Fortinet black logo

REST API Solution Guide

User lockout policy (/userlockoutpolicy/)

User lockout policy (/userlockoutpolicy/)

URL: https://[server_name]/api/[api_version]/userlockoutpolicy/

This endpoint is used to query and edit user account lockout policy settings including the maximum number of failed login attempts, specify the lockout period, and enable inactive user lockouts.

Supported fields

Field Display name Type Required Other restrictions
failed_login_lockout Lockout user accounts after too many failed login attempts. boolean Yes Either set to "true" or "false", enabling or disabling the login lockout (respectively).
failed_login_lockout_max_attempts Maximum number of failed login attempts allowed before locking out the user account. integer No Default is set to 3 if not specified. Must be set between 1-20.
failed_login_lockout_permanent Permanency of user account lockout after too many failed login attempts. boolean No

Default is "false" if not specified.

Set to "true" to permanently lockout the user account. Set to "false" to only lockout the user account for a period of time. When set to "true", then later changed to "false", the lockout period is set to its default.

failed_login_lockout_period Period of time (in seconds) the user account is lockout after reaching the maximum number of failed login attempts. integer No Default is 60 if not specified. Must be set between 60-86400. Only effective when "failed_login_lockout_permanent" is set to "false".
inactivity_lockout Lockout user accounts that inactive for a specified period of time. boolean No

Default is "false" if not specified.

Set to "true" to disable when inactive for the time period specified by "inactivty_lockout_period". Set to "false" to never disable user accounts for inactivity.

inactivity_lockout_period Inactivity period (in days) after which a user account is locked out. integer No Default is 90 if not specified. Must be set between 1-1825. Only effective when "inactivty_lockout" is set to "true".

Allowed methods

HTTP method Resource URI Action Note
GET /api/v1/userlockoutpolicy/ Get user lockout settings.
POST /api/v1/userlockoutpolicy/ Set user lockout fields. Defaults are used if unspecified.
PATCH /api/v1/userlockoutpolicy/ Updated the specified user lockout fields. Previously saved settings are used in unspecified.

Examples

Get userlockout policy:

curl -k -v \

-u "webadmin:[hash]" \

https://[FAC_IP]/api/v1/userlockoutpolicy/

Response: {

"failed_login_lockout": true

"failed_login_lockout_max_attempts": 5,

"failed_login_lockout_period": 60,

"failed_login_lockout_permanent": false,

"inactivity_lockout": true,

"inactivity_lockout_period": 1600

}

Patch a server:

curl -k -X PATCH \

https://[FAC_IP]/api/v1/userlockoutpolicy/ \

-H 'Content-Type: application/json' \

-u "webadmin"[hash]" \

-d '{

"failed_login_lockout_permanent": true

}'

Response: {

"failed_login_lockout": true

"failed_login_lockout_max_attempts": 5,

"failed_login_lockout_period": 0,

"failed_login_lockout_permanent": true,

"inactivity_lockout": true,

"inactivity_lockout_period": 1600

}

User lockout policy (/userlockoutpolicy/)

URL: https://[server_name]/api/[api_version]/userlockoutpolicy/

This endpoint is used to query and edit user account lockout policy settings including the maximum number of failed login attempts, specify the lockout period, and enable inactive user lockouts.

Supported fields

Field Display name Type Required Other restrictions
failed_login_lockout Lockout user accounts after too many failed login attempts. boolean Yes Either set to "true" or "false", enabling or disabling the login lockout (respectively).
failed_login_lockout_max_attempts Maximum number of failed login attempts allowed before locking out the user account. integer No Default is set to 3 if not specified. Must be set between 1-20.
failed_login_lockout_permanent Permanency of user account lockout after too many failed login attempts. boolean No

Default is "false" if not specified.

Set to "true" to permanently lockout the user account. Set to "false" to only lockout the user account for a period of time. When set to "true", then later changed to "false", the lockout period is set to its default.

failed_login_lockout_period Period of time (in seconds) the user account is lockout after reaching the maximum number of failed login attempts. integer No Default is 60 if not specified. Must be set between 60-86400. Only effective when "failed_login_lockout_permanent" is set to "false".
inactivity_lockout Lockout user accounts that inactive for a specified period of time. boolean No

Default is "false" if not specified.

Set to "true" to disable when inactive for the time period specified by "inactivty_lockout_period". Set to "false" to never disable user accounts for inactivity.

inactivity_lockout_period Inactivity period (in days) after which a user account is locked out. integer No Default is 90 if not specified. Must be set between 1-1825. Only effective when "inactivty_lockout" is set to "true".

Allowed methods

HTTP method Resource URI Action Note
GET /api/v1/userlockoutpolicy/ Get user lockout settings.
POST /api/v1/userlockoutpolicy/ Set user lockout fields. Defaults are used if unspecified.
PATCH /api/v1/userlockoutpolicy/ Updated the specified user lockout fields. Previously saved settings are used in unspecified.

Examples

Get userlockout policy:

curl -k -v \

-u "webadmin:[hash]" \

https://[FAC_IP]/api/v1/userlockoutpolicy/

Response: {

"failed_login_lockout": true

"failed_login_lockout_max_attempts": 5,

"failed_login_lockout_period": 60,

"failed_login_lockout_permanent": false,

"inactivity_lockout": true,

"inactivity_lockout_period": 1600

}

Patch a server:

curl -k -X PATCH \

https://[FAC_IP]/api/v1/userlockoutpolicy/ \

-H 'Content-Type: application/json' \

-u "webadmin"[hash]" \

-d '{

"failed_login_lockout_permanent": true

}'

Response: {

"failed_login_lockout": true

"failed_login_lockout_max_attempts": 5,

"failed_login_lockout_period": 0,

"failed_login_lockout_permanent": true,

"inactivity_lockout": true,

"inactivity_lockout_period": 1600

}