The api-key is assigned by the FortiGate. It's not something you can supply.
Your post was formatted weird, so I unpacked it and got this:
config system api-user
edit "api-admin"
set comments "admin for API access only"
set api-key ENC SH23sQt? +/9D9/mKb1oQoDvlP32ggn/cpQeGcY/VGUe5S5WIr5nqU20xcNMYDQE=
set accprofile "API profile"
set vdom "root"
next
end
On 5.6, when you create an api-user, all you need is accprofile – then the api key is randomly assigned by FortiGate and then the user uses THAT api key in order to authenticate future queries. However, I don't believe the FortiGate will give you the API key when creating the user on command line.
To help show this, I created a user via the GUI and had “diag debug cli 8” turned on. Here’s the result:
90d # diag debug cli 8
Debug messages will be on for 30 minutes.
90d # diag debug enable
90d # 0: config system api-user
0: edit "testing-api"
0: set comments "This is a comment"
0: set accprofile "read_only"
0: set vdom "root"
0: set cors-allow-origin "
https://fndn.fortinet.net"
0: end
0: config system api-user
0: edit "testing-api"
0: config trusthost
0: edit 0
0: set ipv4-trusthost 192.168.1.0 255.255.255.0
0: end
0: end
0: config system api-user
0: edit "testing-api"
0: config trusthost
0: edit 0
0: set ipv4-trusthost 172.16.0.0 255.240.0.0
0: end
0: end
The API key was given in the GUI and is only shown one-time. This key is then used for authenticating future REST API queries.
For example, I may have been given the following API key in the GUI
cG7yp5pxba79jnd7Q1Hjcyjs6jngrH
but the end configuration shows this:
config system api-user
edit "testing-api"
set comments "This is a comment"
set api-key ENC SH28WlJVyJBQnOADIVSq+EOLx86dHMwDJfQViQsfgYA/M8qiCyVapnWdAQ8Gk4=
set accprofile "read_only"
set vdom "root"
set cors-allow-origin "
https://fndn.fortinet.net"
config trusthost
edit 1
set ipv4-trusthost 192.168.1.0 255.255.255.0
next
edit 2
set ipv4-trusthost 172.16.0.0 255.240.0.0
next
end
next
end
