FortiGate REST API Token Authentication

Cisco Training Courses

Insoft has been serving IT community with official Cisco training offering since 2010. Find all the relevant information on Cisco training on this page.

View More

Cisco Certifications

Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

View More

Cisco Training Catalogue

Explore a wide variety of the Cisco courses, across different countries as well as online courses.

Browse Catalogue

Cisco Learning Credits

Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

Have CLCs and want to redeem them?

Cisco Continuing Education

The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

View More

Cisco Digital Learning

Certified employees are VALUED assets. Explore Cisco official Digital Learning Library to educate yourself through recorded sessions.

Browse CDLL Catalogue

Cisco Business Enablement

The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

View More

Fortinet Technical Certifications

The Fortinet Network Security Expert (NSE) program is an eight-level training and certification program to teach engineers of their network security for Fortinet FW skills and experience.

View More

Fortinet Technical Courses

Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

View More

Fortinet Training Catalogue

Explore the full Fortinet training catalogue. The program includes a wide range of self-paced and instructor-led courses.

Browse Catalogue

Official ATC Status

Check our ATC Status across selected countries in Europe.

View More

Fortinet Services Packages

Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

Browse Packages

Prepforce Bootcamp

The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

View More

Microsoft Training

Insoft Services provides Microsoft training in EMEAR. We offer Microsoft technical training and certification courses that are led by world-class instructors.

View More

Technical Training

The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

View More

Technical Certification

We provide comprehensive curriculum of technical competency skills on the certification accomplishment.

View More

Courses Catalogue

Find all the Extreme Networks online and instructor led class room based calendar here.

View More

ATP Accreditation

As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

View More

Consulting package

We provide innovative and advanced support for designing, implementing and optimising IT solutions. Our client-base includes some of the largest Telcos globally.

Solutions and services

Globally recognised team of certified experts helps you make a smoother transition with our pre-defined consultancy, installation and migration packages for a wide range of Fortinet products.

About Us

Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

View More
  • +44 20 7131 0263
  • FortiGate REST API Token Authentication

    16th June, 2022

    Before going through this article, please go over the first part of this series: Getting Started With FortiGate REST API.

    In order to use the FortiOS REST API, you are required to authenticate your API calls using an API token. You can generate an API token by creating a new REST API admin. The unique token will be used to authorize subsequent API calls to your FortiGate device.

    These steps should be carried out from the FortiGate GUI, while logged in as a super admin. Please note that I am using a FortiGate 6.0.3 virtual machine for this tutorial.

     

    FortiGate API

     

    Determine your IP address

    • Navigate to the dashboard section on the FortiGate GUI, click on Main and locate the Administrators widget.
    • In the administrators’ widget, hover your mouse over it, you’ll see all current admins, select the show active administrator sessions from your user ID.
    • Copy the source IP address for your-userid as it will be needed to specify trusted hosts in a later step of creating a REST API Admin.

     

    FortiGate API

     

    Learn how to use basic and advanced FortiGate features, including security profiles, networking and security. Get started with the Fortinet NSE 4 bundle training.

     

    FortiGate API

     

    Create an Administrator profile

    For a start, we will create a profile that only has READ access to the firewall address permission group. For the administrator profile, you can select one of the existing ones or create a new one by clicking on the create icon.

    The new admin profile will require a name and access permissions.

    Name your admin profile appropriately. For this part, it will be Firewall_Read. You can change any of the access control permissions to specifically restrict or limit the functionality.

    As a good practice, the REST API admin should have the minimum permissions required to complete the request.

    In this section, we only need access to the firewall address permission group. Populate the fields as shown in the image below.

     

    FortiGate API

     

    Click OK to create the Firewall_Read admin profile with only the Firewall and Address permissions changed as shown. A REST API admin with read-only permission to a resource can only send read requests (HTTP GET) to the resource.

    FortiGate: Create a REST API Admin

    To generate a new REST API admin:

    • Navigate the FortiGate GUI, click on System and select administrators
    • Click on the Create New icon and choose REST API admin

    The New REST API admin window will show up. Give it a descriptive name for the API user. In our case, it will be Firewall_Read_User.

    Disable the public key infrastructure (PKI Group) as it will not be used at the moment. ‘CORS Allow Origin’ will also stay disabled for the moment.

    In the trusted hosts’ field, paste the IP address from previously seen active administrator sessions, and with forward-slash(/32) in order to match your trusted source IP address only.

    Also, in the REST API administrator, you are required to restrict access to one or more trusted subnets. To ensure the API token can only be used from trusted hosts, the source address needs to be specified!

     

    FortiGate API

     

    The new REST API admin can now be confirmed by clicking OK.

    The system will automatically generate a new API key, this key will only be displayed once. Please copy that key and hit close. If you lose your API key and you want to generate a new one, you can do so, by going back to the administrator and clicking on the regenerate icon, the regenerated API key will once again be unique and all previous keys will be invalidated.

     

    How To Create a REST API admin using the CLI

    Modify the sample below to create the REST API admin.

     

    FortiGate API

     

    Then generate an API token using the CLI command below. Make note of the token as it is only shown once

     

    FortiGate API

     

     

     

    FortiGate API

     

    More Blogs for you:

     

    Relevant Exams: NSE4