Hello,

I am trying to send http requst to the api, but I'm always get's HTML response and not JSON response.

I have the "FortiSandbox-JSON API Reference" Version 2.4.1

My username: admin

My password: Aa12345!

here the request:

POST / HTTP/1.1 Host: 10.1.1.170 Content-Type: application/json Accept: application/json Cache-Control: no-cache

{ "method": "exec", "params": [{ "url": "/sys/login/user", "data": [{ "user": "admin", "passwd": "Aa12345!" }] }], "id": 1, "ver": "2.0" }

in the response I'm always getting the html content of the login page, here full html content:

<!DOCTYPE html>

<html lang="en"> <head> <title>FortiSandbox - Please login</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="pragma" content="no-cache"> <link type="text/css" rel="stylesheet" href="/static/css/bootstrap.css"/> <link type="text/css" rel="stylesheet" href="/static/css/bootstrap-theme.min.css"/> <link type="text/css" rel="stylesheet" href="/static/css/font-awesome.min.css"/> <link type="text/css" rel="stylesheet" href="/static/css/misc/eModal.css"/>

<script language="javascript" type="text/javascript" src="/static/js/jquery/jquery-latest.min.js"></script> <script language="javascript"> $l= $.noConflict(true); jQueryLatest = $l; </script> <script src="/static/lib/bootstrap/js/bootstrap.js"></script> <script src="/static/lib/eModal/eModal.js"></script> <script src="/static/lib/lodash/lodash.js"></script>

<link href="/static/css/style.css" rel="stylesheet" type="text/css"> <link href="/static/css/login.css" rel="stylesheet" type="text/css"> <link href="/static/js/jquery-ui/css/smoothness/jquery-ui-1.10.0.custom.css" rel="stylesheet" type="text/css" /> <link rel="stylesheet" type="text/css" href="/static/css/fsa-style.css">

<!-- IE6-10 --> <link rel="shortcut icon" href="/static/images/favicon.ico">

<!-- Everybody else --> <link rel="icon" href="/static/images/favicon.ico"> <script type="text/javascript" src="/static/js/jquery/jquery.min.js?v="></script> <script type="text/javascript" src="/static/js/jquery-ui/js/jquery-1.9.0.js?v="></script> <script type="text/javascript" src="/static/js/jquery-ui/js/jquery-ui-1.10.0.custom.min.js?v="></script> <script type="text/javascript" src="/static/js/common.js"></script> <script language="JavaScript"> if (top.location != window.location) top.location.reload(); if (window.opener) { window.opener.top.location.reload(); self.close(); } </script> </head> <body> <table id="container"> <tr><td> <noscript> <div name="js_msg_txt" id="js_msg_txt">Warning: this page requires Javascript. To correctly view, please enable it in your browser and refresh.</div> </noscript> <div name="cookie_msg_txt" id="cookie_msg_txt" style="display:none;">Warning: this page requires Cookie. To correctly view, please enable it in your browser and refresh.</div> <form id="login_panel" action="/logincheck" method="post" name="login" autocomplete="off" class='disabled'><div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='0dd02eed05e0a3aa4ff4703ab9399f04' /></div> <div id='topbar'> <i class="ftnt-fortinet-grid" id="login-logo"></i> <span>FortiSandbox</span></div> <div name="err_msg_txt" id="err_msg_txt" class="error-msg hidden">

</div> <input type="text" name="username" id="username" maxlength="35" placeholder='Username' > <input type='password' name="password" id="password" placeholder='Password' autocomplete="off"> <input type="hidden" name="next" value="/sys/login/user"> <input name="login_button" id="login_button" type="submit" value="Login" disabled='disabled'> </form> </td></tr> </table>

<div class="modal fade" id="disclaimer" role="dialog"> <div class="modal-dialog">

<!-- Modal content--> <div class="modal-content"> <div class="modal-header"> <i class="fa fa-exclamation-triangle"></i> <span class="modal-title">Login Disclaimer</span> </div> <div class="modal-body"> <p>PREWARNINGWARNINGWARNINGWARNING<br />This is a private computer system. Unauthorized access or use is prohibited and subject to prosecution and/or disciplinary action. All use of this system constitutes consent to monitoring at all times and users are not entitled to any expectation of privacy. If monitoring reveals possible evidence of violation of criminal statutes, this evidence and any other related information, including identification information about the user, may be provided to law enforcement officials. If monitoring reveals violations of security regulations or unauthorized use, employees who violate security regulations or make unauthorized use of this system are subject to appropriate disciplinary action.<br />PREWARNINGWARNINGWARNINGWARNING</p> </div> <div class="modal-footer"> <button id="accept_button" data-dismiss="modal"> <i class="fa fa-check"></i> <span> Accept </span> </button> </div> </div>

</div> </div>

<script type="text/javascript"> $(document).ready(function(){ $.ajax ({ type: "GET", url: location.origin + '/rdp/', username: 'wsadmin', password: 'wrongpassword', });

if (1 > 1) $('.error-msg').removeClass('hidden'); })

$('#login_button').click(function(){ $(this).addClass('pressed'); });

var my_xmlhttp=null; var buf_request_in_progress=false; var elm_username=document.getElementById("username"); var elm_password=document.getElementById("password"); var elm_twofactor=document.getElementById("auth_two_factor"); var elm_button=document.getElementById("login_button");

function disable_input(){ elm_username.disabled=true; elm_password.disabled=true; elm_button.disabled=true; } function reenable_input(){ var two_factor_auth=(!!document.getElementById("auth_two_factor")); elm_username.disabled=false; elm_password.disabled=false; elm_button.disabled=false; elm_username.blur(); if(two_factor_auth) elm_password.focus(); else elm_username.focus(); } function login_get_cmd_kbd_event(evt_p){ if(evt_p) return evt_p; evt=window.event; if(evt) return evt;return null; } function login_crack_kbd_event(evt){ if(evt.which) return evt.which; else if(evt.keyCode) return evt.keyCode; else if(evt.charCode) return evt.charCode; return 0; } function key_pressdown(evt_p){ try{ var evt=login_get_cmd_kbd_event(evt_p); if(evt==null) return; var key_code=login_crack_kbd_event(evt); if(key_code==0)return; if(key_code==13) { if($('#disclaimer').hasClass('in')) $('#accept_button').click(); else $('#login_button').click(); return false; } }catch(e){} return true; }

function clear_input(){ var two_factor_auth=(!!document.getElementById("auth_two_factor")); if(!two_factor_auth) elm_username.value=""; elm_password.value=""; }

function do_init(){ // for IE8, and other morden browser; document.onreadystatechange = function() { if (document.readyState === 'complete') { // DOM is ready!

if ( areCookiesEnabled()) {

document.onkeydown = key_pressdown; // document.getElementById("js_msg_txt").style.display = "none"; document.getElementById("password").disabled = false; document.getElementById("username").disabled = false; document.getElementById("login_button").disabled = false; document.forms[0].username.focus(); document.forms[0].className = ""; } else{ document.getElementById("cookie_msg_txt").style.display = "block"; }

delCookie("fsuis"); $('#username').focus();

} };

// for Firefox 3.6 if (areCookiesEnabled()) { document.onkeydown = key_pressdown; // document.getElementById("js_msg_txt").style.display = "none"; document.getElementById("password").disabled = false; document.getElementById("username").disabled = false; document.getElementById("login_button").disabled = false; document.forms[0].username.focus(); document.forms[0].className = ""; } else{ document.getElementById("cookie_msg_txt").style.display = "block"; }

delCookie("fsuis"); $('#username').focus(); document.getElementById("username").setAttribute( "autocomplete", "off" ); document.getElementById("password").setAttribute( "autocomplete", "off" ); }

do_init();

</script> </body> </html>

 What am I missing?