Description
This article describes how to validate user credentials through REST API using JSON format in FortiAuthenticator (Postman Application and Python Script).
Solution
This REST API is for the validation of local user password and token passcode or remote user passcode Only.
Validation of remote (LDAP) user password is not supported.
This is by design as most systems have an established mechanism for authentication via e.g.
LDAP or some other proprietary mechanism as shown below.
To authenticate a user, you need to POST to https://[server_name]/api/1/auth/ with the following key-value pair (in JSON format and XML is also supported):
- Authorization type which contains FAC admin REST API key must be authorization type as Basic Auth.
- The 'Content-Type’ must be as ‘application/json' in HTTP Request Header.
Refer below HTTP API Request format in Wire shark for reference:
This article describes how to validate user credentials through REST API using JSON format in FortiAuthenticator (Postman Application and Python Script).
Solution
This REST API is for the validation of local user password and token passcode or remote user passcode Only.
Validation of remote (LDAP) user password is not supported.
This is by design as most systems have an established mechanism for authentication via e.g.
LDAP or some other proprietary mechanism as shown below.
To authenticate a user, you need to POST to https://[server_name]/api/1/auth/ with the following key-value pair (in JSON format and XML is also supported):
{"username": "<username>","password": "<password>"}If password and token are specified, Then include token_code Key & Value as well.
{"username": "<username>", "token_code": "<token_code>",• JSON specified via Accept Header.
"password": "<password>"}
curl --location --request POST 'http://<FAC-IP>/api/v1/auth/'- The POST data which contains user credentials must be in JSON format in key and value format.
--header 'Authorization: Basic YmRlWnpmaXRkU1pKYU1LTF’
--header 'Content-Type: application/json'
--data-raw '{"username":"sumithapa","password":"userpassword"}'
- Authorization type which contains FAC admin REST API key must be authorization type as Basic Auth.
- The 'Content-Type’ must be as ‘application/json' in HTTP Request Header.
Refer below HTTP API Request format in Wire shark for reference:
Response codes.
In addition to the general codes defined in Appendix A – API response codes, a POST request to this resource can result in the following return codes:
In addition to the general codes defined in Appendix A – API response codes, a POST request to this resource can result in the following return codes:
Refer below example to validate user credentials through Postman application:
1) Configure the API Request URL and Authorization header as 'Basic Auth, then mention FortiAuthenticator admin name and password as 'REST API' key received by mail.
1) Configure the API Request URL and Authorization header as 'Basic Auth, then mention FortiAuthenticator admin name and password as 'REST API' key received by mail.
2) Configure the POST data in JSON format.
In case of failed authentication, HTTP 401 unauthorized response packet from the FortiAuthenticator will appear, which means user authentication failed because of incorrect credential.
Refer below example to validate user credentials through Python Script:
import requests- User authentication successful (HTTP 200 OK Packet).
import json
from requests.auth import HTTPBasicAuth
headers = {"Content-Type":"application/json"}
task={"username":"Sumitthapa","password":"testusesr"}
x = requests.post("https://<FAC-IP> /api/v1/auth/?format=json",json=task,headers=headers,
auth=HTTPBasicAuth('admin', 'xxxxxxx'),verify=False)
Axdatajson = x.headers
#AxdatajsonSumit = x.content
rcode=x.status_code
print("HTTP Response Code: "+str(rcode)+"\n");
print(str(Axdatajson));
print(str(x.content));
- User authentication failed (HTTP 401 Unauthorized).
Related link.
