Help
FortiADC
FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.
scheehan_FTNT
Staff & Editor
Staff & Editor

Created on ‎11-17-2023 06:18 AM

Article Id 284827

Technical Tip: Extracting cookie and token information for API usage

Description

This article describes and demonstrates steps to extract cookie and token information for API usage.
Scope FortiADC.
Solution

Security and Network admin often need to conduct API tasks. Sometimes, it can be troublesome to manually output the HTTP header and body data, and then copy the necessary information to continue communicating with API devices. For this demonstration, this article provides steps to extracting Cookie and Token information with a single line of command syntax.

 

The prerequisite needs to enable GUI admin access with HTTP, and HTTPS allowaccess services under network interface configuration in FortiADC.

  

To obtain cookie and token info, it is necessary to send an HTTP POST request to FortiADC.

  

Login FortiADC:

  • URL: /api/user/login.
  • HTTP Method: POST.
  • Data: username, password.

 

Example output: 

CURL command sends an HTTP request with user credentials and FortiADC response with a set of HTTP header and session information in JSON format.

curl-send-init-request.png

 

Example output after filter. only interested cookie and token information were extracted from crowded information. Furthermore, HTTP header key values were updated.

 

For more information about the required HTTP header, refer to the related documentation on page 6.

 

Set-Cookie -> Cookie.

Token -> Authorization: Bearer.

 

filter-output.png

 

 

curl -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{"username":"admin","password":"xxxxxxxx"}' -s -k -i https://10.47.36.171/api/user/login | grep 'token\|Cookie' | tr -d '[:space:]' | cut -d ';' -f 1,6 | cut -d ',' -f 1,10 | sed -e 's/Set-/"/' -e 's/;.*,/" /' -e 's/"token":"/"Authorization: Bearer /' -e 's/}//'

 

Note:

Provides command syntax was produced under a controlled environment. Thus, it is meant to serve as an example syntax for reference and not to be considered as a fully functional command syntax. Each environment setup may vary, verify with the staging environment before implementation.

 

Verification steps:

  • Check the HTTP request status.

 

It will indicate that the HTTP request is successful by receiving the HTTP 200 OK response code.

 

HTTP-200-ok.png

 

It will indicate that the HTTP request failed by receiving an HTTP 401 Unauthorized response code. It is suggested to check user credentials.

 

HTTP-401-Unauthorized.png

 

Related document:
REST API Programming Guide
Labels:
672
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.