Description

 

This article describes how to set up the API call to FortiManager Cloud or FortiAnalyzer Cloud.

 

Scope

 

FortiManager Cloud and FortiAnalyzer Cloud.

 

Solution

 

Open one of the following URLs depending on the platform:

• FortiManager Cloud: https://fortimanager.forticloud.com/organization.
• FortiAnalyzer Cloud: https://fortianalyzer.forticloud.com/organization.

 

After opening the corresponding page, locate the instance of choice. Select the API button in the bottom below.

 

 

From the new panel that appears, select and copy the provided example of the JSON API.

 

To create an API user, go to https://support.fortinet.com/iam/#/users.

Under the IAM portal -> Permission Profiles -> Add New.

 

 

From Add Portal choose FortiAnalyzer Cloud / FortiManager Cloud. Then enable the access and the proper level of access.

Under the IAM portal -> User Groups -> Add Another Group.

 

Choose the name of the group and attach the proper permission profile.

Under the IAM portal -> Users -> Add New -> API user.

 

 

Choose the proper user group for the user and then download the credentials.

To review that the API call is working correctly use the following methods:

BASH script:

 

#!/bin/bash

# IAM API user

url_base="https://xxx.fortimanager.forticloud.com"

url="$url_base/jsonrpc"

 

# user

user="6BD4E324xxx"

passwd="xxxxxx"

 

# 1, get token from FortiCare, url is defined in admin portal Server Config -> API user setting -> FAC_OAUTH_API_URL

token=$(curl --silent -k -X POST \

https://customerapiauth.fortinet.com/api/v1/oauth/token/ \

-H 'Content-Type: application/json' \

-d '{"username": "'$user'", "password": "'$passwd'", "client_id" : "FortiManager", "grant_type": "password" }' | jq -r '.access_token')

echo 'access token is '$token

 

# 2, get session from instance

session=$(curl -k -X POST --http1.1 --silent $url_base/p/forticloud_jsonrpc_login/ \

-H 'Content-Type: application/json' \

-d '{"access_token": "'$token'"}' | jq -r '.session')

 

# response

echo 'session is '$session

 

echo "******************System Status*************************"

# Get sys status from instance

curl -k -X POST --http1.1 $url \

-H 'Content-Type: application/json' \

-d '{"method": "get", "params": [{ "url": "/cli/global/system/status"}], "session": "'$session'", "id": 1}' | jq .

 

The output from the API call:

 

 

API Platform to send requests:

1. Use the credentials and obtain an access token from the Oauth API URL 'https://customerapiauth.fortinet.com/api/v1/oauth/token/'.

{

    "content_type": "application/json",

    "username": "52C28D9C-XXXX-XXX-XXX-XXXX10F2186",

    "password": "c60f4XXXXXXXXXXXXXXXXXXd2!1Aa",

    "client_id": "FortiManager",

    "grant_type": "password"

}

 

Note: Value for client_id can be 'FortiManager' or 'FortiAnalyzer' depending on the cloud service.

 

2. Access tokens will be received in response to the above request.
   
   

3. Using the access_token send a login request to <FMG cloud URL>/p/forticloud_jsonrpc_login/.
   
   

4. Now the session key will be received and can be used to send further requests.
   
   

Note: Steps are the same for both FortiManager and FortiAnalyzer Cloud.

 

Related documents:

• Docs: Adding IAM users.
• Docs: Introduction to FortiManager Cloud.