Authentication
To initiate REST API requests, you must first log in to FortiPortal and acquire an API key.
The authorization key must be included in all subsequent API requests in the Authorization header. The key expires in one hour.
To acquire an API key in the GUI:
-
Log in to FortiPortal as an administrator.
-
In the header, click on the cog icon.
-
Click on API Key.
-
In the New API Key dialog, click Regenerate, then copy the API token .
Include the key in the API requests in this manner:
"-H "Authorization: Token <API_key>"
|
Acquiring a new key does not expire any other generated keys. |
To acquire a token in the API:
Send a POST request to https://<ipaddress>/fpc/api/auth/tokenlogin/ with the following JSON payload:
{
"username": <username>,
"password": <password>,
"ttl_days": <days>,
"ttl_hours": <hours>,
"ttl_minutes": <minutes>
}
|
Parameter |
Required |
Description |
|---|---|---|
|
username |
Y |
Valid admin user name. |
|
password |
Y |
Password for the admin user. |
|
ttl_days |
N |
Length of time, in days, that the token is valid. Maximum 30. |
|
ttl_hours |
N |
Length of time, in hours, that the token is valid. Maximum 23. |
|
ttl_minutes |
N |
Length of time, in minutes, that the token is valid. Maximum 59. |
|
If you attempt to retrieve another token while still in possession of an unexpired token, a 403 Error response is returned. |
JSON response:
{
"expiry": null,
"token": "138f1bc8865ba7659b86eff57533e90815406fdd1dd0d38f838100f469f2788d"
}
|
Parameter |
Description |
|---|---|
|
expiry |
The token expiry in ISO-8601 format. If no ttl values were provided, the token expires when tokenlogout is called. |
|
token |
API authorization token |
To log out and delete the token:
Send a POST request to https://<ipaddress>/fpc/api/auth/tokenlogout/ with the token to be deleted in the request Authorization header, as detailed in Accessing the API.
This returns a 204 No Content response.