Created on 03-28-2023 06:30 AM Edited on 11-28-2024 11:26 PM By Jean-Philippe_P
Description
This article describes how to set up the API call to FortiManager Cloud or FortiAnalyzer Cloud.
Scope
FortiManager Cloud and FortiAnalyzer Cloud.
Solution
Open one of the following URLs depending on the platform:
After opening the corresponding page, locate the instance of choice. Select the API button in the bottom below.
From the new panel that appears, select and copy the provided example of the JSON API.
To create an API user, go to https://support.fortinet.com/iam/#/users.
Under the IAM portal -> Permission Profiles -> Add New.
From Add Portal choose FortiAnalyzer Cloud / FortiManager Cloud. Then enable the access and the proper level of access.
Under the IAM portal -> User Groups -> Add Another Group.
Choose the name of the group and attach the proper permission profile.
Under the IAM portal -> Users -> Add New -> API user.
Choose the proper user group for the user and then download the credentials.
To review that the API call is working correctly use the following methods:
BASH script:
#!/bin/bash
# IAM API user
url_base="https://xxx.fortimanager.forticloud.com"
url="$url_base/jsonrpc"
# user
user="6BD4E324xxx"
passwd="xxxxxx"
# 1, get token from FortiCare, url is defined in admin portal Server Config -> API user setting -> FAC_OAUTH_API_URL
token=$(curl --silent -k -X POST \
https://customerapiauth.fortinet.com/api/v1/oauth/token/ \
-H 'Content-Type: application/json' \
-d '{"username": "'$user'", "password": "'$passwd'", "client_id" : "FortiManager", "grant_type": "password" }' | jq -r '.access_token')
echo 'access token is '$token
# 2, get session from instance
session=$(curl -k -X POST --http1.1 --silent $url_base/p/forticloud_jsonrpc_login/ \
-H 'Content-Type: application/json' \
-d '{"access_token": "'$token'"}' | jq -r '.session')
# response
echo 'session is '$session
echo "******************System Status*************************"
# Get sys status from instance
curl -k -X POST --http1.1 $url \
-H 'Content-Type: application/json' \
-d '{"method": "get", "params": [{ "url": "/cli/global/system/status"}], "session": "'$session'", "id": 1}' | jq .
The output from the API call:
API Platform to send requests:
{
"content_type": "application/json",
"username": "52C28D9C-XXXX-XXX-XXX-XXXX10F2186",
"password": "c60f4XXXXXXXXXXXXXXXXXXd2!1Aa",
"client_id": "FortiManager",
"grant_type": "password"
}
Note: Value for client_id can be 'FortiManager' or 'FortiAnalyzer' depending on the cloud service.
Using the access_token send a login request to <FMG cloud URL>/p/forticloud_jsonrpc_login/.
Note: Steps are the same for both FortiManager and FortiAnalyzer Cloud.
Related documents:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.