POST
Pre-authentication URI:
-
/api/v1/auth/preview
Input fields:
| Field Name | Type | Required |
Description |
|---|---|---|---|
|
realm |
string |
No |
The realm name, which can be up to 80 characters in length. |
| realm_id | string | No | The realm ID. |
|
sn |
string |
No |
The device's serial number. |
|
vdom |
string |
No |
The auth client’s vdom. |
|
username |
string |
Yes |
The username, which can be up to 80 characters in length. |
|
case_accent_sensitive |
boolean |
No |
Whether the username is case-sensitive. |
|
auth_method |
string |
No |
The authentication method can be one of the following:
|
| user_ip | string | No | The user's IP address. |
| location | string | No | The user's location. |
Successful response fields:
| Field name | Type | Description |
|---|---|---|
|
auth_method |
string |
The authentication method, which can be one of the following:
|
|
action |
string |
The action for this authentication. Can be one of the following:
|
|
temp_token |
boolean |
Whether there is a temp token available for the user. If there is a temp token, the auth_method in response will indicate the original auth method. |
|
push_enabled |
boolean |
Whether push is enabled for this user. This field will be added if the action is ‘MFA’ and auth_method is ‘FTM’. |
|
message |
boolean |
Error message on why the action is ‘Block’. |
Response codes:
| Code | Response content | Description |
|---|---|---|
| 200 OK | Successful content as above | Regular preview auth request. |
| 400 Bad Request |
|
|
| 402 Payment Required |
|
Example request body:
{
"username":"abc",
"realm":"root",
"location":"US",
"user_ip":"10.160.x.x"
}
Example of successful response body:
{
"auth_method":"FTM",
"action":"MFA",
"push_enabled":True
}
Authentication URI:
• /api/v1/auth
Input fields:
| Field Name | Type | Required |
Description |
|---|---|---|---|
|
realm |
string |
No |
The realm name, which can be up to 80 characters in length. |
| realm_id | string | No | The realm ID. |
|
sn |
string |
No |
The device's serial number. |
|
vdom |
string |
No |
The auth client’s vdom. |
|
username |
string |
Yes |
The username, which can be up to 80 characters in length. |
|
token |
string |
No |
The one-time password |
|
case_accent_sensitive |
boolean |
No |
Whether the username is case-sensitive. |
|
auth_method |
string |
No |
The authentication method can be one of the following:
|
| user_ip | string | No | The user's IP address. |
| location | string | No | The user's location. |
|
account |
string |
No |
The account name of the application server. |
|
user_agent |
string |
No |
The user agent. |
|
token_selection |
string |
No |
Indicates which token/auth_method to use, original token or temporary token:
|
Successful response fields:
| Field name | Type | Description |
|---|---|---|
|
authid |
string |
The auth ID |
Response codes:
| Code | Response content | Description |
|---|---|---|
| 200 OK | Regular auth request, request with a token code. | |
|
201 OK |
|
Push authentication, auth method is FTM and request without token code. |
|
202 OK |
|
Client is requesting FTC to send an OTP to a user based on the user's settings in FTC (either email or SMS), no token code. |
| 400 Bad Request |
|
|
| 402 Payment Required |
The reminding SMS under customer is not enough. |
|
|
403 Forbidden |
Rejected authentication for user. |
The customer auth profile does not allow this specific action to use authentication service. Could be one of the following reasons:
|
Example request body:
{
"token":"xxxxxx",
"username":"abc",
"realm":"root",
"user_agent":"Mobile Safari",
"location":"US",
"user_ip":"10.160.x.x",
"account":"Fortinet"
}
Example of successful response body:
{
"authid":"12345678-abcd-efgh-1234-xxxxxxxxxxxx"
}