FortiManager supports authentication token for API administrators 7.2.2
FortiManager supports authentication token for API administrators.
To configure REST API administrators with authentication token:
- Go to System Settings > Admin > Administrators.
- Click Create New > REST API Admin.
You can configure your REST API administrator using the GUI.
To configure REST API administrators in the CLI:
- Enter the following commands to configure the REST API administrator:
config system admin user
(user)# edit u1
new entry 'u1' added
(u1)# set user_type api
(u1)# set profileid Super_User
Super user profile selected, adom-access will be set to all
(u1)# set rpc-permit read-write
(u1)# set trusthost1 10.3.121.1/16
(u1)# get
userid : u1
login-max : 32
password : *
change-password : enable
trusthost1 : 10.10.121.1 255.255.0.0
trusthost2 : 255.255.255.255 255.255.255.255
trusthost3 : 255.255.255.255 255.255.255.255
trusthost4 : 255.255.255.255 255.255.255.255
trusthost5 : 255.255.255.255 255.255.255.255
trusthost6 : 255.255.255.255 255.255.255.255
trusthost7 : 255.255.255.255 255.255.255.255
trusthost8 : 255.255.255.255 255.255.255.255
trusthost9 : 255.255.255.255 255.255.255.255
trusthost10 : 255.255.255.255 255.255.255.255
ipv6_trusthost1 : ::/0
ipv6_trusthost2 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost3 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost4 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost5 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost6 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost7 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost8 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost9 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost10 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
profileid : Super_User
dev-group : (null)
description : (null)
user_type : api
ssh-public-key1 :
ssh-public-key2 :
ssh-public-key3 :
avatar : (null)
meta-data:
== [ Contact Email ]
fieldname: Contact Email
== [ Contact Phone ]
fieldname: Contact Phone
fingerprint : (null)
subject : (null)
ca : (null)
cors-allow-origin : (null)
rpc-permit : read-write
use-global-theme : enable
last-name : (null)
first-name : (null)
email-address : (null)
phone-number : (null)
mobile-number : (null)
pager-number : (null)
hidden : 0
dashboard-tabs:
dashboard:
(u1)# end
- Enter the following command to generate a new API key for the administrator.
execute api-user generate-key u1
New API key: 97f3cnrxht4nrkf1mnutb320000000
- Send JSON request to FortiManager with the generated API key in HTTP URL.
For example:C:\test>curl https://10.10.171.13/jsonrpc?access_token=97f3cnrxht4nrkf1mnutb320000000-ksS -d "{\"id\":2,\"method\":\"get\",\"params\":[{\"url\": \"/sys/status\"}]}"
{
"id": 2,
"result": [
{
"data": {
"Admin Domain Configuration": "Enabled",
"BIOS version": "04000002",
"Branch Point": "1334",
"Build": "1334",
"Current Time": "Thu Feb 02 23:07:16 PST 2023",
"Daylight Time Saving": "Yes",
"FIPS Mode": "Disabled",
"HA Mode": "Stand Alone",
"Hostname": "FMG-VM64",
"License Status": "Valid",
"Major": 7,
"Max Number of Admin Domains": 1000000000,
"Max Number of Device Groups": 1000000000,
"Minor": 2,
"Offline Mode": "Disabled",
"Patch": 2,
"Platform Full Name": "FortiManager-VM64",
"Platform Type": "FMG-VM64",
"Release Version Information": " (GA)",
"Serial Number": "FMG-VM0A11000137",
"TZ": "US/Pacific",
"Time Zone": "(GMT-8:00) Pacific Time (US & Canada).",
"Version": "v7.2.2-build1334 230201 (GA)",
"x86-64 Applications": "Yes"
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/sys/status"
}
]
}
- Send JSON request to FortiManager with the generated API key in HTTP header.
For example:C:\test>curl https://10.10.171.13/jsonrpc -H "Authorization:Bearer 97f3cnrxht4nrkf1mnutb320000000" -ksS -d "{\"id\":2,\"method\":\"get\",\"params\":[{\"url\": \"/sys/status\"}]}"
{
"id": 2,
"result": [
{
"data": {
"Admin Domain Configuration": "Enabled",
"BIOS version": "04000002",
"Branch Point": "1334",
"Build": "1334",
"Current Time": "Thu Feb 02 23:11:34 PST 2023",
"Daylight Time Saving": "Yes",
"FIPS Mode": "Disabled",
"HA Mode": "Stand Alone",
"Hostname": "FMG-VM64",
"License Status": "Valid",
"Major": 7,
"Max Number of Admin Domains": 1000000000,
"Max Number of Device Groups": 1000000000,
"Minor": 2,
"Offline Mode": "Disabled",
"Patch": 2,
"Platform Full Name": "FortiManager-VM64",
"Platform Type": "FMG-VM64",
"Release Version Information": " (GA)",
"Serial Number": "FMG-VM0A11000137",
"TZ": "US/Pacific",
"Time Zone": "(GMT-8:00) Pacific Time (US & Canada).",
"Version": "v7.2.2-build1334 230201 (GA)",
"x86-64 Applications": "Yes"
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/sys/status"
}
]
}