Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
agasqueparis
Staff
Staff

Created on ‎06-18-2025 06:38 AM

Article Id 396994

Technical Tip: How to enable the FortiAuthenticator REST API and manage user accounts via API

Description

 

This article describes how to enable the FortiAuthenticator REST API and update local user accounts via the API.

 

Scope

 

FortiAuthenticator v6.5.

 

Solution

 

By default, the REST API services are disabled and need to be enabled and configured to receive and process API requests.

To enable the REST API Server, adjust the admin access at the interface level and create a new admin user or modify an existing one, which allows an administrator to access the web services via a REST API, as described below:

 

  1. Enable the REST API services, under System -> Network -> Interfaces -> Select the network port -> Enable the option REST API (/api/).

 

agasqueparis_0-1750251015809.png

 

  1. Create a user under Authentication -> User Management -> Local Users -> Create New.

     

    agasqueparis_1-1750251015816.png

     

    Note: After creating the user, make sure to configure the email field to receive the API token. Refer to the related articles for instructions on setting up the SMTP server.

     

     

  2. To enable API services on the new account, toggle the Web Service Access button and select Save. Password confirmation will be requested.

     

    agasqueparis_2-1750251015822.png

     

     

  3. The API access key will be shown as below. Save the access key or request to send the API key over email.

     

    agasqueparis_3-1750251015825.png

     

    Note: The API can only be enabled for local FortiAuthenticator users. If the API token is lost, it’s necessary to disable and enable Web Service Access again to generate a new API token.

     

     

  4. With the API access key in hand, a test can be performed to ensure the API server is listening and working. Issue the following commands:

     

 

curl -k -X GET -u "api-admin:Zx0PGUsEnSIw5hwn7BVTNlQzcDlWQXwEmkuYN6Lo" https://192.168.31.72/api/v1/systeminfo/

 

agasqueparis_4-1750251015826.png

 

Now that the REST API is enabled, the user database can be queried and the user updated to enforce a password change, as shown below:

 

  1. Query a newly created user or modify an existing one, and find the user ID, for example, account John Doe is being filtered, and the ID is 18.

 

curl -k -X GET -u "api-admin:Zx0PGUsEnSIw5hwn7BVTNlQzcDlWQXwEmkuYN6Lo" https://192.168.31.72/api/v1/localusers/?username__exact=johndoe

 

agasqueparis_5-1750251015828.png

 

Note: Administrator users are not returned in API queries.

 

  1. After obtaining the user ID, an API PATCH command can be sent to modify the field 'change_password', to enable the option 'Force password change on next logon'.

 

 

curl -k -v -u "api-admin:Zx0PGUsEnSIw5hwn7BVTNlQzcDlWQXwEmkuYN6Lo" -X PATCH -d "{\"change_password\": true}" -H "Content-Type: application/json" https://192.168.31.72/api/v1/localusers/18/

 

agasqueparis_6-1750251015833.png

 

The field 'change_password' is now set to true, and the GUI will reflect this change accordingly.

In the related articles, find detailed information and supported methods for the FortiAuthenticator REST API.

 

Related documents:

The FortiAuthenticator API

Example API calls

Technical Tip: FortiAuthenticator self-service portal

Technical Tip: Force password change for local users

Creating a new SMTP server

201
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.