Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
kwcheng__FTNT
Staff
Staff

Created on ‎01-07-2026 01:44 AM

Article Id 425624

Technical Tip: Understanding the log message 'Web Service Access'

Description This article describes the typical circumstances behind the 'Logs any request or access to the web service'.
Scope FortiAuthenticator.
Solution

Event ID 50501 indicates that a request has been made to the FortiAuthenticator web service and is logged whenever the web service is accessed.

Event ID 50501 can be categorized into two types of activities. Incoming requests, which are requests sent to the FortiAuthenticator web service and must be handled via the HTTP API, and outgoing requests, which are initiated by the FortiAuthenticator web service and sent to external services, such as the public FortiToken server.

 

For incoming HTTP requests, the associated HTTP status codes (such as 200 OK or 4XX Bad Request) provide useful indicators for troubleshooting, helping to determine whether the problem is caused by a client-side request issue or a server-side processing error.

 

Samples of incoming authentication requests that are handled by the Web service API:

 

date=2026-01-07 time=14:13:33+0000 oid=8888 logid=50501 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Receiving an authentication request for user "fortinet/test"" user="test"


date=2026-01-07 time=14:13:33+0000 oid=8888 logid=50501 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="HTTP GET request succeeded for "/api/v1/userfortitokenpolicy/" (Response: HTTP 200 - {'token_type': None, 'token_model': None, 'token_algo': None, 'token_platform': None, 'token_identifier': None, 'is_push_enabled': False, 'is_offline_enabled': False, 'max_duration_totp': 7, 'max_number_hotp': 10, 'allowed_drift_totp': 3, 'allowed_drift_hotp': 6, 'is_emergency_code_enabled': False, 'emergency_code_period': 7, 'email_sms_token_timeout': 120, 'local_users_allowed': False})" user="test"


date=2026-01-07 time=14:13:33+0000 oid=8888 logid=50501 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Receiving HTTP GET request at "/api/v1/userfortitokenpolicy/" from "192.168.1.1"" user="test"


date=2026-01-07 time=14:13:33+0000 oid=8888 logid=50501 cat="Event" subcat="Web Service" level="information" nas="" action="Authentication" status="Success" msg="Authentication succeeded for "test" using password" user="test"

 

date=2026-01-07 time=14:13:33+0000 oid=8888 logid=50501 cat="Event" subcat="Web Service" level="warning" nas="" action="" status="" msg="HTTP POST request from "(null)" failed for "/api/v1/auth\/?$": User authentication failed (Response: HTTP 401,username=test, token_code=)" user="test"

 

Samples of outgoing authentication requests that are handled by the Web service:

 

date=2026-01-07 time=14:13:33+0000 oid=8888 logid=50501 cat="Event" subcat="Web Service" level="error" nas="" action="" status="" msg="Failed to send notification to user[test] due to pushd error -3: FTM server returned error" user=""

 

These logs can be viewed under Log Access -> Logs -> Filter '50101'.
101
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.