Technical Tip: How to extract the CSRF token from a standalone FortiSwitch

To retrieve the CSRF token from a standalone FortiSwitch, follow the steps below.

• Authenticate to the FortiSwitch:

From a Linux system, execute the following command.

Make sure to replace the IP address, username, and password with the appropriate values for the target environment.

curl -k -c cookies.txt -X POST "https://x.x.x.x/logincheck" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin&secretkey=password" -s -D headers.txt

This command:

Authenticates against the FortiSwitch.

Stores session cookies in cookies.txt.

Saves the response headers (including the CSRF token) in headers.txt.

• Extract the CSRF token.

Run the following command to extract the CSRF token from the response headers:

CSRF_TOKEN=$(grep -i ccsrftoken headers.txt | awk '{print $2}' | tr -d '\r')
echo $CSRF_TOKEN

The output will display the CSRF token that must be used in subsequent API requests.

• Perform an API request using the CSRF token.

Adjust the IP address and CSRF token, then run the API request:

curl -k -b cookies.txt "https://x.x.x.x/api/v7.2.0/cmdb/switch/static-mac/" \
-H "Accept: application/json" \
-H "X-CSRFTOKEN: DF6293227A5C4E139CF31AE0A4F7547D"

This command uses:

The authenticated session is stored in cookies.txt.

The extracted CSRF token via the X-CSRFTOKEN header.

Note:

Always use the IP address of the FortiSwitch from which the CSRF token is being extracted.