Fortinet black logo

CLI Reference

waf api-users

waf api-users

Use this command to define API users to restrict access to APIs based on API keys.

Syntax

config waf api-users

edit <api-user_name>

set email <email_str>

set comments <comments_str>

set uuid <uuid_str>

set api-key <api-key_str>

set create-time <create-time_str>

set key-mode {dynamic | jwt | standard}

set url <jwt_url>

set headers <jwt_hearders>

set params <jwt_parameters>

set phantom-token-name <token_name>

set token-name <token_name>

set header-verification <string>

set payload-validation <string>

set rsa-key

config ip-access-list

edit <ip-access-list_id>

set ip <ip_str>

next

end

config http-referer-list

edit <http-referer-list_id>

set http-referer <http-referer_str>

next

end

next

end

Variable Description Default

<api-user_name>

Enter a name that identifies the user.

No default.

email <email_str>

Type the email address of the user that is used for contact

purpose.

No default.

comments <comments_str>

Optionally, enter a description or comments for the user.

No default.

uuid <uuid_str>

Enter a unique identifier for the requesting user.

No default.

api-key <api-key_str>

Specify an API key for the API user; the minimum length is 40 characters.

No default.

key-mode {dynamic | jwt | standard}

Standard

Once the API user is created successfully, an API key and UUID are automatically assigned to this user by FortiWeb.

Dynamic

FortiWeb adopts RSA algorithm to generate token. It uses public key to encode, and private key to decode a random string with minimum length 64.

You need to enter the RSA key for dynamic key.

JWT

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a way for transmitting information –like authentication and authorization facts– between two parties: an issuer and an audience.

For the JWT key, you need to enter the value for the following fields so that FortiWeb can communicate with the JWT server to validate the key.

Standard

url <jwt_url>

The URL that FortiWeb uses to communicate with the JWT server.

No default.

headers <jwt_hearders>

The headers append to the URL.

No default.

params <jwt_parameters>

The parameters append to the URL.

No default.

phantom-token-name <token_name>

The name of the phantom token used for JWT key.

No default.

token-name <token_name>

The name of the token used for JWT key.

No default.

header-verification <string>

The header verification used for JWT key.

No default.

payload-validation <string>

The payload verification used for JWT key.

No default.

rsa-key

The RSA key used for Dynamic key or JWT key.

No default.

create-time <create-time_str>

Specify the API user creation time.

No default.

<ip-access-list_id>

The index number of the IP entry.

No default.

<ip_str>

Specify the IP addresses from which the API key can only be used.

No default.

<http-referer-list_id>

The index number of the referer HTTP header entry.

No default.

http-referer <http-referer_str>

Specify the referer HTTP header in which the specified URLs are present.

No default.

Related topics

waf api-users

Use this command to define API users to restrict access to APIs based on API keys.

Syntax

config waf api-users

edit <api-user_name>

set email <email_str>

set comments <comments_str>

set uuid <uuid_str>

set api-key <api-key_str>

set create-time <create-time_str>

set key-mode {dynamic | jwt | standard}

set url <jwt_url>

set headers <jwt_hearders>

set params <jwt_parameters>

set phantom-token-name <token_name>

set token-name <token_name>

set header-verification <string>

set payload-validation <string>

set rsa-key

config ip-access-list

edit <ip-access-list_id>

set ip <ip_str>

next

end

config http-referer-list

edit <http-referer-list_id>

set http-referer <http-referer_str>

next

end

next

end

Variable Description Default

<api-user_name>

Enter a name that identifies the user.

No default.

email <email_str>

Type the email address of the user that is used for contact

purpose.

No default.

comments <comments_str>

Optionally, enter a description or comments for the user.

No default.

uuid <uuid_str>

Enter a unique identifier for the requesting user.

No default.

api-key <api-key_str>

Specify an API key for the API user; the minimum length is 40 characters.

No default.

key-mode {dynamic | jwt | standard}

Standard

Once the API user is created successfully, an API key and UUID are automatically assigned to this user by FortiWeb.

Dynamic

FortiWeb adopts RSA algorithm to generate token. It uses public key to encode, and private key to decode a random string with minimum length 64.

You need to enter the RSA key for dynamic key.

JWT

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a way for transmitting information –like authentication and authorization facts– between two parties: an issuer and an audience.

For the JWT key, you need to enter the value for the following fields so that FortiWeb can communicate with the JWT server to validate the key.

Standard

url <jwt_url>

The URL that FortiWeb uses to communicate with the JWT server.

No default.

headers <jwt_hearders>

The headers append to the URL.

No default.

params <jwt_parameters>

The parameters append to the URL.

No default.

phantom-token-name <token_name>

The name of the phantom token used for JWT key.

No default.

token-name <token_name>

The name of the token used for JWT key.

No default.

header-verification <string>

The header verification used for JWT key.

No default.

payload-validation <string>

The payload verification used for JWT key.

No default.

rsa-key

The RSA key used for Dynamic key or JWT key.

No default.

create-time <create-time_str>

Specify the API user creation time.

No default.

<ip-access-list_id>

The index number of the IP entry.

No default.

<ip_str>

Specify the IP addresses from which the API key can only be used.

No default.

<http-referer-list_id>

The index number of the referer HTTP header entry.

No default.

http-referer <http-referer_str>

Specify the referer HTTP header in which the specified URLs are present.

No default.

Related topics