API Reference#
Complete low-level API documentation for all 1,219 FortiOS endpoints (886 CMDB + 295 Monitor + 38 Log).
These endpoints use standard HTTP methods (.get(), .post(), .put(), .delete()) for direct API access.
CMDB API (Configuration)#
CMDB Categories
Monitor API (Status & Statistics)#
Monitor Categories
Log API (Historical Data)#
Log Categories
Service API (Operations)#
Service Categories
Overview#
The FortiOS API is organized into four main categories:
CMDB API - Configuration Management#
The Configuration Management Database (CMDB) API provides access to all FortiOS configuration settings. This includes 886 endpoints across categories covering:
Firewall: Addresses, policies, services, VIPs, schedules
System: Global settings, interfaces, routing, admin users
VPN: IPsec, SSL VPN, certificates
Wireless: WiFi controllers, APs, SSIDs
Security: IPS, antivirus, web filtering, application control
Network: Routing (static, BGP, OSPF), DNS, DHCP
And much more…
See CMDB for the complete list of CMDB endpoints.
Monitor API - Status & Statistics#
The Monitor API provides real-time status information and statistics. This includes 295 endpoints across categories covering:
System: Status, resources, performance
Firewall: Active sessions, policy stats
Router: Routing tables, neighbor status
VPN: Tunnel status, connection stats
WiFi: Client status, AP performance
UTM: IPS stats, AV activity, web filter logs
And much more…
See MONITOR for the complete list of Monitor endpoints.
Log API - Historical Data#
The Log API provides access to historical logs and events. This includes 38 endpoints with full parameterization support:
The Log API provides access to historical log data:
Traffic logs
Security event logs
System logs
UTM logs
Application logs
See LOG for log query capabilities.
Service API - Operations#
The Service API provides operational commands:
Backup and restore
System reboot
Configuration validation
License management
And more…
See SERVICE for available service operations.
API Patterns#
All FortiOS endpoints follow consistent patterns:
CMDB Endpoints (Configuration)
# List all objects
fgt.api.cmdb.firewall.address.get()
# Get specific object
fgt.api.cmdb.firewall.address.get(name="web-server")
# Create object
fgt.api.cmdb.firewall.address.post(
name="web-server",
subnet="10.0.1.100/32"
)
# Update object
fgt.api.cmdb.firewall.address.put(
name="web-server",
comment="Updated comment"
)
# Delete object
fgt.api.cmdb.firewall.address.delete(name="web-server")
Monitor Endpoints (Status)
# Get status (no parameters)
fgt.api.monitor.system.status.get()
# Get status with filters
fgt.api.monitor.firewall.session.get(
ip_version="ipv4",
count=100
)
Log Endpoints (Historical Data)
# Query logs
fgt.api.log.disk.traffic.get(
rows=100,
start=0,
filter="srcip==10.0.1.100"
)
Service Endpoints (Operations)
# Execute service operation
fgt.api.service.system.backup.post(
scope="global",
password="backup-password"
)
Async Support#
All endpoints support async/await by adding _async suffix:
import asyncio
async def get_status():
status = await fgt.api.monitor.system.status.get_async()
return status
asyncio.run(get_status())
Direct API Methods#
Use the direct API methods which provide type-safe access to all endpoints:
# Firewall policy using post()
fgt.api.cmdb.firewall.policy.post(
name="Allow-Web",
srcintf=[{"name": "internal"}],
dstintf=[{"name": "wan1"}],
srcaddr=[{"name": "all"}],
dstaddr=[{"name": "web-server"}],
service=[{"name": "HTTP"}, {"name": "HTTPS"}],
action="accept"
)
# Recurring schedule using post()
fgt.api.cmdb.firewall.schedule.recurring.post(
name="business-hours",
day=["monday", "tuesday", "wednesday", "thursday", "friday"],
start="08:00",
end="18:00"
)
See Endpoint Methods for details on all available methods.