \"success\",

\"token_type\": \"Bearer\"

}

The FortiAuthenticator access token is then used with FortiLAN Cloud by including it in the bearer header like the Email and IAM users.

To refresh an expired or non-expired access token

$ curl https://customerapiauth.fortinet.com/api/v1/oauth/token/ -H 'Content-Type: application/json' -d '{\"client_id\": \"fortilancloud\", \"grant_type\": \"refresh_token\", \"refresh_token\": \"WpD0HVYUdshsiWlMBR0Q6uUoV2TGUIa\"}'

To revoke access token

$ curl https://customerapiauth.fortinet.com/api/v1/oauth/revoke_token/ -H 'Content-Type: application/json' -d '{\"client_id\": \"fortilancloud\", \"token\": \"paLreKW6YGDfgSUfreEH90UCc1915v3\"}'

Note: The API user can have only one access token active at a time. In case of multiple concurrent scripts, you are required to create multiple API users with unique user credential to use in each script. Using the same API user to obtain another access token will automatically invalidate previous active access token.

Previous
Next

API Users

API users authenticate with FortiAuthenticator to obtain the access token, this token is then used with FortiLAN Cloud.

Perform these steps to obtain access token from FortiAuthenticator.

  1. Login into the FortiCloud IAM portal with the account credentials.
  2. Create an API user and set Admin permission for FortiLAN Cloud.
  3. Download the API credentials (API ID, Password and Client ID).

Use the downloaded API user credentials to obtain the access token from FortiAuthenticator.

Request

$ curl https://customerapiauth.fortinet.com/api/v1/oauth/token/ -H 'Content-Type: application/json' -d '{\"username\": \"$api_id\", \"password\": \"$password\", \"client_id\": \"fortilancloud\", \"grant_type\": \"password\"}'

Response

{

\"access_token\": \"paLreKW6YGDfgSUfreEH90UCc1915v3\",

\"expires_in\": 14400,

\"message\": \"successfully authenticated\",

\"refresh_token\": \"WpD0HVYUdshsiWlMBR0Q6uUoV2TGUIa\",

\"scope\": \"read write\",

\"status\": \"success\",

\"token_type\": \"Bearer\"

}

The FortiAuthenticator access token is then used with FortiLAN Cloud by including it in the bearer header like the Email and IAM users.

To refresh an expired or non-expired access token

$ curl https://customerapiauth.fortinet.com/api/v1/oauth/token/ -H 'Content-Type: application/json' -d '{\"client_id\": \"fortilancloud\", \"grant_type\": \"refresh_token\", \"refresh_token\": \"WpD0HVYUdshsiWlMBR0Q6uUoV2TGUIa\"}'

To revoke access token

$ curl https://customerapiauth.fortinet.com/api/v1/oauth/revoke_token/ -H 'Content-Type: application/json' -d '{\"client_id\": \"fortilancloud\", \"token\": \"paLreKW6YGDfgSUfreEH90UCc1915v3\"}'

Note: The API user can have only one access token active at a time. In case of multiple concurrent scripts, you are required to create multiple API users with unique user credential to use in each script. Using the same API user to obtain another access token will automatically invalidate previous active access token.

Previous
Next