Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 7.2.4 CLI Reference
    7.2.4
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    waf api-users

    waf api-users

    Use this command to define API users to restrict access to APIs based on API keys.

    Syntax

    config waf api-users

    edit <api-user_name>

    set email <email_str>

    set comments <comments_str>

    set uuid <uuid_str>

    set api-key <api-key_str>

    set create-time <create-time_str>

    set key-mode {dynamic | jwt | standard}

    set url <jwt_url>

    set headers <jwt_hearders>

    set params <jwt_parameters>

    set phantom-token-name <token_name>

    set token-name <token_name>

    set header-verification <string>

    set payload-validation <string>

    set rsa-key

    config ip-access-list

    edit <ip-access-list_id>

    set ip <ip_str>

    next

    end

    config http-referer-list

    edit <http-referer-list_id>

    set http-referer <http-referer_str>

    next

    end

    next

    end

    Variable Description Default

    <api-user_name>

    Enter a name that identifies the user.

    No default.

    email <email_str>

    Type the email address of the user that is used for contact

    purpose.

    No default.

    comments <comments_str>

    Optionally, enter a description or comments for the user.

    No default.

    uuid <uuid_str>

    Enter a unique identifier for the requesting user.

    No default.

    api-key <api-key_str>

    Specify an API key for the API user; the minimum length is 40 characters.

    No default.

    key-mode {dynamic | jwt | standard}

    Standard

    Once the API user is created successfully, an API key and UUID are automatically assigned to this user by FortiWeb.

    Dynamic

    FortiWeb adopts RSA algorithm to generate token. It uses public key to encode, and private key to decode a random string with minimum length 64.

    You need to enter the RSA key for dynamic key.

    JWT

    JSON Web Token (JWT) is an open standard (RFC 7519) that defines a way for transmitting information –like authentication and authorization facts– between two parties: an issuer and an audience.

    For the JWT key, you need to enter the value for the following fields so that FortiWeb can communicate with the JWT server to validate the key.

    Standard

    url <jwt_url>

    The URL that FortiWeb uses to communicate with the JWT server.

    No default.

    headers <jwt_hearders>

    The headers append to the URL.

    No default.

    params <jwt_parameters>

    The parameters append to the URL.

    No default.

    phantom-token-name <token_name>

    The name of the phantom token used for JWT key.

    No default.

    token-name <token_name>

    The name of the token used for JWT key.

    No default.

    header-verification <string>

    The header verification used for JWT key.

    No default.

    payload-validation <string>

    The payload verification used for JWT key.

    No default.

    rsa-key

    The RSA key used for Dynamic key or JWT key.

    No default.

    create-time <create-time_str>

    Specify the API user creation time.

    No default.

    <ip-access-list_id>

    The index number of the IP entry.

    No default.

    <ip_str>

    Specify the IP addresses from which the API key can only be used.

    No default.

    <http-referer-list_id>

    The index number of the referer HTTP header entry.

    No default.

    http-referer <http-referer_str>

    Specify the referer HTTP header in which the specified URLs are present.

    No default.

    Related topics

    Previous
    Next

    waf api-users

    waf api-users

    Use this command to define API users to restrict access to APIs based on API keys.

    Syntax

    config waf api-users

    edit <api-user_name>

    set email <email_str>

    set comments <comments_str>

    set uuid <uuid_str>

    set api-key <api-key_str>

    set create-time <create-time_str>

    set key-mode {dynamic | jwt | standard}

    set url <jwt_url>

    set headers <jwt_hearders>

    set params <jwt_parameters>

    set phantom-token-name <token_name>

    set token-name <token_name>

    set header-verification <string>

    set payload-validation <string>

    set rsa-key

    config ip-access-list

    edit <ip-access-list_id>

    set ip <ip_str>

    next

    end

    config http-referer-list

    edit <http-referer-list_id>

    set http-referer <http-referer_str>

    next

    end

    next

    end

    Variable Description Default

    <api-user_name>

    Enter a name that identifies the user.

    No default.

    email <email_str>

    Type the email address of the user that is used for contact

    purpose.

    No default.

    comments <comments_str>

    Optionally, enter a description or comments for the user.

    No default.

    uuid <uuid_str>

    Enter a unique identifier for the requesting user.

    No default.

    api-key <api-key_str>

    Specify an API key for the API user; the minimum length is 40 characters.

    No default.

    key-mode {dynamic | jwt | standard}

    Standard

    Once the API user is created successfully, an API key and UUID are automatically assigned to this user by FortiWeb.

    Dynamic

    FortiWeb adopts RSA algorithm to generate token. It uses public key to encode, and private key to decode a random string with minimum length 64.

    You need to enter the RSA key for dynamic key.

    JWT

    JSON Web Token (JWT) is an open standard (RFC 7519) that defines a way for transmitting information –like authentication and authorization facts– between two parties: an issuer and an audience.

    For the JWT key, you need to enter the value for the following fields so that FortiWeb can communicate with the JWT server to validate the key.

    Standard

    url <jwt_url>

    The URL that FortiWeb uses to communicate with the JWT server.

    No default.

    headers <jwt_hearders>

    The headers append to the URL.

    No default.

    params <jwt_parameters>

    The parameters append to the URL.

    No default.

    phantom-token-name <token_name>

    The name of the phantom token used for JWT key.

    No default.

    token-name <token_name>

    The name of the token used for JWT key.

    No default.

    header-verification <string>

    The header verification used for JWT key.

    No default.

    payload-validation <string>

    The payload verification used for JWT key.

    No default.

    rsa-key

    The RSA key used for Dynamic key or JWT key.

    No default.

    create-time <create-time_str>

    Specify the API user creation time.

    No default.

    <ip-access-list_id>

    The index number of the IP entry.

    No default.

    <ip_str>

    Specify the IP addresses from which the API key can only be used.

    No default.

    <http-referer-list_id>

    The index number of the referer HTTP header entry.

    No default.

    http-referer <http-referer_str>

    Specify the referer HTTP header in which the specified URLs are present.

    No default.

    Related topics

    Previous
    Next