Description
This article provides a basic guideline for using REST API access FortiGate.
Traditionally, SSH and WEBGUI access to FortiGate are used. However, FortiGate provides another interface, REST API, that is for programmer to develop other features such as DevOps and automation. It is simple and easy to use.
Related document:
Fortinet documentation: For detailed documents and tools, join https://fndn.fortinet.net
Scope
FortiGate.
Solution
FortiGate REST API:
How to login to FortiGate
# curl -k -i -X POST https://x.x.x.x/logincheck -d "username=yyy&secretkey=zzz" --dump-header headers.txt -c cookies.txt
x.x.x.x <----- The FortiGate IP address.
yyy <----- Administrator's name.
zzz <----- Administrator’s password.
This will generate 2 files:
headers.txt: It contains all the information about the authentication. This file will be needed for GET commands.
cookies.txt: It contains the cookie generated for the authentication. This file will be needed for POST commands.
Note:
If the API call to FortiGate-IP is failing, verify that the port to which the API call is made has https enabled under 'set allowaccess' for that port.
How to GET static route:
#curl -k -i -X GET https://x.x.x.x/api/v2/cmdb/router/static -b headers.txt
Result:
…
{
"http_method":"GET",
"revision":"3.0.0.9538334086034185130.1563241202",
"results":[
{
"q_origin_key":1,
"seq-num":1,
"status":"enable",
"dst":"0.0.0.0 0.0.0.0",
"src":"0.0.0.0 0.0.0.0",
"gateway":"x.x.x.y",
"distance":10,
"weight":0,
"priority":0,
"device":"port1",
"comment":"",
"blackhole":"disable",
"dynamic-gateway":"disable",
"virtual-wan-link":"disable",
"dstaddr":"",
"internet-service":0,
"internet-service-custom":"",
"link-monitor-exempt":"disable",
"vrf":0,
"bfd":"disable"
}
],
"vdom":"root",
"path":"router",
"name":"static",
"status":"success",
"http_status":200,
"serial":"FGVM……………",
"version":"v6.2.0",
"build":200
}
How to logout
#curl -k -i -X POST https://x.x.x.x/logout
