Fortinet white logo
Fortinet white logo

Authentication

Authentication

To initiate REST API requests, you must first log in to FortiPortal and acquire an API key.

The authorization key must be included in all subsequent API requests in the Authorization header. The key expires in one hour.

To acquire an API key in the GUI:
  1. Log in to FortiPortal as an administrator.

  2. In the header, click on the cog icon.

  3. Click on API Key.

  4. In the New API Key dialog, click Regenerate, then copy the API token .

Include the key in the API requests in this manner:

"-H "Authorization: Token <API_key>"

Note

Acquiring a new key does not expire any other generated keys.

To acquire a token in the API:

Send a POST request to https://<ipaddress>/fpc/api/auth/tokenlogin/ with the following JSON payload:

{
  "username": <username>,
  "password": <password>,
  "ttl_days": <days>,
  "ttl_hours": <hours>,
  "ttl_minutes": <minutes>
}

Parameter

Required

Description

username

Y

Valid admin user name.

password

Y

Password for the admin user.

ttl_days

N

Length of time, in days, that the token is valid. Maximum 30.

ttl_hours

N

Length of time, in hours, that the token is valid. Maximum 23.

ttl_minutes

N

Length of time, in minutes, that the token is valid. Maximum 59.

JSON response:

{
  "expiry": null,
  "token": "138f1bc8865ba7659b86eff57533e90815406fdd1dd0d38f838100f469f2788d"
}

Parameter

Description

expiry

The token expiry in ISO-8601 format.

If no ttl values were provided, the token expires in 10 hours or when tokenlogout is called.

token

API authorization token

To log out and delete the token:

Send a POST request to https://<ipaddress>/fpc/api/auth/tokenlogout/ with the token to be deleted in the request Authorization header, as detailed in Accessing the API.

This returns a 204 No Content response.

Authentication

Authentication

To initiate REST API requests, you must first log in to FortiPortal and acquire an API key.

The authorization key must be included in all subsequent API requests in the Authorization header. The key expires in one hour.

To acquire an API key in the GUI:
  1. Log in to FortiPortal as an administrator.

  2. In the header, click on the cog icon.

  3. Click on API Key.

  4. In the New API Key dialog, click Regenerate, then copy the API token .

Include the key in the API requests in this manner:

"-H "Authorization: Token <API_key>"

Note

Acquiring a new key does not expire any other generated keys.

To acquire a token in the API:

Send a POST request to https://<ipaddress>/fpc/api/auth/tokenlogin/ with the following JSON payload:

{
  "username": <username>,
  "password": <password>,
  "ttl_days": <days>,
  "ttl_hours": <hours>,
  "ttl_minutes": <minutes>
}

Parameter

Required

Description

username

Y

Valid admin user name.

password

Y

Password for the admin user.

ttl_days

N

Length of time, in days, that the token is valid. Maximum 30.

ttl_hours

N

Length of time, in hours, that the token is valid. Maximum 23.

ttl_minutes

N

Length of time, in minutes, that the token is valid. Maximum 59.

JSON response:

{
  "expiry": null,
  "token": "138f1bc8865ba7659b86eff57533e90815406fdd1dd0d38f838100f469f2788d"
}

Parameter

Description

expiry

The token expiry in ISO-8601 format.

If no ttl values were provided, the token expires in 10 hours or when tokenlogout is called.

token

API authorization token

To log out and delete the token:

Send a POST request to https://<ipaddress>/fpc/api/auth/tokenlogout/ with the token to be deleted in the request Authorization header, as detailed in Accessing the API.

This returns a 204 No Content response.