Connecting to the REST API
Container FortiOS provides a REST API for configuration and monitoring operations. The API is similar to the FortiOS API.
The API is accessible by default on port 443 at any of the container interfaces. If configured to require a token, all requests must include the API token.
For example, the following examples get the antivirus settings:
curl -H "Authorization: Bearer rkMJd3SdLhb8UFBan987CnIrmPBLfaIj" https://localhost/api/v2/cmdb/antivirus/settings
curl https://localhost/api/v2/cmdb/antivirus/settings?access_token=rkMJd3SdLhb8UFBan987CnIrmPBLfaIj
|
Due to the architecture of Kubernetes, the REST API should not be used with Kubernetes deployments. Configuration should be deployed using |
For full details on the available API actions, see the Container FortiOS REST API documentation on FNDN.
Configuring the REST API access port
You may configure HTTP and HTTPS access to the API. By default, HTTP access is disabled.
To configure the REST API HTTP access port:
In the Container FortiOS CLI, run the following command to enable access on port 80:
config system global
set admin-port 80
To configure the REST API HTTPS access port:
In the Container FortiOS CLI, run the following command to enable access on port 443:
config system global
set admin-sport 443
To disable REST API access:
Disable REST API access for HTTP or HTTPS by setting admin-port and admin-sport, respectively, to 0.
API token authentication
By default, an API access token is not needed.
To enable access token authentication, create at least one API user and generate a token.
After an API user has been created, each REST API request requires an API token for authentication.
To create an API user:
In the Container FortiOS CLI, run the following command:
config system api-user
edit "api-user-1"
end
To generate an API token:
In the Container FortiOS CLI, run the following command:
exec api-user generate-key api-user-1
Copy and save the API key as it is only shown once and cannot be retrieved.