Document
Library

REST API

Overview
API QuickStart Guide
- Web App
  - Create a general web app from the Portal
  - Get access token and create users in web apps
- Management App
  - Create a management app from the portal
  - Get access token and manage users from management apps
    - Python examples
    - Curl examples (Linux)
Restful API References
- Web app login
  - POST
- Realm
  - GET
- User
  - GET
  - POST
  - PUT
  - DELETE
- User base
  - GET
  - PUT
  - DELETE
- User authentication
  - GET
  - POST
- Sync user data to FTC
  - POST
- Query asynchronous task status
  - GET
- Token
  - GET
- Temporary token
  - POST
  - DELETE
- Balance
  - GET
- Count resource
  - GET
- Version
  - GET
- User Quota Allocation per Realm
  - GET
- Pagination
  - Realm
  - User
  - User base
Change log

Home FortiToken Cloud REST API

POST

POST

URI:

/api/v1/login

Input fields:

Field Name	Type	Required	Description
client_id	string	Yes	The client_id.
client_secret	string	Yes	The client_secret.

Successful response fields:

Field name	Type	Description
access_token	string	The access token for web API client to make API request.
expires_in	integer	The remaining time (in seconds) that access token still valid.

Response codes

Code	Response content	Description
201 OK		The access token wasgenerated successfully.
400 Bad Request	The client secret format is invalid.	The client secret in the input field is invalid.
401 Unauthorized	The client’s login failed due to wrong ID or secret.	Wrong or expired client ID or client secret.
404 Not Found	The client does not exist.	The client is not in FortiToken Cloud database.

Example request body:

{

'client_id': '12345678-abcd-efgh-1234-xxxxxxxxxxxx',

'client_secret': 'xxxxxx'

}

Example of successful response body:

Return:

{

'access_token': 'xxxxxx',

'expires_in': 2

}

Note

This API is only used for a client to get an access token to finalize authentication for the API service. By default, the access token expires in an hour (i.e., 3600 seconds). The client does not need to call the API when it has an active access token.

Previous

Next

POST

URI:

/api/v1/login

Input fields:

Field Name	Type	Required	Description
client_id	string	Yes	The client_id.
client_secret	string	Yes	The client_secret.

Successful response fields:

Field name	Type	Description
access_token	string	The access token for web API client to make API request.
expires_in	integer	The remaining time (in seconds) that access token still valid.

Response codes

Code	Response content	Description
201 OK		The access token wasgenerated successfully.
400 Bad Request	The client secret format is invalid.	The client secret in the input field is invalid.
401 Unauthorized	The client’s login failed due to wrong ID or secret.	Wrong or expired client ID or client secret.
404 Not Found	The client does not exist.	The client is not in FortiToken Cloud database.

Example request body:

{

'client_id': '12345678-abcd-efgh-1234-xxxxxxxxxxxx',

'client_secret': 'xxxxxx'

}

Example of successful response body:

Return:

{

'access_token': 'xxxxxx',

'expires_in': 2

}

Note

This API is only used for a client to get an access token to finalize authentication for the API service. By default, the access token expires in an hour (i.e., 3600 seconds). The client does not need to call the API when it has an active access token.

Previous

Next