So far I am able to retrieve a new API token via the GUI and by using the CLI methods. Would like however to retrieve a new API token via the POST method. Read the documentation from the link below and followed by using a POST /api/v2/monitor/system/api-user/generate-key?vdom=root and a body with
The API documentation states you need sysgrp.admin permission (System>Administration Users in the GUI's terminology). Does your account have that?
Additionally, I imagine there might also be some additional restrictions such as not being able to generate an API key for a "super_admin" API account. (which could be interpreted as a sort of "privilege escalation" potentially)
I did a quick test with 7.0.8, and while the docs say that sysgrp.admin is required, I was only able to generate a new API-key when the requesting api-user was a super_admin. (not even prof_admin (everything read-write) was sufficient).
I'm sorry but I have to ask again: Have you set the apiuser's (the account that is making the request) access profile to super_admin? Please do note that a profile with full read-write is not equivalent to super_admin.
An administrator Profile called super_admin does not appear under the drop down list when creating a REST API admin. For an Administrator, Local admin it does appear to have super_admin. Why then does super_admin appear missing for REST API admin?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.