|
To enable the Rest API, review the KB article Technical Tip: Enable FortiAuthenticator Rest API or the guide Initializing-the-rest-api.
The endpoint is used to back up and restore the FortiAuthenticator configuration file.
Backup example commands:
> curl -k -X GET https://<Fortiauthenticator_IP>/api/v1/recovery/ -H 'Content-Type:application/json' -u "admin:zbBHrtKdCYRVccoZxpDDN6wh3VCuafwshtPKmJlM" --output backupdb.conf
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 943k 100 943k 0 0 648k 0 0:00:01 0:00:01 --:--:-- 648k
> echo $?
0
It is possible to see that the file is downloaded:
> ls -l | grep backup*.conf
-rwxrwxrwx 1 nino nino 820091 Jan 12 17:34 backupdb.conf
Note:
If the password is wrong (password=API Web Service Access Key) FortiAuthenticator rejects the user and there is no error shown in the logs. Keep in mind that curl here also will not return an error if the server returns an authentication error. This is a measure to make brute-force attacks harder.
For the password, do not use the password of the admin user, but the 'API Web Service Access Key', which is typically a large string, generated once on the admin user settings.
Example:
> curl -k -X GET https://<Fortiauthenticator_IP>/api/v1/recovery/ -H 'Content-Type:application/json' -u "admin:zbBHrtKdCYRVccoZ" --output backupdb.conf
> echo $?
0
The 'echo' output shows the previous commands' error code. 0 means there was no error returned from the command, despite this staged attempt having an incorrect password.
Restore example commands:
> curl -k -X POST https://<Fortiauthenticator_IP>/api/v1/recovery/ -H 'content-type: multipart/form-data' -u "admin:zbBHrtKdCYRVccoZxpDDN6wh3VCuafwshtPKmJlM" -F 'file=@backupdb.conf'
System configuration restore process has been started. FortiAuthenticator will be restarted to apply the new configuration
Related document:
Rest API backup-and-restore-recovery
|
