Protocol version 3.0
If HTTP clients authorization is enabled in Kaspersky Scan Engine, all HTTP requests must contain an API token.
The following example shows an HTTP request containing an API token in the Authorization
field:
POST /api/v3.0/scanfile HTTP/1.0 Content-Type: application/octet-stream Content-Length: 22 Authorization: SldYQTUyOUNVMnE3VWR2N3Izamk2QkVNc2hhLTV5dTBLcVUzeXZLdGYtNkkrVFUyQUVRQUNLQUFCSWdwRUlJTQ==
{ "timeout": "10000", "object": "\/home\/user\/eicar" } |
In this example, Authorization
is the default name of the request header field used for authorization. You can change this name in the Authorization section of the Kaspersky Scan Engine GUI.
The following block shows the corresponding response:
HTTP/1.0 200 OK Connection: close Content-Type: text/plain Server: KAVHTTPD/1.0 X-KAV-ProtocolVersion: 3 Date: Wed, 30 Jan 2019 15:46:29 GMT Content-Length: 75
{ "object": "\/home\/user\/eicar", "scanResult": "DETECT", "detectionName": "EICAR-Test-File" } |
If the authorization failed and the Bearer prefix was specified, the response is as follows:
HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer realm="API Kaspersky Scan Engine" |
If the authorization failed and the Bearer prefix was not specified, the response is as follows:
HTTP/1.1 401 Unauthorized WWW-Authenticate: Token realm="API Kaspersky Scan Engine" |