Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiManager 7.4.10 Administration Guide
    7.4.10
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Creating administrators for the FortiManager API

    Creating administrators for the FortiManager API

    In order to use the FortiManager JSON API, you must first create an administrator.

    The type of administrator required depends on if you will be using a predefined API key or session-based authentication.

    • Predefined API key: A REST API Admin is used to generate a permanent API key, which means the same user account will always share the same session and you do not need to use the login/logout endpoints. Because of this benefit, predefined API keys are useful for simplifying automation workflows.

    • Session-based authentication: A regular FortiManager administrator with JSON API access is used with the login operation in order to get a session ID that is used in API requests.

    Both types of administrators also require that you assign an Admin Profile with the appropriate permissions to complete the desired operations.

    For more information on using the FortiManager JSON API, see the Fortinet Developer Network (FNDN).

    To create REST API administrator with a predefined API key:

    1. Go to System Settings > Administrators.

    2. Click the Create New dropdown and choose REST API Admin.

    3. Configure the following required information:

      User Name Enter a username.
      Admin Profile Select an admin profile that provides appropriate permissions required to complete the operations needed using the API.
      JSON API Access Select Read or Read-Write access, depending on your need.
      PKI Group

      (Optional) Certificate matching is supported as an extra layer of security. Both the client certificate and token must match to be granted access to the API.
      CORS Allow Origin

      (Optional) Cross Origin Resource Sharing (CORS) allows third-party web apps to make API requests to the FortiManager using the token.
      Trusted Hosts

      At least one trusted host must be configured. This trusted host should align with the IP range where the API requests will originate from.

    4. Configure any remaining settings as required, such as additional role-based access control settings to restrict the administrator to specific ADOMs, policy packages, or policy blocks.

    5. Click OK to create the REST API Admin.
      An API key is automatically generated for the REST API Admin. The API key is permanent and only shown once.

    6. Copy the API key. The generated API key can be used in the request header using the bearer authentication scheme.

    7. Optionally, you can generate a new API key by editing the REST API Admin and clicking Regenerate API Key.

    To create an administrator for session-based authentication:

    1. Go to System Settings > Administrators.

    2. Click the Create New dropdown and choose Administrator.

    3. Configure the following required information:

      User Name Enter a username.

      New Password/Confirm Password

      Enter a password.

      Admin Profile Select an admin profile that provides appropriate permissions required to complete the operations needed using the API.
      JSON API Access Select Read or Read-Write access, depending on your need.

    4. Configure any remaining settings as required, such as additional role-based access control settings to restrict the administrator to specific ADOMs, policy packages, or policy blocks.

    5. Click OK to create the administrator.

      The username and password of this administrator will be used for the login operation on FortiManager which will generate a session ID which is used in API requests.

    Previous
    Next

    Creating administrators for the FortiManager API

    Creating administrators for the FortiManager API

    In order to use the FortiManager JSON API, you must first create an administrator.

    The type of administrator required depends on if you will be using a predefined API key or session-based authentication.

    • Predefined API key: A REST API Admin is used to generate a permanent API key, which means the same user account will always share the same session and you do not need to use the login/logout endpoints. Because of this benefit, predefined API keys are useful for simplifying automation workflows.

    • Session-based authentication: A regular FortiManager administrator with JSON API access is used with the login operation in order to get a session ID that is used in API requests.

    Both types of administrators also require that you assign an Admin Profile with the appropriate permissions to complete the desired operations.

    For more information on using the FortiManager JSON API, see the Fortinet Developer Network (FNDN).

    To create REST API administrator with a predefined API key:

    1. Go to System Settings > Administrators.

    2. Click the Create New dropdown and choose REST API Admin.

    3. Configure the following required information:

      User Name Enter a username.
      Admin Profile Select an admin profile that provides appropriate permissions required to complete the operations needed using the API.
      JSON API Access Select Read or Read-Write access, depending on your need.
      PKI Group

      (Optional) Certificate matching is supported as an extra layer of security. Both the client certificate and token must match to be granted access to the API.
      CORS Allow Origin

      (Optional) Cross Origin Resource Sharing (CORS) allows third-party web apps to make API requests to the FortiManager using the token.
      Trusted Hosts

      At least one trusted host must be configured. This trusted host should align with the IP range where the API requests will originate from.

    4. Configure any remaining settings as required, such as additional role-based access control settings to restrict the administrator to specific ADOMs, policy packages, or policy blocks.

    5. Click OK to create the REST API Admin.
      An API key is automatically generated for the REST API Admin. The API key is permanent and only shown once.

    6. Copy the API key. The generated API key can be used in the request header using the bearer authentication scheme.

    7. Optionally, you can generate a new API key by editing the REST API Admin and clicking Regenerate API Key.

    To create an administrator for session-based authentication:

    1. Go to System Settings > Administrators.

    2. Click the Create New dropdown and choose Administrator.

    3. Configure the following required information:

      User Name Enter a username.

      New Password/Confirm Password

      Enter a password.

      Admin Profile Select an admin profile that provides appropriate permissions required to complete the operations needed using the API.
      JSON API Access Select Read or Read-Write access, depending on your need.

    4. Configure any remaining settings as required, such as additional role-based access control settings to restrict the administrator to specific ADOMs, policy packages, or policy blocks.

    5. Click OK to create the administrator.

      The username and password of this administrator will be used for the login operation on FortiManager which will generate a session ID which is used in API requests.

    Previous
    Next