Example commands

This section contains various example commands that you may encounter.

Admin login with PKI certificate-based authentication

curl -v -c cookie.txt --cert test.pem --key test.key --cacert CA.cer -X POST -k https://ip_or_host/api/v1/AdminLogin

If login is successful, the cookies will be saved to cookie.txt, which will be used in below commands.

Admin login with password-based authentication

curl -v -H "Content-Type: application/json" -X POST -d '{"name":"admin","password":"*****"}' https://ip_or_host/api/v1/AdminLogin -c cookie.txt

If login is successful, the cookies will be saved to cookie.txt, which will be used in below commands.

If "post_login_banner:true" is present in the json response, issue the second request as below, and use newcookie.txt, instead of cookie.txt, in below commands.

curl -k -v --cookie aaaa.txt -H "Content-Type: application/json" -X POST -d '{"name": "admin", "password": "*****", "reqAction":7}' https://ip_or_host/api/v1/AdminLogin [^] -c newcookie.txt

To get domain information

If you log in to FortiMail with a PKI certificate, you must use both the cookie and certificate together to run the command sessions. If you log in with user name and password, you only need to use the cookie to run the command sessions. For example:

To get domain information with password-based authentication

curl -k -v --cookie cookie.txt https://ip_or_host/api/v1/Domain

To get domain information with certificate-based authentication

curl -k -v --cookie cookie.txt --cacert CA.cer https://ip_or_host/api/v1/Domain

To create a domain association

curl -v -H "Content-Type: application/json" -X POST -k -d '{"domain":"example.com"}' -b cookie.txt http://ip_or_host/api/v1/MailSetDomainAssociation/example_domain_association.cn

Access control rule management

Supported values for 'action' attribute of ACL. If not set, the default action is reject:

1: safe-relay

2: relay

3: reject

4: discard

5: safe

Supported values for 'recipient-pattern-type' and 'sender-pattern-type' attributes of ACL:

0: default / wild-card

1: regular expression

2: email group

3: ldap group

Supported values for 'authenticated' attribute of ACL:

0: any

1: authenticated

2: not-authenticated

Supported values for 'sender-ip-type' attribute of ACL:

0: ip mask

1: ip group

Supported values for 'sortingDirection' attribute of applicable JSON requests (i.e. ACL rule):

1: enabled/sorting

2: disabled/no sorting

Supported values for 'reqAction' attribute of all JSON requests:

1: GET

2: CREATE

3: DELETE

5: UPDATET

14: MOVE

If reqAction is present in JSON, it takes precedence over HTTP method header (i.e. HTTP GET/POST/PUT/DELETE).

List access control rules

To list ACL rules in original order:

curl -v -b cookie.txt -v -H "Content-Type: application/json" -X PUT -d '{"reqAction":1,"sortingDirection":2}' http://ip_or_host/api/v1/MailSetAccessRule

To list ACL rules in descending order:

curl -v -b cookie.txt -v -H "Content-Type: application/json" -X PUT -d '{"reqAction":1,"sortingDirection":1}' http://ip_or_host/api/v1/MailSetAccessRule

Create a new access control rule

curl -v -H "Content-Type: application/json" -X POST -d '{"status":true,"sender_pattern":"*@example.com","sender_ip_mask":"192.168. 1.1/32", "action":2}' -b cookie.txt http://ip_or_host/api/v1/MailSetAccessRule/0 --No mkey is required

Modify an existing access control rule

curl -v -H "Content-Type: application/json" -X PUT -d '{"action":3}' -b cookie.txt http://ip_or_host/api/v1/MailSetAccessRule/1 --"1" is the mkey --Set access rule "1" action to “Reject”

Delete an existing access control rule

curl -v -H "Content-Type: application/json" -X DELETE -b cookie.txt http://ip_or_host/api/v1/MailSetAccessRule/3 --Delete Access Control Rule "3"

Move existing access control rule

You can move a rule up one place, down one place, before another rule, or after another rule. To move a rule to the top or bottom, you can find the first. or last rule ID (mkey) and move the rule before the first rule or after the last rule.

reqAction: 14 -- required, only one value: 14 means to move

moveAction : up -- required, 4 values: up/down/before/after

mmkey: 3 – required, ID of the ACL rule to be moved

refMkey: 2 – required, reference ID of the ACL rule when moving before/after this ID

To move rule"3" up one place:

curl -v -H "Content-Type: application/json" -X PUT -d '{"reqAction":"14","mmkey":3,"moveAction":"up"}' -b cookie.txt http://ip_or_host/api/v1/MailSetAccessRule

To move rule "3" after rule "2":

curl -v -H "Content-Type: application/json" -X PUT -d '{"reqAction":"14","mmkey":3,"moveAction":"after",”refMkey”:2}' -b cookie.txt http://ip_or_host/api/v1/MailSetAccessRule

Safelist/blocklist management

To get the system level safelist:

curl -v -b cookie -H "Content-Type: application/json" -X POST -d '{"reqAction":"1","extraParam":"safelist"}' http://IP_Host/api/v1/SenderListV2/system/

To create a new system level safelist entry:

curl -v -b cookie -H "Content-Type: application/json" -X POST -d '{"extraParam":"safelist", "listitems":"ip_or_email"}' http://IP_Host/api/v1/SenderListV2/system/

To create a system level safelist entry with a comment:

curl -v -k -b cookie -H "Content-Type: application/json" -X POST -d '{"extraParam":"safelist", "listitems":"*@test.com:This is a test comment"}' https://ip_or_hostname/api/v1/SenderListV2/system/

To delete a system level safelist entry:

curl -v -b cookie -H "Content-Type: application/json" -X POST -d '{"reqAction": 3, "extraParam":"safelist", "listitems":"ip_or_email"}' http://IP_Host/api/v1/SenderListV2/system/