FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
tnesh
Staff
Staff
Article Id 266593
Description This article describes how to create an IAM API user and generate an API access token for FortiManager Cloud.
Scope

FortiManager/FortiAnalyzer Cloud v7.0 & v7.2.

Solution

Note: 

  • FortiManager Cloud and the Postman application will be used as an example in this article.

 

Requirements:

  • A FortiCloud Master user account, OR...
  • A user that has access permission to the FortiCloud IAM account.

 

Create an IAM API User:

  1. Create an IAM API user account from FortiCloud (support.fortinet.com):
    Navigate to FortiCloud -> Services -> IAM -> Users -> Add New -> API User.

 

1.forticloud-create-new.png

   

  1. Select the appropriate Permission Profile -> Select Next -> Verify the details -> Select Confirm.
  2. A Successful API User Registration page will be shown:

 

2.forticloud-create-new-success.png

 

  1. Navigate to bottom of the page and select Download Credentials:

 

3.download-credential.png

 

  1. Enter a Password to protect the API credentials and select Proceed:

 

4.credential-password.png

 

  1. API credentials will be downloaded onto the local PC in .zip format.
  2. Open the API_Credential text file from the downloaded zip file.
5.api-credential-text-file.png

 

  1. The API Credential text file will contain the following information. This information will be used to generate the access token. 

apiId: < IAM API User ID >
password: < IAM API User password >

clientId for FortiManager Cloud: FortiManager

clientId for FortiAnalyzer Cloud: FortiAnalyzer

 

Generate a token for the IAM API user:

  • In this example, the Postman application will be used to send an API request to FortiManager-Cloud.

 

  1. In Postman, perform a POST request in order to obtain the access token:

POST: https://customerapiauth.fortinet.com/api/v1/oauth/token/

Body:

{
"username": "< IAM API User ID >",
"password": "< IAM API User password >",
"client_id": "FortiManager",
"grant_type": "password"
}

Select Send.

6.get-access-token.png

  1. Copy the 'access_token' from the response page.
7.get-access-token-success.png

 

  1. Perform another POST request and paste the access_token value under the API body:

POST: https://<fmg-cloud-instance-URL>/p/forticloud_jsonrpc_login/

Body:

{
"access_token": "< access_token >"
}

Select Send.

8.get-session-id.png

 

  1. Copy the 'session' from the response page.

 

9.get-session-id-success.png

 

  1. Once the session ID has been obtained, proceed to make the necessary API request using the session ID. For example:

POST: https://<fmg-cloud-instance-URL>/jsonrpc

Body:

{
"method": "get",
"params": [
{
"url": "/sys/status"
}
],
"session": "< session >",
"id": 1
}

Select Send.

10.get-sys-status.png

  1. Verify the output and proceed to make the necessary changes on the API request, according to the requirements.

 

Related documents:

Contributors