To manage the application through the REST API, you need to install Kaspersky Endpoint Security with support for the REST API. If you manage Kaspersky Endpoint Security through the REST API, you cannot manage the application using Kaspersky Security Center.
Preparing for installing the application with REST API support
Secure interaction of Kaspersky Endpoint Security with the REST client requires configuring request identification. To do so, you must install a certificate and subsequently sign the payload of each request.
To create a certificate, you can use e.g. OpenSSL.
Example:
|
Use the RSA encryption algorithm with a key length of 2048 bits or more.
As a result, you will get a cert.pem
certificate and a key.pem
private key.
Installing the application with REST API support
To install Kaspersky Endpoint Security with REST API support:
RESTAPI=1
RESTAPI_User=<User name>
User name for managing the application through the REST API. Enter the user name in the format <DOMAIN>\<UserName>
(for example, RESTAPI_User=COMPANY\Administrator
). You can manage the application through the REST API only under this account. You can select only one user to work with the REST API.
RESTAPI_Port=<Port>
Port used for data exchange. Optional parameter. Port 6782 is selected by default.
RESTAPI_Certificate=<Path to certificate>
Certificate for identifying requests (for example, RESTAPI_Certificate=C:\cert.pem
).
You can install the certificate after installing the application or update the certificate after the certificate expires.
How to install a certificate for REST API request identification
AdminKitConnector=1
Application management using administration systems. Management is allowed by default.
You can also use the setup.ini file to define the settings for working with the REST API.
Example:
|
As a result, you will be able to manage the application through the REST API. To verify its operation, open the REST API documentation using a GET request.
Example:
|
If you installed the application with REST API support, Kaspersky Endpoint Security automatically creates an allow rule in the Web Control settings for accessing web resources (Service Rule for REST API). This rule is needed to allow the REST client to access Kaspersky Endpoint Security at all times. For example, if you have restricted user access to web resources, this will not affect managing the application through the REST API. We recommend that you do not delete the rule or change the Service Rule for REST API settings. If you deleted the rule, Kaspersky Endpoint Security will restore it after restarting the application.
Page top