FortiAuthenticator = Standalone Box(as SRX)
- What?
- This is a IAM device which provides Authentication(using RADIUS, LDAP), Two Factor Authentication(token) IEEE802.1X(wireless) Support, User Identification, Certificate Management, Integration(third party RADIUS and LDAP authentication systems)
- The REST API can also be used to integrate with external provisioning systems.
REST API Solution (Version 6.6.0)
-
Usage of REST API Method
Create(POST), Update(PUT), delete configuration settings
-
Supported Methods
| Method | URL | Operation description | Success response code |
|---|---|---|---|
| GET(list) | /[resource]/[id]/ | Retrieve a specific resource with ID id from the endpoint | 200 ok |
| POST | /[resource]/ | Create a new resource on the given endpoint. | 201 created |
| PUT(list) | /[resource]/ | Update all of the resources for the given endpoint | 204 NO CONTENT |
| PUT(detail) | /[resource]/[id]/ | Update an existing item specified with ID id | 204 NO CONTENT |
| DELETE(list) | /[resource]/ | Delete all resources from an endpoint | 204 NO CONTENT |
| DELETE(detail) | /[resource]/[id]/ | Delete an existing resource specified with ID id from an endpoint | 204 NO CONTENT |
Authentication Methods for REST Endpoints
sequenceDiagram
participant User
participant User's abc@gmail.com
participant User's Browser
participant FortiAuthenticator-Web-Interface
note over User's Browser: Open FortiAuthenticator Device's Web
Interface in web brower
User's Browser ->> FortiAuthenticator-Web-Interface: Login (Administrator)
note over FortiAuthenticator-Web-Interface: user management:
Create a new user>Role=Admin
Web service access=Enable
user Email=abc@gmail.com
FortiAuthenticator-Web-Interface ->> User's abc@gmail.com: Send API_Key(xxx) to user email
note over FortiAuthenticator-Web-Interface: Autogenerated Web_Service_Key
This is used to authenticate API_key sent on mail
note over User: https://[server_name]/api/[api_version]/[resource]/
https://FortiAuthenticator/api/v1/[resource]/id
note over User: curl -k -v -u "username:password=API_KEY(xxx)" https://192.168.0.122/api/v1/?format=json
User ->> FortiAuthenticator-Web-Interface: GET /api/v1/?format=json HTTP/1.1 Host: 192.168.0.122 Authorization: Basic username:password=API_KEY(xxx)
sequenceDiagram
participant User
participant User's Browser
participant FortiAuthenticator
participant FortiAuthenticator-Web-Interface
note over User's Browser: Open FortiAuthenticator Device's Web
Interface in web brower
User's Browser ->> FortiAuthenticator-Web-Interface: Login (Administrator)
note over FortiAuthenticator-Web-Interface: user management:
Create a new user>Generate client_id,secret
User ->> FortiAuthenticator: POST /logincheck HTTP/1.1
Content-Type: application/x-www-form-urlencoded
username=client_id&secretkey=client_secret&ajax=1
note over FortiAuthenticator: Valid Login
FortiAuthenticator ->> User: HTTP Response (APSCOOKIE=123, ccsrftoken=456)
note over User: Extract CSRF token from the 'ccsrftoken' cookie.
Will use in further requests
User ->> FortiAuthenticator: POST /some_endpoint HTTP/1.1
X-CSRFTOKEN:456
{ "data": "example" }
note over FortiAuthenticator: This is valid token
User ->> FortiAuthenticator: POST /logout HTTP/1.1 {End Session}
note over FortiAuthenticator: Invalidate authentication cookie and CSRF token