FortiCloud Products
FortiCloud Products
vraev
Staff
Staff
Article Id 250546

Description

 

This article describes how to set up the API call to FortiManager Cloud or FortiAnalyzer Cloud.

 

Scope

 

FortiManager Cloud and FortiAnalyzer Cloud.

 

Solution

 

Open one of the following URLs depending on the platform:

 

After opening the corresponding page, locate the instance of choice. Select the API button in the bottom below.

 

cloud_page_1.png

 

From the new panel that appears, select and copy the provided example of the JSON API.

 

To create an API user, go to https://support.fortinet.com/iam/#/users.

Under the IAM portal -> Permission Profiles -> Add New.

 

IAM_USER_PROFILE1.png

 

From Add Portal choose FortiAnalyzer Cloud / FortiManager Cloud. Then enable the access and the proper level of access.

Under the IAM portal -> User Groups -> Add Another Group.

 

IAM_GROUP_CREATION1.png

 

Choose the name of the group and attach the proper permission profile.

Under the IAM portal -> Users -> Add New -> API user.


IAM_API_USER_CREATION1.png

 

IAM_API_USER_CREATION_CREDENTIALS2.png

 

Choose the proper user group for the user and then download the credentials.


To review that the API call is working correctly use the following methods:

BASH script:

 

#!/bin/bash


# IAM API user

url_base="https://xxx.fortimanager.forticloud.com"

url="$url_base/jsonrpc"

 

# user

user="6BD4E324xxx"

passwd="xxxxxx"

 

# 1, get token from FortiCare, url is defined in admin portal Server Config -> API user setting -> FAC_OAUTH_API_URL

token=$(curl --silent -k -X POST \

https://customerapiauth.fortinet.com/api/v1/oauth/token/ \

-H 'Content-Type: application/json' \

-d '{"username": "'$user'", "password": "'$passwd'", "client_id" : "FortiManager", "grant_type": "password" }' | jq -r '.access_token')


echo 'access token is '$token

 

# 2, get session from instance

session=$(curl -k -X POST --http1.1 --silent $url_base/p/forticloud_jsonrpc_login/ \

-H 'Content-Type: application/json' \

-d '{"access_token": "'$token'"}' | jq -r '.session')

 

# response

echo 'session is '$session

 

echo "******************System Status*************************"

# Get sys status from instance

curl -k -X POST --http1.1 $url \

-H 'Content-Type: application/json' \

-d '{"method": "get", "params": [{ "url": "/cli/global/system/status"}], "session": "'$session'", "id": 1}' | jq .

 

The output from the API call:

 

API_test_output_1.png

 

API Platform to send requests:

  1. Use the credentials and obtain an access token from the Oauth API URL 'https://customerapiauth.fortinet.com/api/v1/oauth/token/'.


{

    "content_type""application/json",

    "username""52C28D9C-XXXX-XXX-XXX-XXXX10F2186",

    "password""c60f4XXXXXXXXXXXXXXXXXXd2!1Aa",

    "client_id""FortiManager",

    "grant_type""password"

}

 

Note: Value for client_id can be 'FortiManager' or 'FortiAnalyzer' depending on the cloud service.

 

  1. Access tokens will be received in response to the above request.

FMG_cloud_access1.png

  1. Using the access_token send a login request to <FMG cloud URL>/p/forticloud_jsonrpc_login/.

FMG_cloud_access2.png

  1. Now the session key will be received and can be used to send further requests.

FMG_cloud_access3.png

Note: Steps are the same for both FortiManager and FortiAnalyzer Cloud.

 

Related documents: