Installing the application with the REST API

To manage the application through the REST API, you need to install Kaspersky Endpoint Security with support for the REST API. If you manage Kaspersky Endpoint Security through the REST API, you cannot manage the application using Kaspersky Security Center.

Preparing for installing the application with REST API support

Secure interaction of Kaspersky Endpoint Security with the REST client requires configuring request identification. To do so, you must install a certificate and subsequently sign the payload of each request.

To create a certificate, you can use e.g. OpenSSL.

Example: $ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 1825 -nodes

Use the RSA encryption algorithm with a key length of 2048 bits or more.

As a result, you will get a cert.pem certificate and a key.pem private key.

Installing the application with REST API support

To install Kaspersky Endpoint Security with REST API support:

1. Run the command line interpreter (cmd.exe) as an administrator.
2. Go to the folder that contains the distribution package for Kaspersky Endpoint Security version 11.2.0 or later.
3. Install Kaspersky Endpoint Security with the following settings:
   • RESTAPI=1
   • RESTAPI_User=<User name>

     User name for managing the application through the REST API. Enter the user name in the format <DOMAIN>\<UserName> (for example, RESTAPI_User=COMPANY\Administrator). You can manage the application through the REST API only under this account. You can select only one user to work with the REST API.

   • RESTAPI_Port=<Port>

     Port used for data exchange. Optional parameter. Port 6782 is selected by default.

   • RESTAPI_Certificate=<Path to certificate>

     Certificate for identifying requests (for example, RESTAPI_Certificate=C:\cert.pem).

     You can install the certificate after installing the application or update the certificate after the certificate expires.

     How to install a certificate for REST API request identification

     1. Disable Kaspersky Endpoint Security Self-Defense

        The Self-Defense mechanism prevents alteration or deletion of application files on the hard drive, processes in memory, and entries in the system registry.

     2. Go to the registry key that contains REST API settings: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\settings\RestApi.
     3. Enter the path to the certificate, for example, Certificate = C:\Folder\cert.pem.
     4. Enable Kaspersky Endpoint Security Self-Defense.
     5. Restart the application.
   • AdminKitConnector=1

     Application management using administration systems. Management is allowed by default.

   You can also use the setup.ini file to define the settings for working with the REST API.

   Example: setup_kes.exe /pEULA=1 /pPRIVACYPOLICY=1 /pKSN=1 /pALLOWREBOOT=1 /pAdminKitConnector=1 /pRESTAPI=1 /pRESTAPI_User=COMPANY\Administrator /pRESTAPI_Certificate=C:\cert.pem /s

As a result, you will be able to manage the application through the REST API. To verify its operation, open the REST API documentation using a GET request.

Example: GET http://localhost:6782/kes/v1/api-docs

If you installed the application with REST API support, Kaspersky Endpoint Security automatically creates an allow rule in the Web Control settings for accessing web resources (Service Rule for REST API). This rule is needed to allow the REST client to access Kaspersky Endpoint Security at all times. For example, if you have restricted user access to web resources, this will not affect managing the application through the REST API. We recommend that you do not delete the rule or change the Service Rule for REST API settings. If you deleted the rule, Kaspersky Endpoint Security will restore it after restarting the application.

Page top