While testing the Fortigate HTTP template (based on tag 7.4.3), we identified a problem related to token-based authentication in the Fortinet API requests.

Inside multiple HTTP item scripts, we observed that the function getHttpData(url) is defined as follows:
 

 
function getHttpData(url) { 
    request.addHeader('Accept: application/json');
    request.addHeader('Authorization: Bearer ' + params.token);
    response = request.get(url);

The issue arises when this function is called more than once:
the request object retains previously added headers, causing two identical “Authorization” headers to be sent in subsequent requests.
As a result, the Fortinet API returns a 401 Unauthorized error when receiving duplicate Authorization headers.

Proposed fix:
To ensure each request is sent with a clean header set, we added a line to recreate the HttpRequest object at the start of the function:
 
 

function getHttpData(url) { 
    request = new HttpRequest();
    request.addHeader('Accept: application/json');
    request.addHeader('Authorization: Bearer ' + params.token);
    response = request.get(url);

This modification ensures that each invocation of getHttpData() creates a new, clean request object and avoids the 401 rejection from the Fortinet API gateway.

Environment:

• Template version: 7.4.3

• Device tested: Fortinet Fortigate 240 series

• Zabbix version: 7.4.3

• Authentication method: API token

Status:
Tested and confirmed working. After applying the fix, requests succeed consistently without authentication errors.