This article describes how to use the JSON API calls under Linux/Gnu using the cURL command line tool and how to get, delete, create a user, and the possible options to use to filter using fields or specific usernames and the output difference.
At the end of the article are shown some common errors.
Understand the JSON API calls used under the FortiManager.
Note.
There is an attached text file that contains the full JSON API calls and the simplified version used in the article.
Be aware that these examples could be implemented by other programs or programming languages.
The related articles and their links are at the bottom of the page.
It is possible to use already prepared requests from the Postman.
It is possible to copy a directly generated cURL command line as shown below.
Start with a login to the remote FortiManager:
To receive the output parsed, it is possible to use the 'jq' (apt install jq – for Debian users).
Then to view only the session, it is possible to use the 'grep'. Like '| grep session'.
To save the output directly as a file, use the cURL option -o the_name.
curl -k --location --request POST 'https://10.109.54.6/jsonrpc' \
--header 'Content-Type: application/json' \
--data-raw '{
"method": "exec",
"params": [
{
"data": {
"passwd": "",
"user": "admin"
},
"url": "/sys/login/user"
}
],
"session": "string",
"id": 1
}' | jq "."
To get the current users and their profiles, use the cURL to get the data that was desired and to grep through the output.
curl -k --location --request POST 'https://10.109.54.6/jsonrpc' \
--header 'Content-Type: application/json' \
--data-raw '{
"method": "get",
"params": [
{
"url": "/cli/global/system/admin/user "
}
],
"session": "QTnToxshxQXrog+lxbMEFkViZkvRuYAE+6K/YMNrNKytZaj/KzpL2TW0mPCAPFjTp+puVBagII04PMw5atBMtg==",
"id": 1
}' | jq "." | grep -e userid -e profileid
To get only specific user data, it is possible to specify a username. Additionally, it is possible to use the 'fields' option. This option will reduce the output fields.
{
"method": "get",
"params": [
{
"fields":
[
"userid"
],
"url": "/cli/global/system/admin/user/admin"
}
],
"session": "{{session}}",
"id": 1
}
If the output is compared with and without the fields for the user admin, it is possible to observe that with the first option, it will show 162 lines and without it, 254 lines of output are obtained.
Note: Due to reduced output when the filter is used, the field 'profiled' would be missing!
Now, delete a user.
curl -k --location --request POST 'https://10.109.54.6/jsonrpc' \
--header 'Content-Type: application/json' \
--data-raw '{
"method": "delete",
"params": [
{
"url": "/cli/global/system/admin/user/novosco"
}
],
"session": "string",
"id": 1
}' | jq "."
Create a new user.
curl -k --location --request POST 'https://10.109.54.6/jsonrpc' \
--header 'Content-Type: application/json' \
--data-raw '{
"method": "add",
"params": [
{
"data": [
{
"adom": [
{
"adom-name": "all_adoms"
}
],
"change-password": "enable",
"profileid": "Super_user",
"userid": "novosco"
}
],
"url": "/cli/global/system/admin/user"
}
],
"session": "QTnToxshxQXrog+lxbMEFkViZkvRuYAE+6K/YMNrNKytZaj/KzpL2TW0mPCAPFjTp+puVBagII04PMw5atBMtg==",
"id": 1
}' | jq "."
Common errors:
curl: (60) SSL certificate problem: self-signed certificate
More details are available in this document.
When the self-signed certificate is used, add to the cURL the following: --k /--insecure.
Do not reuse a session ID generated on another device as a permission denied error will be shown.
{ "status": { "code": -11, "message": "No permission for the resource" }
This error may be observed when the URL is not correct. In this case, it should be:
"url": "/cli/global/system/admin/user”
Related articles:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.