Skip to main content
ByteHaven
ByteHaven
Explorer III
November 4, 2025
Question

FortiNAC rest API and L3 polling

  • November 4, 2025
  • 1 reply
  • 561 views

Hello FNAC admins,

I’m reading this article about the recommended way to deploy FortiNAC:

FortiNAC deployment 

I got to part 3 about polling, specifically the REST API section. It says:

“The API key allows FortiNAC to bypass the need to authenticate every time it connects, improving performance.”

Screenshot 2025-11-04 214939.png

I’m not fully sure what that means in practice. What exactly does the API key do, and is it really necessary to configure it?

There’s also another line that says:

“It is also important to verify that L3 devices that are added in FortiNAC will not be automatically included in the L3 polling feature.”

Screenshot 2025-11-04 215002.png

I’m a bit confused about this part, if we add Layer 3 devices to FortiNAC but don’t include them in L3 polling, what’s the point of adding them? Does that mean I shouldn’t use polling on firewalls and only use it on access switches? If so is there a specific list of devices to exclude from FortiNAC

 

Thanks in advance for your help

BR,

 

1 reply

AEK
SuperUser
AEK
SuperUser
November 5, 2025

Hi BH

When API ffirst login with id and password it receives a key. Then for all following requests it uses the key instead of reintering user and pass.

It is recommended to use API for faster response.

For your second question the document just means when you add a router or firewall to FNAC the L3 poll is not enabled automatically, and you need to enable it manually as explained . 

AEK
    ByteHaven
    ByteHavenAuthor
    Explorer III
    November 5, 2025

    Hey AEK,

    Thank you for your answer.

    Sorry for my ignorance, but what do they mean by FNAC authenticating every time? Does that mean FortiNAC has to authenticate each time during the polling process ? and to automate that it is recommened to use API ?

    BR,

    AEK
    SuperUser
    AEK
    SuperUser
    November 5, 2025

    Absolutely, it logs in on every L2/L3 poll, and also when changing the VLAN for a port, and other operations.

    The API is to avoid logging in each time it needs to run a command, and also it is fast because it is done in one shot, and the output has a standard format (JSON).

    While the classic mode is using CLI (ssh/telnet) where FNAC logs in, then enters a command, then waits for a specific output, then enters the next command, ... and so... Also the output is not in standard format.

    You guess now how API is faster and cleaner.

    AEK
      Terms & ConditionsAccessibility statement