Troubleshooting Tip: Troubleshooting the FortiADC API Gateway

The most common issue in the FortiADC API Gateway is when even after adding Restrict Access IP, other IPs can still access the API.

In this scenario, the API is only accessible from these 2 IPs.

Troubleshooting steps should be followed as shown below:

1. Check the API Gateway Rule to make sure the User added this rule.
   
   

2. Check the API Gateway Policy to make sure there is a configured rule to attach the API Gateway Policy.

3. Check the WAF Profile to make sure the API Gateway is linked here.

4. Check the Security configuration for the Virtual Server to make sure the WAF profile is linked here.

The most common mistake at this point is to think about accessing the API from other IPs after checking and completing the configuration. However, the most important field is shown under the API gateway user and API gateway rule.

While creating an API Gateway User as shown in the API Gateway Rule configuration below, two additional values are created: UUID and API KEY.

API Key should be used when generating the actual request with the HTTP Header name 'authkey'.

After finishing the configuration, the Security Log (WAF) log shows that the API is restricted from other IPs.

Related document:

API Gateway - FortiADC handbook