Help
FortiSandbox
FortiSandbox provides a solution to protect against advanced threats and ransomware for companies who don’t want to implement and maintain a sandbox environment on their own.
Ted
Staff
Staff

Created on ‎09-22-2025 01:49 AM Edited on ‎10-23-2025 04:04 AM By Community Manager

Article Id 411553

Technical Tip: Submitting a scan file to FortiSandbox via cURL

Description

This article explains how to upload a scan file smaller than 20 MB to FortiSandbox using cURL.

FortiSandbox allows files to be submitted via its API for analysis. When the scan file size is under 20 MB, the API client can submit the file without using a multi-part HTTP body. Instead, the file can be loaded and transmitted in BASE64-encoded format.
Scope FortiSandbox.
Solution

To submit a file using cURL, Postman, or Python’s requests library, construct a request body similar to the following JSON object:

 

data = {

"file": <base64 encoded file>,
"filename": <base64 encoded file name>,
"skip_steps": "<skip_steps>",
"url": "/alert/ondemand/submit-file",
"type": "file",
"server_type": "",
"depth": "1",
"skip_steps": "",
"overwrite_vm_list": "",
"malpkg": 0,
"vrecord": "0",
"forcedvm": 0,
"enable_ai": 0,
"archive_password": "",
"timeout": "3600",
"session": <api_token>

}

 

To fill up 'file' and 'filename' values, respectively, in the payload:

  • Encodes the file's contents in Base64.


base64 <file name>

 

  • Encodes the text of the file name, not the file contents.


echo "<file name>" | base64

 

fsa1.png

 

cURL commands:

  1. File submission:


curl -k -X POST https://<FSA IP>:<port>/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'"-d '{"method": "set", "params": [{"file": "<base64 encoded file>","filename": "<base64 encoded file name>","skip_steps": "2","url": "/alert/ondemand/submit-file","type": "file","overwrite_vm_list": "","archive_password": "","malpkg": 0,"timeout": "3600","vrecord": "0","enable_ai": 0,"forcedvm": 0,"browser": 0}],"session": "<session key>","id": "11","version": "4.2.4"}'

 

  1. Retrieving job IDs for the submission ID:


curl -k -X POST https://<FSA IP>:<port>/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "get","params": [{"url": "/scan/result/get-jobs-of-submission","sid": "<submission ID>"}],"session": "<session key>","id": "17","version": "4.2.4"}'

  1. Retrieving job verdict detail for the job ID:

 

curl -k -X POST https://<FSA IP>:<port>/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "get","params": [{"url": "/scan/result/job","jid": "<job ID>"}], "session": "<session key>","id": "17","version": "4.2.4"}'

 

Examples:

 

94100bb5-3e99-4e38-970f-121b227e4c70.png

 

  1. File Submission:

curl -k -X POST https://192.168.11.90:443/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "set", "params": [{"file": "VGhpcyBmaWxlIHJlcXVpcmVkIHRvIEZTQSBzY2FuLgo=","filename": "c2Nhbl9maWxlLnR4dAo=","skip_steps": "2","url": "/alert/ondemand/submit-file","type": "file","overwrite_vm_list": "","archive_password": "","malpkg": 0,"timeout": "3600","vrecord": "0","enable_ai": 0,"forcedvm": 0,"browser": 0}],"session": "46659de96e059df78b04086f111765c2","id": "11","version": "4.2.4"}'

{"id": 11, "result": {"url": "/alert/ondemand/submit-file", "status": {"code": 0, "message": "OK"}, "data": {"msg": "File was submitted successfully", "error": "", "sid": "7872904740695026069"}}}

  1.  
  2. A Job ID for the Submission ID:

    curl -k -X POST https://192.168.11.90:443/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "get","params": [{"url": "/scan/result/get-jobs-of-submission","sid": "7872904740695026069"}],"session": "46659de96e059df78b04086f111765c2","id": "17","version": "4.2.4"}'

    {"id": 17, "result": {"url": "/scan/result/get-jobs-of-submission", "status": {"code": 0, "message": "OK"}, "data": {"jids": ["7872904758223138269"], "total_jids": 1}}}

  3. A verdict for the Job ID:

curl -k -X POST https://192.168.11.90:443/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "get","params": [{"url": "/scan/result/job","jid": "7872904758223138269"}],"session": "46659de96e059df78b04086f111765c2","id": "17","version": "4.2.4"}'

 

{"id": 17, "result": {"url": "/scan/result/job", "status": {"code": 0, "message": "OK"}, "data": {"jid": "7872904758223138269", "start_ts": 1758263371, "finish_ts": 1758263372, "untrusted": 0, "now": 1758263478, "rating": "Clean", "score": 0, "sha256": "1c465713d565ab3bca635ff4f3f8858b0366074126e1c0c46a8f1b1c6aab5fa8", "sha1": "1f4bd293cc4d7389d9dd88d0fe19578adb6f0f01", "malware_name": "N/A", "vid": 0, "infected_os": "", "detection_os": "", "rating_source": "Static Scan Engine", "category": "NotApplicable", "detail_url": "https://192.168.11.90/job-detail/?sid=7872904740695026069&jid=7872904758223138269&req_type=file-csea...", "download_url": "c2Nhbl9maWxlLnR4dAo=", "false_positive_negative": 0}}}
183
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.