I am trying to access REST-API to pull information for fortigate_exporter for prometheus.

However, I am currently stuck in error message as below.

Output of curl -k -i -Z POST https://192.168.1.99/logincheck -d "username=grafan&secretkey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" --dump-header headers.txt -c cookies.txt

curl: (6) Could not resolve host: POST
HTTP/1.1 200 OK
Date: Sun, 21 Jan 2024 09:49:05 GMT
Server:
Set-Cookie: APSCOOKIE_659073298="0%260"; path=/; expires=Sat, 02-Feb-1974 09:49:05 GMT; secure; SameSite=Strict
Set-Cookie: VDOM_659073298="0%260"; path=/; expires=Sat, 02-Feb-1974 09:49:05 GMT; secure; SameSite=Strict
Set-Cookie: CENTRAL_MGMT_OVERRIDE_659073298="0%260"; path=/; expires=Sat, 02-Feb-1974 09:49:05 GMT; secure; SameSite=Strict
Set-Cookie: EDIT_HISTORY_659073298="0%260"; path=/; expires=Sat, 02-Feb-1974 09:49:05 GMT; secure; SameSite=Strict
Set-Cookie: FILE_DOWNLOADING_659073298="0%260"; path=/; expires=Sat, 02-Feb-1974 09:49:05 GMT; secure; SameSite=Strict
Set-Cookie: csrftoken_659073298="0%260"; path=/; expires=Sat, 02-Feb-1974 09:49:05 GMT; secure; SameSite=Strict
Set-Cookie: ccsrftoken_659073298="0%260"; path=/; expires=Sat, 02-Feb-1974 09:49:05 GMT; secure; SameSite=Strict
Set-Cookie: ccsrftoken="0%260"; path=/; expires=Sat, 02-Feb-1974 09:49:05 GMT; secure; SameSite=Strict
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
X-UA-Compatible: IE=Edge

<!DOCTYPE html>
<html class="main-app">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta http-equiv="pragma" content="no-cache">
<meta name="viewport" content="width=device-width, initial-scale=1"><link href="/1ab5b5012de91b1928d15748cec51b16/css/main-green.css" rel="stylesheet" type="text/css">
<script type='text/javascript'>
(function() {
var xhr = new XMLHttpRequest();
xhr.onload = function() {
if (xhr.status === 200) {
try {
window.fgt_lang = JSON.parse(xhr.responseText);
} catch (e) {
console.error('Failed to parse language JSON');
}
}
};
xhr.open('GET', '/1ab5b5012de91b1928d15748cec51b16/lang/en.json', false);
xhr.send();
})()
;</script>
<script language="JavaScript">
if (top.location != window.location) top.location.reload();
if (window.opener) {window.opener.top.location.reload(); self.close();}
</script>
</head>
<body>
<div class="view-container">
<form class="prompt" onsubmit="return false;" method="get" name="login" autocomplete="off">
<div class="content with-header">
<div class="header">
<f-icon class="ftnt-fortinet-grid icon-xl"></f-icon></div>
<div class="sub-content"><div class="wide-inputs">
<div class="error-message" id="err_msg" style="display: none">
<f-icon class="fa-error"></f-icon>
<div class="message-content" id="err_msg_content"></div>
</div>
<div class="warning-message" id="warn_msg" style="display: none">
<f-icon class="fa-warning"></f-icon>
<div class="message-content" id="warn_msg_content"></div>
</div>
<input type="text" name="username" id="username" value="" maxlength="35"autocorrect="off" autocapitalize="off" placeholder="Username" />
<input type=password autocomplete="off" name="secretkey" id="secretkey" placeholder="Password">
<label id="token_msg" style="display: none;"></label>
<input type=hidden name="ftm_push_enabled" id="ftm_push_enabled" value="0"><input type="password" autocomplete="off" name="token_code"placeholder="Token Code" id="token_code" maxlength="128" style="display: none" disabled>
</div>
<div class="button-actions wide">
<button class="primary" name="login_button" id="login_button" type="button"onclick="try_login();" >Login</button>
</div></div></div></form></div>
<script type="text/javascript" src="/1ab5b5012de91b1928d15748cec51b16/js/login.js"></script>
<script language="Javascript">
document.onkeydown = key_pressdown;
document.forms[0].username.focus();
</script>
</body>
</html>

And then to curl -k -i -X GET https://192.168.1.99/api/v2/monitor/system/status -b headers.txt

HTTP/1.1 401 Authorization Required
Date: Sun, 21 Jan 2024 10:09:17 GMT
Server:
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
X-UA-Compatible: IE=Edge

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>401 Authorization Required</TITLE>
</HEAD><BODY>
<H1>Authorization Required</H1>
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.<P>
<P>Additionally, a 401 Authorization Required
error was encountered while trying to use an ErrorDocument to handle the request.
</BODY></HTML>

If I try to visit https://192.168.1.99/api/v2/monitor/system/status/?access_token=xxxxxxxxxxxxxxx. I get the output in JSON there.

I tried following the guide here, but still couldn't get rid of the error message.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Unable-to-get-information-via-REST-API-usi...

Can someone help me here to navigate in right direction ?