Description
This article describes how to enable the REST API for FortiAuthenticator.
Scope
FortiAuthenticator v6.2.0 and above.
Solution
An API (Application Programming Interface) is a set of defined interfaces to perform certain tasks. Consuming information from FortiAuthenticator is one example: such as using it to get, create and modify information related users, attributes and other related data.
FortiAuthenticator provides a REST (Representational State Transfer) API for interaction with components of the system. External programs interact with the REST API over HTTP protocol. After receiving the request, the FortiAuthenticator API sends back an HTTP response code.
To enable the API, log in as a user with administrator rights and select Web Service Access. An email address is required since the key for API access will be sent to the email address of the user. The key is required in each interaction to have access to the different API actions.
As of FortiAuthenticator 6.2.0, the API key for admin users can be viewed and copied from the GUI and/or emailed to the user email address.
Upon enabling 'Web Service Access', these options will become visible.
If the key is lost, disable 'Web service access' and then enable it again to generate and send a new key. The old key will become invalid.
When using curl commands, it is recommended to provide the administrator username and password. In this case, the password would be the API admin key.
For example: for a command to list local users on FortiAuthenticator, the administrator's username is 'admin' and the password is the API key obtained in the prior steps.
For example:
