Authorization settings

This section describes the Authorization section of the Settings page.

If an error occurred during the loading of the web page and the settings are unavailable, reload the page.

The Authorization section contains the following settings:

• Enable HTTP clients authorization. Indicates whether Kaspersky Scan Engine should use API token authorization.

  HTTPS connection is required for API token authorization.

• Authorization header field. The name of the request header field that contains the API token. The value you specify here must meet the following requirements:
  • 3 to 40 characters long.
  • Consists of characters allowed for header field names according to RFC 7230.

  The default value is Authorization.

• Add bearer prefix. Indicates whether Kaspersky Scan Engine supports the Bearer authentication scheme. If this toggle switch is turned on, Kaspersky Scan Engine expects that the request header field, named as specified in Authorization header field, starts with the Bearer prefix.

Managing tokens

The API Tokens table contains the following information about API tokens:

• Token name. Each token has a unique name.
• Description. Some descriptions may be missing. This property is optional.
• Status. Kaspersky Scan Engine authorizes an HTTP client only if its token is enabled.

From the table, you can edit () or delete () an existing token. Editing a token is similar to adding a token (see the instruction below).

To add a new token:

1. Click the Add token button.
2. Specify the parameters of the new token:
   • Name. The unique name of the token. The name must contain from 1 to 40 Unicode characters.
   • Description. Additional information about the token. For example, the name of the token owner. The description can contain up to 1000 Unicode characters.
   • Token. The token that the client must send to the Kaspersky Scan Engine API for authorization. The value must be unique and contain from 4 to 100 ASCII characters. There must be at least one uppercase Latin letter, one lowercase Latin letter, one digit, and one of the following special characters: -._~+/).

     To make Kaspersky Scan Engine generate a unique token for you, click the Generate token button. The generated token appears in the Token field. You can change this value if you want.

     Copy the token somewhere you can find it later. After you click Save, the token will not be available in the Kaspersky Scan Engine GUI. In the kavhttpd.xml configuration file, the token value is encrypted. If you have forgotten or lost a token, you can generate a new token instead.

   • Enable token. Turn on this toggle switch if you want Kaspersky Scan Engine to authorize clients that specified the token in the request header. If the toggle switch is turned off, Kaspersky Scan Engine does not authorize clients that specified the token in the request header.

     If you have enabled API token authorization and the kavhttpd service is not running, starting klScanEngineUI will also initiate the start of the kavhttpd service.

3. Click Save.

The new token appears in the API Tokens table.

Page top