Fortinet Document Library

Version:


Table of Contents

Download PDF
Copy Link

POST

URI:
  • /api/v1/auth
Input fields:
Field Name Type Required

Description

realm

string

No

The realm name, which can be up to 80 characters in length.

realm_id string No The realm ID.

username

string

Yes

The username, which can be up to 80 characters in length.

token

string

No

The one-time password.

auth_method

string

No

The authentication method, which can be one of the following:

  • ‘FTM’
  • ‘Email’
  • ‘SMS’
  • ‘FTK’
user_ip string No The user's IP address.
location string No The user's location.
account string No The account name of the application server.
user_agent string No The user agent.
Example request body:

Input:

{

'token': 'xxxxxx',

'username': 'abc', `

'realm': 'root',

'user_agent': 'Mobile Safari',

'location': 'US',

'user_ip': '10.160.x.x',

'account': 'Fortinet'

}

Example of successful response body:
Return:
If token in request is not '':
    return None
else
    return {'authid': '12345678-abcd-efgh-1234-xxxxxxxxxxxx'}

There are three possible return codes (200/201/202):

  • If an API auth request is made with a token code, it is a regular auth request. FTC will return 200 without any body or 4xx with an error message as the HTTP body.
  • If an API auth request is made without any token code and the auth method is FTM, it is a push authentication. The API server will return 201 and an HTTP body with an authid. The push auth needs to interact with the related user and the API client cannot get the authentication result immediately. The API client can use the GET method to get the push auth result.
  • An API auth request with no token code and the auth method set to email or SMS means that the client is requesting FTC to send an OTP to a user based on the user's settings in FTC (either email or SMS). FTC will return 202 without any HTTP body, if successful.

POST

URI:
  • /api/v1/auth
Input fields:
Field Name Type Required

Description

realm

string

No

The realm name, which can be up to 80 characters in length.

realm_id string No The realm ID.

username

string

Yes

The username, which can be up to 80 characters in length.

token

string

No

The one-time password.

auth_method

string

No

The authentication method, which can be one of the following:

  • ‘FTM’
  • ‘Email’
  • ‘SMS’
  • ‘FTK’
user_ip string No The user's IP address.
location string No The user's location.
account string No The account name of the application server.
user_agent string No The user agent.
Example request body:

Input:

{

'token': 'xxxxxx',

'username': 'abc', `

'realm': 'root',

'user_agent': 'Mobile Safari',

'location': 'US',

'user_ip': '10.160.x.x',

'account': 'Fortinet'

}

Example of successful response body:
Return:
If token in request is not '':
    return None
else
    return {'authid': '12345678-abcd-efgh-1234-xxxxxxxxxxxx'}

There are three possible return codes (200/201/202):

  • If an API auth request is made with a token code, it is a regular auth request. FTC will return 200 without any body or 4xx with an error message as the HTTP body.
  • If an API auth request is made without any token code and the auth method is FTM, it is a push authentication. The API server will return 201 and an HTTP body with an authid. The push auth needs to interact with the related user and the API client cannot get the authentication result immediately. The API client can use the GET method to get the push auth result.
  • An API auth request with no token code and the auth method set to email or SMS means that the client is requesting FTC to send an OTP to a user based on the user's settings in FTC (either email or SMS). FTC will return 202 without any HTTP body, if successful.