If HTTP clients authorization is enabled in Kaspersky Scan Engine, all HTTP requests must contain an API token.
The following example shows an HTTP request containing an API token in the Authorization
field:
POST /scanfile HTTP/1.0 Content-Length: 35 X-KAV-ProtocolVersion: 1 X-KAV-Timeout: 10 Authorization: SldYQTUyOUNVMnE3VWR2N3Izamk2QkVNc2hhLTV5dTBLcVUzeXZLdGYtNkkrVFUyQUVRQUNLQUFCSWdwRUlJTQ==
* Full path to the EICAR test file * |
In this example, Authorization
is the default name of the request header field used for authorization. You can change this name in the Authorization section of the Kaspersky Scan Engine GUI.
The following example shows the corresponding response:
HTTP/1.0 200 OK Date: Mon, 10 February 2014 12:25:21 GMT Server: KAVHTTPD Content-Length: 32 Connection: close Content-Type: text/plain X-KAV-ProtocolVersion: 1
DETECT EICAR-Test-File |
If the authorization failed and the Bearer prefix was specified, the response is as follows:
HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer realm="API Kaspersky Scan Engine" |
If the authorization failed and the Bearer prefix was not specified, the response is as follows:
HTTP/1.1 401 Unauthorized WWW-Authenticate: Token realm="API Kaspersky Scan Engine" |