FortiManager supports authentication token for API administrators 7.2.2

FortiManager supports authentication token for API administrators.

To configure REST API administrators with authentication token:

Go to System Settings > Admin > Administrators.
Click Create New > REST API Admin.
You can configure your REST API administrator using the GUI.

To configure REST API administrators in the CLI:

Enter the following commands to configure the REST API administrator:
config system admin user
(user)# edit u1
new entry 'u1' added
(u1)# set user_type api
(u1)# set profileid Super_User
Super user profile selected, adom-access will be set to all
(u1)# set rpc-permit read-write
(u1)# set trusthost1 10.3.121.1/16
(u1)# get
userid : u1
login-max : 32
password : *
change-password : enable
trusthost1 : 10.10.121.1 255.255.0.0
trusthost2 : 255.255.255.255 255.255.255.255
trusthost3 : 255.255.255.255 255.255.255.255
trusthost4 : 255.255.255.255 255.255.255.255
trusthost5 : 255.255.255.255 255.255.255.255
trusthost6 : 255.255.255.255 255.255.255.255
trusthost7 : 255.255.255.255 255.255.255.255
trusthost8 : 255.255.255.255 255.255.255.255
trusthost9 : 255.255.255.255 255.255.255.255
trusthost10 : 255.255.255.255 255.255.255.255
ipv6_trusthost1 : ::/0
ipv6_trusthost2 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost3 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost4 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost5 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost6 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost7 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost8 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost9 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost10 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
profileid : Super_User
dev-group : (null)
description : (null)
user_type : api
ssh-public-key1 :
ssh-public-key2 :
ssh-public-key3 :
avatar : (null)
meta-data:
== [ Contact Email ]
fieldname: Contact Email
== [ Contact Phone ]
fieldname: Contact Phone
fingerprint : (null)
subject : (null)
ca : (null)
cors-allow-origin : (null)
rpc-permit : read-write
use-global-theme : enable
last-name : (null)
first-name : (null)
email-address : (null)
phone-number : (null)
mobile-number : (null)
pager-number : (null)
hidden : 0
dashboard-tabs:
dashboard:
(u1)# end
Enter the following command to generate a new API key for the administrator.
execute api-user generate-key u1
New API key: 97f3cnrxht4nrkf1mnutb320000000
Send JSON request to FortiManager with the generated API key in HTTP URL.
For example:
C:\test>curl https://10.10.171.13/jsonrpc?access_token=97f3cnrxht4nrkf1mnutb320000000-ksS -d "{\"id\":2,\"method\":\"get\",\"params\":[{\"url\": \"/sys/status\"}]}"
{
"id": 2,
"result": [
{
"data": {
"Admin Domain Configuration": "Enabled",
"BIOS version": "04000002",
"Branch Point": "1334",
"Build": "1334",
"Current Time": "Thu Feb 02 23:07:16 PST 2023",
"Daylight Time Saving": "Yes",
"FIPS Mode": "Disabled",
"HA Mode": "Stand Alone",
"Hostname": "FMG-VM64",
"License Status": "Valid",
"Major": 7,
"Max Number of Admin Domains": 1000000000,
"Max Number of Device Groups": 1000000000,
"Minor": 2,
"Offline Mode": "Disabled",
"Patch": 2,
"Platform Full Name": "FortiManager-VM64",
"Platform Type": "FMG-VM64",
"Release Version Information": " (GA)",
"Serial Number": "FMG-VM0A11000137",
"TZ": "US/Pacific",
"Time Zone": "(GMT-8:00) Pacific Time (US & Canada).",
"Version": "v7.2.2-build1334 230201 (GA)",
"x86-64 Applications": "Yes"
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/sys/status"
}
]
}
Send JSON request to FortiManager with the generated API key in HTTP header.
For example:
C:\test>curl https://10.10.171.13/jsonrpc -H "Authorization:Bearer 97f3cnrxht4nrkf1mnutb320000000" -ksS -d "{\"id\":2,\"method\":\"get\",\"params\":[{\"url\": \"/sys/status\"}]}"
{
"id": 2,
"result": [
{
"data": {
"Admin Domain Configuration": "Enabled",
"BIOS version": "04000002",
"Branch Point": "1334",
"Build": "1334",
"Current Time": "Thu Feb 02 23:11:34 PST 2023",
"Daylight Time Saving": "Yes",
"FIPS Mode": "Disabled",
"HA Mode": "Stand Alone",
"Hostname": "FMG-VM64",
"License Status": "Valid",
"Major": 7,
"Max Number of Admin Domains": 1000000000,
"Max Number of Device Groups": 1000000000,
"Minor": 2,
"Offline Mode": "Disabled",
"Patch": 2,
"Platform Full Name": "FortiManager-VM64",
"Platform Type": "FMG-VM64",
"Release Version Information": " (GA)",
"Serial Number": "FMG-VM0A11000137",
"TZ": "US/Pacific",
"Time Zone": "(GMT-8:00) Pacific Time (US & Canada).",
"Version": "v7.2.2-build1334 230201 (GA)",
"x86-64 Applications": "Yes"
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/sys/status"
}
]
}

FortiManager supports authentication token for API administrators 7.2.2

FortiManager supports authentication token for API administrators.

To configure REST API administrators with authentication token:

Go to System Settings > Admin > Administrators.

Click Create New > REST API Admin.
You can configure your REST API administrator using the GUI.

To configure REST API administrators in the CLI:

Enter the following commands to configure the REST API administrator:

config system admin user

(user)# edit u1

new entry 'u1' added

(u1)# set user_type api

(u1)# set profileid Super_User

Super user profile selected, adom-access will be set to all

(u1)# set rpc-permit read-write

(u1)# set trusthost1 10.3.121.1/16

(u1)# get

userid : u1

password : *

change-password : enable

trusthost1 : 10.10.121.1 255.255.0.0

trusthost2 : 255.255.255.255 255.255.255.255

trusthost3 : 255.255.255.255 255.255.255.255

trusthost4 : 255.255.255.255 255.255.255.255

trusthost5 : 255.255.255.255 255.255.255.255

trusthost6 : 255.255.255.255 255.255.255.255

trusthost7 : 255.255.255.255 255.255.255.255

trusthost8 : 255.255.255.255 255.255.255.255

trusthost9 : 255.255.255.255 255.255.255.255

trusthost10 : 255.255.255.255 255.255.255.255

ipv6_trusthost1 : ::/0

ipv6_trusthost2 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

ipv6_trusthost3 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

ipv6_trusthost4 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

ipv6_trusthost5 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

ipv6_trusthost6 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

ipv6_trusthost7 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

ipv6_trusthost8 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

ipv6_trusthost9 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

ipv6_trusthost10 : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128

profileid : Super_User

dev-group : (null)

description : (null)

user_type : api

ssh-public-key1 :

ssh-public-key2 :

ssh-public-key3 :

avatar : (null)

meta-data:

== [ Contact Email ]

fieldname: Contact Email

== [ Contact Phone ]

fieldname: Contact Phone

fingerprint : (null)

subject : (null)

ca : (null)

cors-allow-origin : (null)

rpc-permit : read-write

use-global-theme : enable

last-name : (null)

first-name : (null)

email-address : (null)

phone-number : (null)

mobile-number : (null)

pager-number : (null)

hidden : 0

dashboard-tabs:

dashboard:

(u1)# end

Enter the following command to generate a new API key for the administrator.

execute api-user generate-key u1

New API key: 97f3cnrxht4nrkf1mnutb320000000

Send JSON request to FortiManager with the generated API key in HTTP URL.
For example:

C:\test>curl https://10.10.171.13/jsonrpc?access_token=97f3cnrxht4nrkf1mnutb320000000-ksS -d "{\"id\":2,\"method\":\"get\",\"params\":[{\"url\": \"/sys/status\"}]}"

{

"id": 2,

"result": [

{

"data": {

"Admin Domain Configuration": "Enabled",

"BIOS version": "04000002",

"Branch Point": "1334",

"Build": "1334",

"Current Time": "Thu Feb 02 23:07:16 PST 2023",

"Daylight Time Saving": "Yes",

"FIPS Mode": "Disabled",

"HA Mode": "Stand Alone",

"Hostname": "FMG-VM64",

"License Status": "Valid",

"Major": 7,

"Max Number of Admin Domains": 1000000000,

"Max Number of Device Groups": 1000000000,

"Minor": 2,

"Offline Mode": "Disabled",

"Patch": 2,

"Platform Full Name": "FortiManager-VM64",

"Platform Type": "FMG-VM64",

"Release Version Information": " (GA)",

"Serial Number": "FMG-VM0A11000137",

"TZ": "US/Pacific",

"Time Zone": "(GMT-8:00) Pacific Time (US & Canada).",

"Version": "v7.2.2-build1334 230201 (GA)",

"x86-64 Applications": "Yes"

"status": {

"code": 0,

"message": "OK"

"url": "/sys/status"

}

]

}

Send JSON request to FortiManager with the generated API key in HTTP header.
For example:

C:\test>curl https://10.10.171.13/jsonrpc -H "Authorization:Bearer 97f3cnrxht4nrkf1mnutb320000000" -ksS -d "{\"id\":2,\"method\":\"get\",\"params\":[{\"url\": \"/sys/status\"}]}"

{

"id": 2,

"result": [

{

"data": {

"Admin Domain Configuration": "Enabled",

"BIOS version": "04000002",

"Branch Point": "1334",

"Build": "1334",

"Current Time": "Thu Feb 02 23:11:34 PST 2023",

"Daylight Time Saving": "Yes",

"FIPS Mode": "Disabled",

"HA Mode": "Stand Alone",

"Hostname": "FMG-VM64",

"License Status": "Valid",

"Major": 7,

"Max Number of Admin Domains": 1000000000,

"Max Number of Device Groups": 1000000000,

"Minor": 2,

"Offline Mode": "Disabled",

"Patch": 2,

"Platform Full Name": "FortiManager-VM64",

"Platform Type": "FMG-VM64",

"Release Version Information": " (GA)",

"Serial Number": "FMG-VM0A11000137",

"TZ": "US/Pacific",

"Time Zone": "(GMT-8:00) Pacific Time (US & Canada).",

"Version": "v7.2.2-build1334 230201 (GA)",

"x86-64 Applications": "Yes"

"status": {

"code": 0,

"message": "OK"

"url": "/sys/status"

}

]

}

New Features

FortiManager supports authentication token for API administrators 7.2.2

FortiManager supports authentication token for API administrators 7.2.2

To configure REST API administrators with authentication token:

To configure REST API administrators in the CLI:

FortiManager supports authentication token for API administrators 7.2.2

To configure REST API administrators with authentication token:

To configure REST API administrators in the CLI: