Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nehorai
New Contributor

FortiSandbox API returns HTML instead of JSON

Hello,

I am trying to send http requst to the api, but I'm always get's HTML response and not JSON response.

I have the "FortiSandbox-JSON API Reference" Version 2.4.1

My username: admin

My password: Aa12345!

 

here the request:

 

POST / HTTP/1.1 Host: 10.1.1.170 Content-Type: application/json Accept: application/json Cache-Control: no-cache

{ "method": "exec", "params": [{ "url": "/sys/login/user", "data": [{ "user": "admin", "passwd": "Aa12345!" }] }], "id": 1, "ver": "2.0" }

 

in the response I'm always getting the html content of the login page, here full html content:

 

 

 

<!DOCTYPE html>

<html lang="en"> <head> <title>FortiSandbox - Please login</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="pragma" content="no-cache"> <link type="text/css" rel="stylesheet" href="/static/css/bootstrap.css"/> <link type="text/css" rel="stylesheet" href="/static/css/bootstrap-theme.min.css"/> <link type="text/css" rel="stylesheet" href="/static/css/font-awesome.min.css"/> <link type="text/css" rel="stylesheet" href="/static/css/misc/eModal.css"/>

<script language="javascript" type="text/javascript" src="/static/js/jquery/jquery-latest.min.js"></script> <script language="javascript"> $l= $.noConflict(true); jQueryLatest = $l; </script> <script src="/static/lib/bootstrap/js/bootstrap.js"></script> <script src="/static/lib/eModal/eModal.js"></script> <script src="/static/lib/lodash/lodash.js"></script>

<link href="/static/css/style.css" rel="stylesheet" type="text/css"> <link href="/static/css/login.css" rel="stylesheet" type="text/css"> <link href="/static/js/jquery-ui/css/smoothness/jquery-ui-1.10.0.custom.css" rel="stylesheet" type="text/css" /> <link rel="stylesheet" type="text/css" href="/static/css/fsa-style.css">

<!-- IE6-10 --> <link rel="shortcut icon" href="/static/images/favicon.ico">

<!-- Everybody else --> <link rel="icon" href="/static/images/favicon.ico"> <script type="text/javascript" src="/static/js/jquery/jquery.min.js?v="></script> <script type="text/javascript" src="/static/js/jquery-ui/js/jquery-1.9.0.js?v="></script> <script type="text/javascript" src="/static/js/jquery-ui/js/jquery-ui-1.10.0.custom.min.js?v="></script> <script type="text/javascript" src="/static/js/common.js"></script> <script language="JavaScript"> if (top.location != window.location) top.location.reload(); if (window.opener) { window.opener.top.location.reload(); self.close(); } </script> </head> <body> <table id="container"> <tr><td> <noscript> <div name="js_msg_txt" id="js_msg_txt">Warning: this page requires Javascript. To correctly view, please enable it in your browser and refresh.</div> </noscript> <div name="cookie_msg_txt" id="cookie_msg_txt" style="display:none;">Warning: this page requires Cookie. To correctly view, please enable it in your browser and refresh.</div> <form id="login_panel" action="/logincheck" method="post" name="login" autocomplete="off" class='disabled'><div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='0dd02eed05e0a3aa4ff4703ab9399f04' /></div> <div id='topbar'> <i class="ftnt-fortinet-grid" id="login-logo"></i> <span>FortiSandbox</span></div> <div name="err_msg_txt" id="err_msg_txt" class="error-msg hidden">

</div> <input type="text" name="username" id="username" maxlength="35" placeholder='Username' > <input type='password' name="password" id="password" placeholder='Password' autocomplete="off"> <input type="hidden" name="next" value="/sys/login/user"> <input name="login_button" id="login_button" type="submit" value="Login" disabled='disabled'> </form> </td></tr> </table>

<div class="modal fade" id="disclaimer" role="dialog"> <div class="modal-dialog">

<!-- Modal content--> <div class="modal-content"> <div class="modal-header"> <i class="fa fa-exclamation-triangle"></i> <span class="modal-title">Login Disclaimer</span> </div> <div class="modal-body"> <p>PREWARNINGWARNINGWARNINGWARNING<br />This is a private computer system. Unauthorized access or use is prohibited and subject to prosecution and/or disciplinary action. All use of this system constitutes consent to monitoring at all times and users are not entitled to any expectation of privacy. If monitoring reveals possible evidence of violation of criminal statutes, this evidence and any other related information, including identification information about the user, may be provided to law enforcement officials. If monitoring reveals violations of security regulations or unauthorized use, employees who violate security regulations or make unauthorized use of this system are subject to appropriate disciplinary action.<br />PREWARNINGWARNINGWARNINGWARNING</p> </div> <div class="modal-footer"> <button id="accept_button" data-dismiss="modal"> <i class="fa fa-check"></i> <span> Accept </span> </button> </div> </div>

</div> </div>

<script type="text/javascript"> $(document).ready(function(){ $.ajax ({ type: "GET", url: location.origin + '/rdp/', username: 'wsadmin', password: 'wrongpassword', });

if (1 > 1) $('.error-msg').removeClass('hidden'); })

$('#login_button').click(function(){ $(this).addClass('pressed'); });

var my_xmlhttp=null; var buf_request_in_progress=false; var elm_username=document.getElementById("username"); var elm_password=document.getElementById("password"); var elm_twofactor=document.getElementById("auth_two_factor"); var elm_button=document.getElementById("login_button");

function disable_input(){ elm_username.disabled=true; elm_password.disabled=true; elm_button.disabled=true; } function reenable_input(){ var two_factor_auth=(!!document.getElementById("auth_two_factor")); elm_username.disabled=false; elm_password.disabled=false; elm_button.disabled=false; elm_username.blur(); if(two_factor_auth) elm_password.focus(); else elm_username.focus(); } function login_get_cmd_kbd_event(evt_p){ if(evt_p) return evt_p; evt=window.event; if(evt) return evt;return null; } function login_crack_kbd_event(evt){ if(evt.which) return evt.which; else if(evt.keyCode) return evt.keyCode; else if(evt.charCode) return evt.charCode; return 0; } function key_pressdown(evt_p){ try{ var evt=login_get_cmd_kbd_event(evt_p); if(evt==null) return; var key_code=login_crack_kbd_event(evt); if(key_code==0)return; if(key_code==13) { if($('#disclaimer').hasClass('in')) $('#accept_button').click(); else $('#login_button').click(); return false; } }catch(e){} return true; }

function clear_input(){ var two_factor_auth=(!!document.getElementById("auth_two_factor")); if(!two_factor_auth) elm_username.value=""; elm_password.value=""; }

function do_init(){ // for IE8, and other morden browser; document.onreadystatechange = function() { if (document.readyState === 'complete') { // DOM is ready!

if ( areCookiesEnabled()) {

document.onkeydown = key_pressdown; // document.getElementById("js_msg_txt").style.display = "none"; document.getElementById("password").disabled = false; document.getElementById("username").disabled = false; document.getElementById("login_button").disabled = false; document.forms[0].username.focus(); document.forms[0].className = ""; } else{ document.getElementById("cookie_msg_txt").style.display = "block"; }

delCookie("fsuis"); $('#username').focus();

} };

// for Firefox 3.6 if (areCookiesEnabled()) { document.onkeydown = key_pressdown; // document.getElementById("js_msg_txt").style.display = "none"; document.getElementById("password").disabled = false; document.getElementById("username").disabled = false; document.getElementById("login_button").disabled = false; document.forms[0].username.focus(); document.forms[0].className = ""; } else{ document.getElementById("cookie_msg_txt").style.display = "block"; }

delCookie("fsuis"); $('#username').focus(); document.getElementById("username").setAttribute( "autocomplete", "off" ); document.getElementById("password").setAttribute( "autocomplete", "off" ); }

do_init();

</script> </body> </html>

 

 

 What am I missing?

 

 

2 REPLIES 2
Nehorai
New Contributor

I have found my mistake, only need to add /jsonrpc to the suffix of the url

treven
New Contributor II

Does this still work for you? I know this was like 5 years ago but i was having a similar issue however, now I am getting back a code 10 Invalid Request I feel it has something to with this the sys/login/user or path parameters.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors