Technical Tip: Use REST API Access FortiGate

ydong01 · ‎09-26-2019

Description
This article provides a basic guideline to use REST API access FortiGate.
Traditionally, SSH and WEBGUI access to FortiGate are used. However, FortiGate provides another interface, REST API, that is for programmer to develop other features such as DevOps and automation. It is simple and easy to use.

Useful link:
Fortinet documentation: For detailed documents and tools, join https://fndn.fortinet.net

Solution
FortiGate REST API:

1) How to login to FortiGate

# curl -k -i -X POST https://x.x.x.x/logincheck -d "username=yyy&secretkey=zzz" --dump-header headers.txt -c cookies.txt

x.x.x.x is FortiGate IP address
yyy is administrator name
zzz is administrator’s password

This will generate 2 files:

headers.txt: It contains all information about the authentication. This file will be needed for GET commands
cookies.txt: It contain the cookie generated for the authentication. This file will be needed for POST commands

2) How to GET static route

#curl -k -i -X GET https://x.x.x.x/api/v2/cmdb/router/static -b headers.txt

Result:

…
{
"http_method":"GET",
"revision":"3.0.0.9538334086034185130.1563241202",
"results":[
    {
      "q_origin_key":1,
      "seq-num":1,
      "status":"enable",
      "dst":"0.0.0.0 0.0.0.0",
      "src":"0.0.0.0 0.0.0.0",
      "gateway":"x.x.x.y",
      "distance":10,
      "weight":0,
      "priority":0,
      "device":"port1",
      "comment":"",
      "blackhole":"disable",
      "dynamic-gateway":"disable",
      "virtual-wan-link":"disable",
      "dstaddr":"",
      "internet-service":0,
      "internet-service-custom":"",
      "link-monitor-exempt":"disable",
      "vrf":0,
      "bfd":"disable"
    }
],
"vdom":"root",
"path":"router",
"name":"static",
"status":"success",
"http_status":200,
"serial":"FGVM……………",
"version":"v6.2.0",
"build":200
}

3) How to logout

#curl -k -i -X POST https://x.x.x.x/logout