MetaDefender Core, ICAP User Management
MetaDefender CORE and ICAP have built-in capabilities to manage users directly within each product instance. For example, administrators can create a user by sending an API request directly to a MetaDefender CORE instance.
This is an MetaDefender Core API to get all users:
curl --get \ --url 'http://localhost:8008/admin/user' \ --header 'apikey: {apikey}'However, this requires either local access to the instance or a network connection to it. If the administrator is on a different network, direct access may not be possible.
To overcome this limitation, administrators can enroll the MetaDefender CORE instance into My OPSWAT Central Management and perform the API through My OPSWAT Central Management as below:
curl -X POST --location 'https://product.my.us.opswat.com/fusion/console/services/connection/{{CONNECTION_ID}' \--header 'Authorization: Bearer {{ACCESS_TOKEN}}' \--header 'X-App-Method: GET' \--header 'X-App-URL: /admin/user'Here are steps
Step 1: Enroll the MetaDefender CORE instance into My OPSWAT Central Management and obtain the Deployment Id.
Step 2: Register an OAuth Application and retrieve the Client Key, Client Secret.
Access the My OPSWAT Central Management. On the right menu, select OAuth Application
Register an application and retrieve the Client_key and Client_ Secret.
Step 3: Retrieve the Access Token from OAuth 2 Authentication Flow
Use the Client Key and Client Secret from the registered application and call the My OPSWAT Central Management OAuth API to obtain an access token. This token will be used for authenticating subsequent API requests.
curl -X POST 'https://product.my.us.opswat.com/o/oauth2/token' -d 'client_id={{Client ID}}&client_secret={{Client Secret}}&grant_type=client_credentials'Step 4: Retrieve the connection ID from MetaDefender Core.
Establish a Direct Instance Management connection from My OPSWAT Central Management to the MetaDefender CORE instance.
Request sample:
curl --location 'https://product.my.us.opswat.com/fusion/console/services/connection/request/mdcore' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer {{access_token}}' \--data '{ "deploymentId": "{{Product_Deployment_Id}", "Purpose": "Direct Instance Management"}'Response example:
{ "connId": "63BdkJatrysSo4w4tGVjp8ShAtTFJgQfufwstdEG48k4tE6C9wDeLmCR46Ak1C73MkPsL4HAx6WoFixHXzLom5cCQnyRm56JngHK", "status": "REQUESTING"}After creating the connection ID, the status will change from REQUESTING to CONNECTED. The API will work only if the connection status is CONNECTED. Use the below API to check if the connection is successfully established.
Request example
curl --location 'https://product.my.us.opswat.com/fusion/console/services/connection/63BdkJatrysSo4w4tGVjp8ShAtTFJgQfufwstdEG48k4tE6C9wDeLmCR46Ak1C73MkPsL4HAx6WoFixHXzLom5cCQnyRm56JngHK' \--header 'Authorization: Bearer {{Auth_Token}}'Response example
{ "connId": "63BdkJatrysSo4w4tGVjp8ShAtTFJgQfufwstdEG48k4tE6C9wDeLmCR46Ak1C73MkPsL4HAx6WoFixHXzLom5cCQnyRm56JngHK", "status": "CONNECTED"}Step 5: Re-route API request from MetaDefender Core to My OPSWAT Central Management API:
URL: "https://product.my.us.opswat.com/fusion/console/services/connection/{connectionID}"
- connnectionID: obtain from step 4
Method: POST
Add the following headers to reflect the MetaDefender Core APIs
- ACCESS_TOKEN: obtain from step 3
- X-App-Method: obtain from MetaDefender Core API documentation
- X-App-URL: obtain from MetaDefender Core API documentation
- data: obtain from MetaDefender Core API documentation
curl -X POST --location 'https://product.my.us.opswat.com/fusion/console/services/connection/{{CONNECTION_ID}' \--header 'Authorization: Bearer {{ACCESS_TOKEN}}' \--header 'X-App-Method: {{...}}' \ --header 'X-App-URL: {{...}}' \ --data '{{...}}'Example: How to re-route ' List all users ' from MetaDefender Core to My OPSWAT Central Management
- Get info from MDCore API - userlist
In this api, need to use method 'GET' and URL '/admin/user'
- Convert MD Core API to Central Management API as below
API Request
curl -X POST --location 'https://product.my.us.opswat.com/fusion/console/services/connection/{{CONNECTION_ID}' \--header 'Authorization: Bearer {{ACCESS_TOKEN}}' \--header 'X-App-Method: GET' \--header 'X-App-URL: /admin/user'API Response
[{ "api_key": "12345678901234567890123456789012", "directory_id": 1, "display_name": "Administrator", "email": "trung.dang@opswat.com", "id": 2, "last_seen_ip": "::1", "last_seen_timestamp": 1753717373374, "name": "Administrator", "rights": {}, "roles": [], "ui_settings": {} }]Appendix
List of APIs supported by Meta Defender CORE
| APIs | Document | Url | Method | From Version |
|---|---|---|---|---|
| Create user | https://www.opswat.com/docs/mdcore/metadefender-core#usercreate | /admin/user | POST | 5.15.0 |
| List all users | https://www.opswat.com/docs/mdcore/metadefender-core#userlist | /admin/user | GET | 5.15.0 |
| Delete a user | https://www.opswat.com/docs/mdcore/metadefender-core#userdelete | /admin/user/{user_id} | DELETE | 5.15.0 |
| Change user's API key | https://www.opswat.com/docs/mdcore/metadefender-core#changeuserapikey | /admin/user/(\d+)/apikey | PUT | 5.15.0 |
| Change Password for local user | https://www.opswat.com/docs/mdcore/metadefender-core#userchangepass | /user/changepassword | POST | 5.15.0 |
| List all roles | /admin/role | GET | 5.15.0 | |
| List all user directories | /admin/userdirectory | GET | 5.15.0 |