Client ID/secret authentication
The following outlines the process in which a Web application client passes FortiToken Cloud authentication:
- The API client calls the Login API with its client ID and secret to request an access token from FortiToken Cloud.
- FortiToken Cloud recognizes the client ID and secret and responds with an access token.
- The API client puts the access token into the API request authorization header.
- FortiToken Cloud checks the API request authorization header to finalize the authentication.
- The access token remains valid for an hour, after which the client must call the Login API again to renew the access token.