Created on 08-08-2019 12:07 AM Edited on 12-16-2021 02:39 AM By Anonymous
Description
This KB describes the REST API.
Solution
The REST API can be used to retrieve, create, update and delete configuration settings, to retrieve system logs and statistics, and to perform basic administrative actions such as reboot and shut down through programming script.
There are two ways that user can authenticate against the API :
-Session-based authentication
-Token-based authentication
1) Session-based authentication
The authentication is valid per login session. The user needs to send a login request to obtain authentication cookie and CSRF token to be used for subsequent requests. The user then needs to send a logout request to invalidate the authentication cookie and CSRF token.
The CSRF token is available in the session csrftoken cookie, which must be included in the request header under X-CSRFTOKEN.
Note: The HTTP (POST/PUT/DELETE) method require CSRF tokens. Read requests HTTP (GET) do not require CSRF tokens.
How to get CSRF token from the fortigate firewall:
HTTP POST Request:
Fortigate-IP/logincheck username=AdminUser&secretkey=AdminPassword&ajax=1
HTTP Response:
The fortigate will respond back with 3 cookies variable APSCOOKIE_9538334086037707851, ccsrftoken and ccsrftoken_9538334086037707851.
Example: In each HTTP request, the client must send the X-CSRFTOKEN in header.
2) Token-based authentication
The authentication is done via a single API token. This token is only generated when creating an API admin. The user must store this token in a safe place because it cannot be retrieved again. The user can however regenerate the token at any time. Each API request must include the token in order to be authenticated as the associated API admin
Create API admin:
HTTP GET Request through access-token:
http://<Fortigate-IP>/api/v2/cmdb/firewall/address?access_token=<access-token>
Sample output:Supported HTTP methods:
The FortiOS REST APIs support the following HTTP methods:
HTTP Method
Description
GET
Retrieve a resource or collection of resources.
POST
Create a resource or execute actions.
PUT
Update a resource.
DELETE
Delete a resource or collection of resources.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.