Skip to main content
dj0Nz
dj0Nz
New Member
June 9, 2024
Solved

Fortigate API Request python

  • June 9, 2024
  • 3 replies
  • 7191 views

Hi,

I am struggeling with API requests to a Fortigate (Version 7.0.15). I used instructions from FNDN and got curl requests working as expected but the same request in python just throws a 401.

The python code:

 

url = 'https://fortigate/api/v2/cmdb/firewall/policy/?vdom=vdom‘ request_headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer <apikey>‘ } response = requests.get(url, headers=request_headers)

 

The same (working) request in curl:

 

curl -s -H "Accept: application/json" -H "Authorization: Bearer <apikey>“ https://fortigate/api/v2/cmdb/firewall/policy/?vdom=vdom

 

 Anyone has an idea what's wrong with the python request?

Best answer by dj0Nz

Ok this is kind of embarrassing: I was developing a Fortimanager API script a few weeks ago. For that, I was using a .netrc file to authenticate. 

 

From the Python request module documentation:

"If no authentication method is given with the auth argument, Requests will attempt to get the authentication credentials for the URL’s hostname from the user’s netrc file. The netrc file overrides raw HTTP authentication headers set with headers=."

 

Renamed .netrc file, everything's working fine, even without dedicated auth class.

Facepalm-Smiley.

3 replies

dj0Nz
dj0NzAuthor
New Member
June 9, 2024

Ok got it: After reviewing the requests documentation at https://requests.readthedocs.io/en/latest/user/authentication/, I defined an auth class I found on Stackoverflow at https://stackoverflow.com/questions/29931671/making-an-api-call-in-python-with-an-api-that-requires-a-bearer-token and bam that works.

 

Example:

 

 

import requests  url = 'https://fortigate/api/v2/monitor/system/status' headers = { "Content-Type": "application/json" } apikey = 'System_Generated_API_Key'  class bearer_auth(requests.auth.AuthBase):     def __init__(self, token):         self.token = token     def __call__(self, request):         request.headers["authorization"] = "Bearer " + self.token         return request  response = requests.get(url, headers=headers, auth=bearer_auth(apikey)) print(response.text)

 

 

    ebilcari
    Staff
    ebilcari
    Staff
    June 9, 2024

    Thanks for sharing your findings, I'm glad that you came up with a solution. Since "curl" was working initially that was an indication that FGT was not to blame :)

    Emirjon
    ogueechi
    ogueechi
    New Member
    June 9, 2024

    I haven’t played with python and the API but are your start and end times reversed so it is returning an empty result set/error?

    dj0Nz
    dj0NzAuthorAnswer
    New Member
    June 9, 2024

    Ok this is kind of embarrassing: I was developing a Fortimanager API script a few weeks ago. For that, I was using a .netrc file to authenticate. 

     

    From the Python request module documentation:

    "If no authentication method is given with the auth argument, Requests will attempt to get the authentication credentials for the URL’s hostname from the user’s netrc file. The netrc file overrides raw HTTP authentication headers set with headers=."

     

    Renamed .netrc file, everything's working fine, even without dedicated auth class.

    Facepalm-Smiley.

    Terms & ConditionsAccessibility statement