Description | This article describes how to enable the 'access_token' parameter in the URL for a FortiGate API request. |
Scope | FortiGate, REST API. |
Solution |
Since FortiGate 7.4.5, the API requests are not allowing the access_token as a URL parameter by default. This change has been made in order to be compliant with some security best practices, sensitive information should not be exposed in order to avoid any form of interception. The access_token must be passed within the HTTP headers, like in the example below:
config system global set rest-api-key-url-query enable
Once this done, the inclusion of access_token within URL parameters is allowed. However, as already mentioned, enabling this option should be carefully evaluated since it has the potential to expose the network to some risks. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.