Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pciurea
Staff & Editor
Staff & Editor

Created on ‎01-26-2026 02:37 AM

Article Id 428242

Technical Tip: FortiGate Cloud API: Device endpoints not accessible anymore after switching to OUs in the Support website

Description

This article describes the behavior where device endpoints are not accessible anymore via API after switching to OUs in the Support site.

 

Custom monitoring or integration scripts that previously worked begin failing with an authentication-related error, despite valid credentials and access tokens.

 

OAuth authentication completes successfully and returns a valid access_token.

API calls to individual device endpoints continue to work.

API call to retrieve all devices fails:

 

https://XXapi.fortigate.forticloud.com/forticloudapi/v1/devices

 

Error returned:

 

{"error":"invalid_client","error_description":"Authentication failed","error_code":-1}
Scope FortiGate Cloud API.
Solution

When Organizational Units (OUs) are enabled in the Fortinet Support Portal, the FortiGate Cloud API requires an explicit account context for certain endpoints.

The /devices endpoint no longer defaults to a single account and therefore requires the account_id parameter to be specified.

 

Append the account_id query parameter to the /devices endpoint.

Corrected endpoint:

 

https://XXapi.fortigate.forticloud.com/forticloudapi/v1/devices?account_id=XXXX

 

Example to EU region:

 

https://euapi.fortigate.forticloud.com/forticloudapi/v1/devices?account_id=XXXX

 

How to find the account ID:

  • Log in to the Fortinet Support Portal.
  • Navigate to account or OU settings.
 
 

2026-01-26 10_27_42-Search Result — Mozilla Firefox.png

 

  • Select the Organization:

 

2026-01-26 10_33_58-Search Result — Mozilla Firefox.png

 

  • Locate the Account ID associated with the relevant Organization.

 

Additional notes:

  • This behavior change primarily affects environments that have migrated to OU-based account management.

  • API calls scoped to a specific device serial number do not require the account_id parameter.

  • Existing integrations may need to be updated to include this parameter when querying account-wide resources.
Labels:
53
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.