Technical Tip: How to verify Rest API key from CLI

Description

This article describes how to check validity of Rest API key.

Scope

FortiNAC-F.

Solution

Credential Validation for FortiGate might be successful, but the L2 Poll is failing with error 'Warning: Failed to execute CLI commands for FortiGate at x.x.x.x'.

First check from CLI if REST API service and port are fine:

curl -k https://<FGT_IP>:<API_port>

Any output except the errors is considered good.

Next step is to verify if FortiGate API token is valid with the following query:

fnac-1:~$ curl -k -o /dev/null -s -w "%{http_code}
" -H "Authorization: Bearer <TOKEN>" https://<FGT_IP>:<API_port>/api/v2/monitor/system/status

Replace TOKEN , FGT_IP and API_port .

Result:

• 200 -> token valid.

• 401 -> invalid token.

• 403 -> permission issue.

• 500 -> FortiGate API internal issue.

If token returns 401 Unauthorized the following article might help to generate new token and verify the permissions:

Technical Tip: How to configure and use API token to communicate with FortiGate