Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    REST API Reference

    Home FortiRecorder 7.2.6 REST API Reference
    7.2.6
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.0
    6.4.0

    Authentication

    Authentication

    Before you use other REST API URLs, you must make an HTTP POST request to log in at the authentication URL.

    HTTP Methods

    • POST

    URL 
    https://HOST_OR_IP/api/v1/AdminLogin/
    Request JSON 
    {
    "name": "YOUR_ACCOUNT",
    "password": "YOUR_PASSWORD"
}

    Use an account name that is allowed to use REST API access, and has permissions for the URLs that you will use. If the account does not have the required permissions, then it is indicated by the HTTP response code and body.

    If the login succeeds, then the response contains a header with:

    Set-Cookie: APSCOOKIE_...

    Save and include this cookie value as a header in later REST API requests. This associates the requests with the existing authentication session.

    Idle authentication sessions time out. See the idle timeout in the FortiRecorder Administration Guide. To continue using the REST API, authenticate again.

    For example, to log in, you could open the command prompt on your computer and enter a curl command:

    curl -H "Content-Type: application/json" -X POST -d "{\"name\":\"YOUR_ACCOUNT\",\"password\":\"YOUR_PASSWORD\"}" https://HOST_OR_IP/api/v1/AdminLogin -c cookie.txt

    and then subsequent commands would include (-b) and possibly also update (-c) the session cookie file:

    curl -X GET -b cookie.txt -c cookie.txt https://HOST_OR_IP/api/v1/SysStatusSysinfo
    Tooltip

    Do not save passwords in unencrypted files, including the CLI history log. Unencrypted credentials at rest are a security risk. If an attacker or virus compromises your computer, it could allow unauthorized persons to access your FortiRecorder system. Use a key management system, such as Vault in Postman, to securely store credentials.
    Tooltip

    On Microsoft Windows with Command Prompt, inside the JSON data, you must put a backslash before each double straight quote ( \" ). For example (highlighted in bold):

    -d "{\"name\":\"admin\"}"

    Alternatively, you can input a JSON stream from another command.

    URLs with parameters may also require double quotes around them.

    If you do not, then the command line may interpret each JSON attribute as CLI commands or arguments, resulting in various error messages depending on the sequential order of arguments and attributes.

    Reserved characters and escape sequences vary by operating system and command line environment; Linux and Mac terminals often do not require this, and Microsoft PowerShell uses different escape sequences.
    Tooltip

    If you have either:

    • private certificate authority (CA) servers

    • FortiRecorder with a factory or self-signed certificate

    then authentication of all HTTPS requests might fail with certificate errors.

    Trust the FortiRecorder certificate or its signing CA. Do not use insecure (-k) connections as a workaround.

    For example, you could use certutil on the Windows command line:

    .\certutil.exe -addstore -f "Root" "C:\Users\YOUR_USERNAME\Downloads\FORTIRECORDER_CA_CHAIN.pem"

    and then use that root CA trust store with curl --ca-native commands.

    Secure HTTPS requests should fail if the FortiRecorder X.509 certificate is:

    • fake (name is wrong, or is not supported by the SNI extension)

    • not valid at the current time/date

    • not allowed for this usage

    • not signed, directly or indirectly, by a CA that your computer trusts, such as for factory or self-signed certificates

    See also how to use certificates in the FortiRecorder Administration Guide.

    Previous
    Next

    Authentication

    Authentication

    Before you use other REST API URLs, you must make an HTTP POST request to log in at the authentication URL.

    HTTP Methods

    • POST

    URL 
    https://HOST_OR_IP/api/v1/AdminLogin/
    Request JSON 
    {
    "name": "YOUR_ACCOUNT",
    "password": "YOUR_PASSWORD"
}

    Use an account name that is allowed to use REST API access, and has permissions for the URLs that you will use. If the account does not have the required permissions, then it is indicated by the HTTP response code and body.

    If the login succeeds, then the response contains a header with:

    Set-Cookie: APSCOOKIE_...

    Save and include this cookie value as a header in later REST API requests. This associates the requests with the existing authentication session.

    Idle authentication sessions time out. See the idle timeout in the FortiRecorder Administration Guide. To continue using the REST API, authenticate again.

    For example, to log in, you could open the command prompt on your computer and enter a curl command:

    curl -H "Content-Type: application/json" -X POST -d "{\"name\":\"YOUR_ACCOUNT\",\"password\":\"YOUR_PASSWORD\"}" https://HOST_OR_IP/api/v1/AdminLogin -c cookie.txt

    and then subsequent commands would include (-b) and possibly also update (-c) the session cookie file:

    curl -X GET -b cookie.txt -c cookie.txt https://HOST_OR_IP/api/v1/SysStatusSysinfo
    Tooltip

    Do not save passwords in unencrypted files, including the CLI history log. Unencrypted credentials at rest are a security risk. If an attacker or virus compromises your computer, it could allow unauthorized persons to access your FortiRecorder system. Use a key management system, such as Vault in Postman, to securely store credentials.
    Tooltip

    On Microsoft Windows with Command Prompt, inside the JSON data, you must put a backslash before each double straight quote ( \" ). For example (highlighted in bold):

    -d "{\"name\":\"admin\"}"

    Alternatively, you can input a JSON stream from another command.

    URLs with parameters may also require double quotes around them.

    If you do not, then the command line may interpret each JSON attribute as CLI commands or arguments, resulting in various error messages depending on the sequential order of arguments and attributes.

    Reserved characters and escape sequences vary by operating system and command line environment; Linux and Mac terminals often do not require this, and Microsoft PowerShell uses different escape sequences.
    Tooltip

    If you have either:

    • private certificate authority (CA) servers

    • FortiRecorder with a factory or self-signed certificate

    then authentication of all HTTPS requests might fail with certificate errors.

    Trust the FortiRecorder certificate or its signing CA. Do not use insecure (-k) connections as a workaround.

    For example, you could use certutil on the Windows command line:

    .\certutil.exe -addstore -f "Root" "C:\Users\YOUR_USERNAME\Downloads\FORTIRECORDER_CA_CHAIN.pem"

    and then use that root CA trust store with curl --ca-native commands.

    Secure HTTPS requests should fail if the FortiRecorder X.509 certificate is:

    • fake (name is wrong, or is not supported by the SNI extension)

    • not valid at the current time/date

    • not allowed for this usage

    • not signed, directly or indirectly, by a CA that your computer trusts, such as for factory or self-signed certificates

    See also how to use certificates in the FortiRecorder Administration Guide.

    Previous
    Next