Technical Tip: FortiNAC-F REST API example to create guest user accounts
| Description | This article describes and explains an example of a Linux command shell execution to create Guest users. It is assumed that the commands used in the article are present (curl, date, tr, sed, head) and can run in a shell environment. Minimal scripting knowledge is beneficial. Commands and scripts should always be tested prior to implementing them in production, as incorrect implementation could potentially affect the production environment. |
| Scope | FortiNAC-F. |
| Solution | To create a Guest user in FortiNAC, the GUI can be used, or as an alternative, the REST API can be used. The latter is typically useful in repeatable operations, creating 20 users in a batch with certain criteria that the UI may not offer. Another factor is helpdesk interaction, where an integration with REST API over a smaller UI can be the easier choice than a helpdesk account on FortiNAC GUI.
To get a start, read the documentation on the REST API with FortiNAC, generate the access token, and general syntax in the documentation library of Fortinet:
A flat example of a static guest user creation is as follows:
curl -k --location --request POST 'https://nac .forti.lab:8443/api/v2/user/guest ' --header 'Content-Type: application/json' --header 'Authorization: hMndd5DXSopv8MsAoAZzz98kTxg2iY' --data-raw "{
The 'Time' notations are called an "epoch timestamp", that is, the count of seconds since 1st of January 1970, UTC. So "1770632803000" translates to "Monday, February 9, 2026 10:26:43 AM UTC'. These are also documented in broader detail in the documentation library: FortiNAC-F Guest Account details.
The set above is a single-use template to create a guest user. This may be used to fill out static users and delete them, and recreate them when needed. The following is a more automated approach that makes use of Linux CLI tools to provide a certain text format.
USERID=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 10 | sed -e 's/^/user_/g') echo ""
To break this command down: The following are variable declarations.
USERID=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 10 | sed -e 's/^/user_/g')
CLIENTID=$(curl -k --location --request POST 'https://nac .forti.lab:8443/api/v2/user/guest' --header 'Content-Type: application/json' --header 'Authorization: hMndd5DXSopv8MsAoAZzz98kTxg2iY' --data-raw "{ <-- This is the curl command, which, however, runs also as a variable declaration.
The 'raw data' blocks use the variables declared and are filled with the content.
\"userID\": \"$USERID\", \"email\": \"$USEREMAIL\",
The following fill in date variables.
\"creationTime\": $(date +%s000),
These use the 'date' command on Linux, which supplies the epoch timestamp but understands a literal value of days. As such, the user creation and user start time are 'now'. The account expiry and user end time will be two days from 'now'. This part still belongs to the curl command, and in case of success, the command returns a client database ID (response from FortiNAC).
-s | grep success | awk -F '[:}]' '{print $4}')
The returned value is written into the variable CLIENTID. Finally, the last line gives feedback with all the filled variables. These could also be written to a text file if required.
echo ""
This is a sample output of the complete command:
On the UI with all tests, these have been created, with the latest user at the bottom:
As seen here, an automated approach can be helpful. Note: If there is no limit on creating the accounts, FortiNAC's database could get very large, very quickly.
|
