Direct Instance Management v10.2507.0

Direct Connection Support in CM10

My OPSWAT Central Management (MOCM) supports initiating a direct connection to MetaDefender (MD) product instances, enabling the execution of product-specific APIs and supported commands. The following OPSWAT products currently support this feature:

MetaDefender CORE (version 5.15.0 and above)
MetaDefender ICAP (version 5.9.0 and above)

How it works

MD Core/ICAP must first be registered with the MOCM. Once enrolled, MOCM can effectively manage MD Core/ICAP instances.

When an administrator invokes MOCM APIs, MOCM authenticates the request and then forwards it to the appropriate Product Instance APIs.

Administrators do not need to enable inbound traffic from users to MD instances. All requests are securely routed from MOCM directly to the MD instances.

Steps to make API requests

Once the product instance is enrolled in CM10, adminstrator can follow these steps to make an api request to the instance

Get OAuth API Access token from MOCM
Go to MOCM console page and setup application to get an access token:

Obtain the connectionID
Retrieve the connectionID from the relevant product instance.

Construct the API Request
- Build the URL: Combine the MOCM endpoint URL with the retrieved connectionID.
- Prepare the Request Body: Include the required data exactly as specified in the product support documentation.
- Set the Required Headers:
  - X-App-Method: Specify the original HTTP method (e.g., GET, POST).
  - X-App-Url: Provide the original request path.
  - Include any optional headers from the original request using the format: X-App-Header-{headerKey}.

For detailed examples, please refer to the documentation: View Documentation

Server

https://product.my.us.opswat.com

My OPSWAT Central Management US tenant

https://product.my.eu.opswat.com

My OPSWAT Central Management EU tenant

Authentication

http BearerToken

Users authenticate using a Client ID and Client Secret, which can be obtained from My OPSWAT Central Management.

Auth

BearerToken

POST

/o/oauth2/token

Get Oauth API Token

To retrieve your Client ID and Client Secret, please follow this link: https://www.opswat.com/docs/cm/developer-guidelines/how-to-work-with-apis

Auth

Request Body

Required information to generate token

object	object
client_id	string	Client Id of MyOpswat Central Management Account
client_secret	string	Client Secret of MyOpswat Central Management Account
grant_type	string	client_credentials

POST /o/oauth2/token

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/oauth2/token' \ --data 'client_id=TEST85NFX3IEG5GFTM6KF9S3T8AULNHHCF8' \ --data 'client_secret=TESTWAUXMAUQR2AYDYMBVGANLRWVBNSWR1L94' \ --data 'grant_type=client_credentials'
Copy

Responses

200

response

Root Type for Oauth_reponse_data	object
access_token	string
token_type	string
expires_in	int32

Response

 
{ "access_token": "TEST7P9ZMJ2LBF8AMOMJLFNPMMLO953AVQ4C9YFF52R6456", "token_type": "Bearer", "expires_in": 43199}
Copy

Connection_management

Manage direct connection from product instances to MyOpswat Central Management

GET

/fusion/console/services/connection/{connectionId}

DELETE

/fusion/console/services/connection/{connectionId}

POST

/fusion/console/services/connection/request/{productType}

GetConnection status

Get Connection status by Connection ID

Auth

GET /fusion/console/services/connection/{connectionId}

 
curl --get \ --url 'https://product.my.us.opswat.com/fusion/console/services/connection/{connectionId}' \ --header 'Authorization: Bearer {token}'
Copy

Responses

200

Get Connection Status successfully

Root Type for InitConnectionData_reponse_success	object
connId	string
status	string

400

Invalid ConnectionId

Response

 
{ "connId": "63BdkJatrysSo4w4tGVjp8ShAtTFJgQfufwsRm56JngHK", "status": "REQUESTING"}
Copy

Close connection

Close a direct connection

Auth

DELETE /fusion/console/services/connection/{connectionId}

 
curl --request DELETE \ --url 'https://product.my.us.opswat.com/fusion/console/services/connection/{connectionId}'
Copy

Responses

200

desc

No response body

Response

 
No response
Copy

Initiate Direct Instance Connection

Initiate a direct communication channel from CM10 to the product instance.

Auth

Path Params

productType

string

OPSWAT product types

Enum: mdcore,mdicap

Request Body

Root Type for InitConnectionData	object	Data for initiating a connection from MyOpswat Central Management
deploymentId	string
Purpose	string

POST /fusion/console/services/connection/request/{productType}

 
curl --request POST \ --url 'https://product.my.us.opswat.com/fusion/console/services/connection/request/{productType}' \ --header 'Authorization: Bearer {token}' \ --data '"curl --location 'https://product.my-staging.us.opswat.com/fusion/console/services/connection' \\\r\n--header 'Cache-Control: no-cache' \\\r\n--header 'Postman-Token: <calculated when request is sent>' \\\r\n--header 'Content-Type: application/json' \\\r\n--header 'User-Agent: PostmanRuntime/7.39.1' \\\r\n--header 'Accept: */*' \\\r\n--header 'Accept-Encoding: gzip, deflate, br' \\\r\n--header 'Connection: keep-alive' \\\r\n--header 'Authorization: Bearer eyJraWQiOiJiMk50ZGpkZmMybG5ibWx1WjE5clpYaz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJTVDlaSlpaTlVYR09SSDlXVEtCMUEzRUtBUjc4SlNMQ1cyS0VKS0QzVlRZQkFNU0QiLCJhdWQiOiJTVDlaSlpaTlVYR09SSDlXVEtCMUEzRUtBUjc4SlNMQ1cyS0VKS0QzVlRZQkFNU0QiLCJuYmYiOjE3NTIzNzUxNDYsImFjY291bnRfaWQiOiJlYmNlYjM3Zi0wMjZmLTQzMTAtODM5Ni03MDI1Mzc3NWFlMmYiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaXNzIjoiaHR0cHM6Ly9wcm9kdWN0Lm15LXN0YWdpbmcudXMub3Bzd2F0LmNvbS9vIiwiZXhwIjoxNzUyNDE4MzQ2LCJpYXQiOjE3NTIzNzUxNDYsImp0aSI6ImE4YTNmMTJhLTQ1ZmYtNGY0MC04ZjBlLWY0NDM4ZTQ2MWNkOCIsImNsaWVudF9pZCI6IlNUOVpKWlpOVVhHT1JIOVdUS0IxQTNFS0FSNzhKU0xDVzJLRUpLRDNWVFlCQU1TRCJ9.I_9EB2YQ06JpHS-_ZV5zc7TbdQUXeB1Zt_WGtdKTwh1BI12X3UmbrljimWfXBrB0PQQjdZFQcFlY44_5HTTIOEuF15qqdzaLzYeMWnBD-T_Pxy7H5SyIbc8LfrHjW8Qa6eaItt5o-Xag-taoSJ_7h8rDRyyNo1KhzBzPzGA14BCEKWyDzLPjg5UxspzaJAuVI9FnRhnOjrPgk_t_rkWjSwcnoJAEuwGxz3NbNVqRaklZImaxYqu6YujlVgM7uTB4Y7y0IAmPn89bKbI0wzBRVtXaYqDzqHuu1cEx-0gakhdM8PUWXtaf4tEfcKJbqI7PTlpdZQI6Inrx9mUE_5F20g' \\\r\n--header 'Cookie: INGRESSCOOKIE=1752158896.417.29.397117|8cc77ee06a40d800703beb1196648895' \\\r\n--data '{\r\n    \"deploymentId\": \"MSCW6K5YDChLEV0Jq8y9ASMAqUnpeRreyNHk\",\r\n    \"Purpose\": \"Test CORE Integration\"\r\n}'"'
Copy

Responses

200

Init Connection successfull

Root Type for InitConnectionData_reponse_success	object
connId	string
status	string

404

Incorrect DeploymentId

Response

 
{ "connId": "63BdkJatrysSo4w4tGVjp8ShAtTFJgQfufwsRm56JngHK", "status": "REQUESTING"}
Copy

Sending_requests

Sending requests directly from My OPSWAT Central Management to product instances.

POST

/fusion/console/services/connection/{connectionId}

Sending Requests/Commands

Sending Requests or Commands to Product Instances

To view the list of supported APIs for each product, please refer to the following link: Supported Product APIs

Auth

Headers

X-App-Method	string
X-App-URL	string

Request Body

string string

POST /fusion/console/services/connection/{connectionId}

 
curl --request POST \ --url 'https://product.my.us.opswat.com/fusion/console/services/connection/{connectionId}' \ --header 'X-App-Method: {X-App-Method}' \ --header 'X-App-URL: {X-App-URL}' \ --data '"{\n    //Input the same databody of the request that send to product intances\n}"'
Copy

Responses

200

string string

Response

 
{    Return the output from product instance    }
Copy

Pmp

POST

/o/pmp/v1/reports/details

POST

/o/pmp/v1/reports

POST

/o/pmp/v1/kiosk/configuration

Get PMP Report Details

Retrieve the details of a PMP report - including MetaDefender Kiosk, MetaDefender Drive - using the report's session ID. This API returns data as a stream.

Auth

Request Body

object	object
session_id	string	session ID.
filter	object
issue_type	array[string]	Specify what issue type used to filter along with the field. Enum: `VUL(vulnerability)`,`COO`,`SENSITIVE`,`SKIPPED`,`INFECTED`

POST /o/pmp/v1/reports/details

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/pmp/v1/reports/details' \ --header 'Authorization: Bearer {token}' \ --data '{  "filter": {    "issue_type": [      "VUL",      "COO",      "SENSITIVE",      "SKIPPED",      "INFECTED"    ]  },  "session_id": "report1617662410591"}'
Copy

Responses

200

Successful response

object	object
id	string	ID
timestamp	long	timestamp when the report occurs
sync_time	long	timestamp when the report sent to My Opswat Central Management
session_id	string	session id of the report
file_name	string	file name
file_path	string	file path
pmp_type	string	issue type
device_id	string	Device id of a device that the report occurred on
device_type	string	Device type of a device that the event occurred on
device_name	string	Device name of a device that the report occurred on
md5	string	md5 of the file
sha1	string	sha1 of the file
sha256	string	sha256 of the file

Response

 
{ "id": "681a21f3c239c15ff0c16981", "file_name": "Exceeded Archive File Number_4.zip", "file_path": "E:\\Exceeded Archive File Number_4.zip", "pmp_type": "SENSITIVE", "device_type": "KIOSK", "timestamp": 1712161663000, "sync_time": 1747381075000, "session_id": "phuoc12345678", "device_name": "phuockiosk", "device_id": "phuockiosk", "md5": "F4C0908C43B07361D9692AB21163E554", "sha1": "FB08572F367FD54E6C82C17E6B4FFEFF4A109441", "sha256": "3A08843F67A170B0AC9588E7C9C742D4602416140A1FC8D15AE0B6F10C7BF228"}
Copy

Get PMP Reports

Retrieve reports of PMP devices - including MetaDefender Kiosk, MetaDefender Endpoint - in the cursor fashion, sorted by reported time in ascending order.

Auth

Request Body

object	object
token	string	Pagination token to retrieve the next set of items.
limit	integer	Maximum number of devices to return. The value should be in [1,100]. Default: 20
start_time	long	Specify a start time of the query's duration. The format should be Unix epoch time in milliseconds The value must be greater than zero, and it must not be more than 30 days from the current date.
end_time	long	Specify an end time of the query's duration. The format should be Unix epoch time in milliseconds.
filter	object
device_type	array[string]	Specify what device type used to filter along with the field. Enum: `EM`,`KIOSK`,`MK5`
media_type	array[string]	Specify what media type used to filter along with the field.
issue_type	array[string]	Specify what issue type used to filter along with the field. Enum: `VUL(vulnerability)`,`COO`,`SENSITIVE`,`SKIPPED`,`INFECTED`

POST /o/pmp/v1/reports

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/pmp/v1/reports' \ --header 'Authorization: Bearer {token}' \ --data '{  "filter": {    "device_type": [      "KIOSK"    ],    "media_type": [      "USB Device"    ],    "issue_type": [      "VUL",      "COO",      "SENSITIVE",      "SKIPPED",      "INFECTED"    ]  },  "start_time": 1617662410591,  "end_time": 1618267210591,  "limit": 1,  "token": "60ed8afd62585c75b2d5b551"}'
Copy

Responses

200

Successful response

object	object
token	string	Pagination token
data	array[object]
timestamp	long	timestamp when the report occurs
sync_time	long	timestamp when the report sent to My Opswat Central Management
session_id	string	session id of the report
report_id	string	report id of the report
user_name	string	User logged-in ID who logged into a device when the report occurred
device_name	string	Device name that the report occurred on
device_id	string	Device id of a device that the report occurred on
device_type	string	Device type of a device that the event occurred on
device_group	string	A device's group name
media_type	string	media type
total_infected	integer	total infected files in the report
total_vulnerability	integer	total vulnerable files in the report
total_sensitive	integer	total sensitive files in the report
total_coo	integer	total coo detection files in the report
total_skipped	integer	total skipped files in the report
total_files_scanned	integer	total scanned files in the report
total_sanitized	integer	total sanitized files in the report
total_threat	integer	total issued files in the report

Response

 
{ "data": [  {   "timestamp": 1712161663000,   "sync_time": 1747381075000,   "session_id": "phuoc123456789x",   "report_id": "phuoc123456789x",   "user_name": "Guest",   "device_name": "phuockiosk",   "device_id": "phuockiosk",   "device_type": "KIOSK",   "device_group": "Default Kiosk Windows",   "media_type": "SCSI Device",   "total_infected": 1,   "total_vulnerability": 0,   "total_sensitive": 4,   "total_coo": 0,   "total_skipped": 0,   "total_files_scanned": 14,   "total_sanitized": 4,   "total_threat": 5  } ], "token": "60ed8afd62585c75b2d5b551"}
Copy

Update Yara rules and file hashes for MetaDefender Kiosk

Auth

Request Body

object	object
apply_type	string	Values: - all: apply for all instances - instances: apply for specific instances in
apply_to	array[string]	The list of instance IDs will be updated the file hashes and Yara rules.
yara_sources	object
type	string	Possible values: - append: will append to existing yara rules - overwrite: will overwrite all yara rules
skip_by_hash	object
type	string	Possible values: - append: will append to existing yara rules - overwrite: will overwrite all yara rules

POST /o/pmp/v1/kiosk/configuration

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/pmp/v1/kiosk/configuration' \ --header 'Authorization: Bearer {token}' \ --data '{  "apply_type": "all",  "apply_to": [],  "yara_sources": {    "type": "append",    "local_sources": [      {        "source": "/mnt/yara",        "state": "enabled"      }    ],    "http_sources": [      {        "source": "http://onlineyarasources.net/source.zip",        "state": "disabled"      }    ]  },  "skip_by_hash": {    "type": "overwrite",    "blacklist": {      "edecbf6bd03ef340e0c6cd438a4069c2": {        "comment": "example3"      }    },    "skip": {      "13d8b8329bd2f668e6a889f32feaa48c832dbf0c": {        "comment": "example4",        "engines": [          "totaldefense"        ]      }    },    "whitelist": {      "6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d": {        "comment": "example5"      },      "df72d035b31b1ff89f752e83af14b9e9dcf4913d9954f074546860d10b6908fb": {        "comment": "example2"      }    }  }}'
Copy

Responses

200

Successful response

object	object
total_applied	integer	The number of instances will be applied the Yara rules and file hashes. Note that My OPSWAT Central Management will save this change and will send to MetaDefender Kiosk next time it checks in with My OPSWAT Central Management.

Response

 
{ "total_applied": 12}
Copy

Meta Defender Drive

MetaDefender Drive.

POST

/o/mdd/v1/reports

POST

/o/mdd/v1/reports/details

Get MetaDefender Drive Reports

Receive MetaDefender Drive's reports in the cursor fashion, sorted by reported time in ascending order.

Auth

Request Body

object	object
token	string	Pagination token to retrieve the next set of items.
limit	integer	Maximum number of devices to return. The value should be in [1,100]. Default: 20
start_time	long	Specify a start time of the query's duration. The format should be Unix epoch time in milliseconds The value must be greater than zero, and it must not be more than 30 days from the current date.
end_time	long	Specify an end time of the query's duration. The format should be Unix epoch time in milliseconds.
filter	object
scanned_host	array[string]
scanned_by	array[string]
issue_type	array[string]	Specify what issue type used to filter along with the field. Enum: `VUL(vulnerability)`,`COO`,`SENSITIVE`,`SKIPPED`,`INFECTED`

POST /o/mdd/v1/reports

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/mdd/v1/reports' \ --header 'Authorization: Bearer {token}' \ --data '{  "filter": {    "scanned_host": [      "qa-machine"    ],    "scanned_by": [      "MSCLyAWEbU6qKF8ULBXwKmj60WBvJsbnnByS"    ],    "issue_type": [      "VUL",      "COO",      "SENSITIVE",      "SKIPPED",      "INFECTED"    ]  },  "start_time": 1617662410591,  "end_time": 1618267210591,  "limit": 1,  "token": "60ed8afd62585c75b2d5b551"}'
Copy

Responses

200

Successful response

object	object
token	string	Pagination token
data	array[object]
timestamp	long	timestamp when the report occurs
sync_time	long	timestamp when the report sent to My Opswat Central Management
session_id	string	session id of the report
hardware_model	string	hardware model of a device that the report occurred on
scan_profile	string	scanning profile
scanned_host	string
scanned_by	string
device_group	string	A device's group name
total_infected	integer	total infected files in the report
total_vulnerability	integer	total vulnerable files in the report
total_sensitive	integer	total sensitive files in the report
total_coo	integer	total coo detection files in the report
total_skipped	integer	total skipped files in the report
total_files_scanned	integer	total scanned files in the report
total_sanitized	integer	total sanitized files in the report
total_threat	integer	total issued files in the report

Response

 
{ "data": [  {   "timestamp": 1746618097000,   "sync_time": 1746618097000,   "session_id": "qa-virtual-machine__CustomScan_07-May-2025_11-41-37.json.gz",   "device_group": "Default Drivea",   "hardware_model": " VMware, VMware Virtual Platform",   "scan_profile": "Custom Scan",   "scanned_host": "qa-virtual-machine",   "scanned_by": "MSCLyAWEbU6qKF8ULBXwKmj60WBvJsbnnByS",   "total_infected": 0,   "total_vulnerability": 0,   "total_sensitive": 57,   "total_coo": 0,   "total_skipped": 15,   "total_files_scanned": 15677,   "total_sanitized": 0,   "total_threat": 72  } ], "token": "60ed8afd62585c75b2d5b551"}
Copy

Get MetaDefender Drive Report Details

Retrieve the MetaDefender Drive report details by using the report ID and device ID. This API returns data as a stream.

Auth

Request Body

object	object
device_id	string	the device ID
report_id	string	the report ID
filter	object
issue_type	array[string]	Specify what issue type used to filter along with the field. Enum: `VUL(vulnerability)`,`COO`,`SENSITIVE`,`SKIPPED`,`INFECTED`

POST /o/mdd/v1/reports/details

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/mdd/v1/reports/details' \ --header 'Authorization: Bearer {token}' \ --data '{  "filter": {    "issue_type": [      "VUL",      "COO",      "SENSITIVE",      "SKIPPED",      "INFECTED"    ]  },  "device_id": "MSCLyAWEbU6qKF8ULBXwKmj60WBvJsbnnByS",  "report_id": "qa-virtual-machine__CustomScan_11-Apr-2025_03-34-31.json.gz"}'
Copy

Responses

200

Successful response

object	object
id	string	ID
timestamp	long	timestamp when the report occurs
sync_time	long	timestamp when the report sent to My Opswat Central Management
session_id	string	session id of the report
file_path	string	file path
threat_type	string	issue type
device_id	string	Device id of a device that the report occurred on
device_group	string	Device group of a device that the report occurred on
sha256	string	sha256 of the file

Response

 
{ "id": "67f88dd210db0c74b2da2514", "file_path": "/media/Disk2/EFI/ubuntu/shimx64.efi", "threat_type": "SKIPPED", "timestamp": 1746618097000, "sync_time": 1746618097000, "session_id": "qa-virtual-machine__CustomScan_11-Apr-2025_03-34-31.json.gz", "device_id": "MSCLyAWEbU6qKF8ULBXwKmj60WBvJsbnnByS", "device_group": "Default Drivea", "sha256": "6fe6e1bcbe6cf6baec8e056d40361ca1aa715cc04ddcc2855351de060b84350b"}
Copy

Meta Defender Core

Get MetaDefender Core Instances

Retrieve MetaDefender Core instances.

Auth

Request Body

object	object
limit	integer	Maximum number of devices to return. The value should be in [1,100].
page	integer	The specific page number from which instances will be returned
verbose	object
enabled	boolean	If verbose is set to true, the system returns statistical data about the processing history within the specified start_time and end_time Default: false
start_date	long	Specify a start time of the query's duration. The format should be Unix epoch time in milliseconds. The value must be greater than zero, and it must not exceed one year from the current date.
end_date	long	Specify an end time of the query's duration. The value must be a Unix epoch timestamp in milliseconds, greater than zero, and no more than 90 days after the start_date.
filter	object
deployment_ids	array[string]	List of deployment ID
group_ids	array[string]	List of group ID
tags	array[object]
key	string
value	string

POST /o/core/v1/instances

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/core/v1/instances' \ --header 'Authorization: Bearer {token}' \ --data '{  "filter": {    "deployment_ids": [      "deployment_id"    ],    "group_ids": [      "group_id"    ],    "tags": [      {        "key": "key1",        "value": "value1"      }    ]  },  "limit": 50,  "page": 1,  "verbose": {    "enabled": true,    "start_date": 1742703112000,    "end_date": 174270311400  }}'
Copy

Responses

200

Successful response

array	array[object]
id	string
name	string
deployment_id	string
status	string
health_status	string
version	string
group_id	string
group_name	string
public_ip	string
last_seen	string
last_reported	string
license	object
expiration	integer
type	string
tags	array[object]
key	string
value	string
verbose	object
total_processed_files	integer
total_blocked_files	integer
total_sanitized_files	integer
total_quarantined_files	integer
coo_detection	integer
spoofing	integer
vulnerabilities	integer
sensitive_data	integer
zero_day_protection	integer
threat_analysis	integer
oss_vulnerabilities	integer
insights_threat_intelligence	integer
known_good_bad	integer
threat_detection	integer

Response

 
[ {  "id": "68662f2eb5976f1dbaf69ddd",  "name": "core123",  "deployment_id": "MSCWu1uAfJWLJpIzvs58ne2iX7u0xcu48ybX",  "status": "CONNECTED",  "health_status": "UNKNOWN",  "version": "1.1",  "group_id": "6821a8a06232820706a8e618",  "group_name": "Core 1",  "public_ip": "203.205.57.109",  "last_seen": 1751531661608,  "last_reported": 1751531661608,  "license": {   "expiration": 1751531661608,   "type": "BYOL"  },  "tags": [   {    "key": "key1",    "value": "value1"   }  ],  "verbose": {   "total_processed_files": 10,   "total_blocked_files": 1,   "total_sanitized_files": 1,   "total_quarantined_files": 1,   "coo_detection": 1,   "spoofing": 1,   "vulnerabilities": 1,   "sensitive_data": 0,   "zero_day_protection": 0,   "threat_analysis": 1,   "oss_vulnerabilities": 0,   "insights_threat_intelligence": 0,   "known_good_bad": 0,   "threat_detection": 0  } }]
Copy

Get MetaDefender Core Reports

Retrieve MetaDefender Core's processing history reports using cursor-based pagination, sorted by report time in ascending order.

Auth

Request Body

object	object
token	string	Pagination token to retrieve the next set of items.
limit	integer	Maximum number of devices to return. The value should be in [1,100]. Default: 20
start_time	long	Specify a start time of the query's duration. The format should be Unix epoch time in milliseconds. The value must be greater than zero, and it must not exceed one year from the current date.
end_time	long	Specify an end time of the query's duration. The value must be a Unix epoch timestamp in milliseconds, greater than zero, and no more than 30 days after the start_date.
filter	object
deployment_ids	array[string]	List of deployment ID
group_ids	array[string]	List of group ID
status	array[string]	Enum: `Blocked`,`Allowed`
request_type	array[string]	Enum: `batch`,`batched`,`extracted`,`rest`

POST /o/core/v1.1/reports

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/core/v1.1/reports' \ --header 'Authorization: Bearer {token}' \ --data '{  "filter": {    "deployment_ids": [      "deployment_id"    ],    "group_ids": [      "group_id"    ],    "status": [      "Blocked"    ],    "request_type": [      "batch"    ]  },  "start_time": 1742703112000,  "end_time": 174270311400,  "limit": 50,  "token": "6819ccd29a4319e83b45d811"}'
Copy

Responses

200

Successful response

object	object
token	string	Pagination token
data	array[object]
timestamp	long	timestamp when the report occurs
user	string	MD Core's user associated with an API Key used to scan the file
file_name	string	file name
status	string	status
result	string	result
data_id	string
parent_data_id	string
workflow	string	workflow
sha256	string	sha256 of the file
deployment_id	string	deployment ID
request_type	string
progress_percent	integer
start_time	integer
file_size	integer
upload_time_ms	integer
processing_time_ms	integer
incident_types	array[string]	Security incident categories detected during the scan
verdicts	array[string]
actions	array[string]	Post-processing actions applied during the scan (e.g., "sanitize", "quarantine")
parent_session_ids	array[string]	dataIds of all ancestors from root to direct parent
instance_id	string	The ObjectId of the Instance that processed this scan request.
clients	array[object]	records the file's transfer log, showing who (clients.user_name) uploaded it to which product instance (clients.deployment_id, clients.product_type), and when (clients.timestamp).
file_type	object

Response

 
{ "data": [  {   "timestamp": 1747123853000,   "user": "LOCAL/admin",   "file_name": "test_big_for_timeout_engine.pdf",   "status": "Allowed",   "result": "No Threat Detected",   "data_id": "e310ba0080004e8fad64d66b0f4d62fd",   "parent_data_id": "ea4bc896c20246a79c85ead79b882fe6",   "workflow": "DLP-12",   "sha256": "adc12be16eda5b61f03056421af9258f4b1752a4105ef420222cddbf3d2ce9d0",   "deployment_id": "MSCWmLS5v3simfrYBoy2w2EumpBiTH3LTaMo",   "request_type": "extracted",   "progress_percent": 100,   "start_time": 1754903172576,   "file_size": 168054784,   "upload_time_ms": 123,   "processing_time_ms": 129,   "incident_types": [],   "verdicts": [    "No Threat Detected"   ],   "actions": [],   "parent_session_ids": [    "ea4bc896c20246a79c85ead79b882fe6"   ],   "instance_id": "68c38fdc303d00236b6496da",   "clients": [    {     "deployment_id": "MDMV0Mwr1b5aVRCtMGLTSNqW2uUTUjSd1qf",     "user_name": "Guest",     "product_type": "MetaDefender Kiosk",     "session_id": "E1BF07D2-FC96-45F3-BF41-19C94C9F1E23",     "version": "4.7.9.4298",     "host": "CM10",     "timestamp": 1757911925652    }   ],   "file_type": {    "key": "application/x-msi",    "description": "Microsoft Windows Installer"   }  } ], "token": "6822fe8d9a4319e83b45deaa"}
Copy

Account

POST

/o/fusion/v1/account/inventory

Retrieve account inventory or a specific product inventory

Retrieve account inventory or a specific product inventory based on filter criteria. productTypes: MDD (MetaDefender Drive), KIOSK (MetaDefender Kiosk K-Series), MK5 (MetaDefender Kiosk L-Series), MDCORE (MetaDefender Core), MDICAP (MetaDefender ICAP Server)

Auth

Headers

Content-Type

string

application/json

Request Body

Root Type for filterProductTypes	object
filters	object
productTypes	array[string]

POST /o/fusion/v1/account/inventory

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/fusion/v1/account/inventory' \ --header 'Content-Type: {Content-Type}' \ --header 'Authorization: Bearer {token}' \ --data '{  "filters": {    "productTypes": [      "MDD"    ]  }}'
Copy

Responses

200

Root Type for RetrieveAccountObj	array[object]
productName	string
productType	string	Enum: `MDCORE`
totalInstances	int32
connectivity	object
connected	int32
nolicense	int32
disconnected	int32
health	object
operational	int32
minorIssues	int32
criticalIssues	int32
unknown	int32
significantIssues	int32
blockerIssues	int32
version	array[object]
value	string
total	int32
status	string
license	object
expiredIn30Days	int32
expiredIn90Days	int32
expiredIn90PlusDays	int32
expired	int32
nolicense	int32

400

Bad Request

401

Unauthorized

500

Internal Server Error

Response

 
[ {  "productName": "MetaDefender Drive",  "productType": "MDD",  "totalInstances": 16,  "connectivity": {   "connected": 0,   "nolicense": 16,   "disconnected": 16  },  "health": {   "operational": 1,   "minorIssues": 0,   "criticalIssues": 0,   "unknown": 1,   "significantIssues": 0,   "blockerIssues": 0  },  "version": [   {    "value": "4.2.1.5300",    "total": 1,    "status": "BEHIND"   },   {    "value": "4.3.0.5580",    "total": 9,    "status": "SLIGHT_BEHIND"   },   {    "value": "4.3.2.6625",    "total": 1,    "status": "SLIGHT_BEHIND"   },   {    "value": "",    "total": 1,    "status": "MAJOR_BEHIND"   },   {    "value": "4.3.3.6974",    "total": 1,    "status": "SLIGHT_BEHIND"   },   {    "value": "4.3.4.7289",    "total": 1,    "status": "SLIGHT_BEHIND"   },   {    "value": "4.3.3.6937",    "total": 1,    "status": "SLIGHT_BEHIND"   },   {    "value": "4.1.1",    "total": 1,    "status": "BEHIND"   }  ],  "license": {   "expiredIn30Days": 0,   "expiredIn90Days": 0,   "expiredIn90PlusDays": 0,   "expired": 0,   "nolicense": 16  } }]
Copy

Meta Defender Kiosk

POST

/o/pmp/v1/scan-report/overview

GET

/o/pmp/v1/devices/{deviceId}/report/scan/{sessionId}

GET

/o/pmp/v1/kiosk/devices/{deviceId}

GET

/o/pmp/v1/kiosk/devices

Processing Overview from MetaDefender Kiosk instances

Retrieve processing overview from MetaDefender Kiosk K-Series and L-Series instances based on filter criteria over a specified time period

Auth

Headers

Content-Type

string

application/json

Request Body

Root Type for KioskOverviewReq	object
endTime	int32	timestamp in miliseconds
startTime	int32	timestamp in miliseconds
filters	object
instanceIds	array
groupIds	array
groupBy	string	Enum: `groups`,`instances`

POST /o/pmp/v1/scan-report/overview

 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/pmp/v1/scan-report/overview' \ --header 'Content-Type: {Content-Type}' \ --header 'Authorization: Bearer {token}' \ --data '"{\r\n  \"endTime\": 1758326400000,\r\n  \"startTime\": 1755648000000,\r\n  \"filters\": {\r\n    \"instanceIds\": [\"MDMZhIzxPvr2Fx1qspktqY6JYwCQ17DA8XR\", \"MSCLKoY7nwNojbFGlYeqaldBrAqu6aLQ4ItQ\"],\r\n    \"groupIds\": []\r\n  },\r\n  \"groupBy\": \"instances\"\r\n}"'
Copy

Responses

200

Root Type for KioskResObj	object
numberOfSessions	int32	total number of scan sessions during the selected time period and based on the applied filters
numberOfFilesProcessed	int32
numberOfSessionsWithThreatsDetected	int32
numberOfThreatsFound	int32
numberOfFilesSanitized	int32
instances	array[object]	this array will be returned when groupBy is set to 'instances'
id	string
name	string
numberOfSessions	int32
numberOfFilesProcessed	int32
numberOfSessionsWithThreatsDetected	int32
numberOfThreatsFound	int32
numberOfFilesSanitized	int32

400

Bad Request

401

Unauthorized

500

Internal Server Error

Response

 
{ "numberOfSessions": 3, "numberOfFilesProcessed": 36, "numberOfSessionsWithThreatsDetected": 3, "numberOfThreatsFound": 13, "numberOfFilesSanitized": 5, "instances": [  {   "id": "MDMZhIzxPvr2Fx1qspktqY6JYwCQ17DA8XR",   "name": "MDMZhIzxPvr2Fx1qspktqY6JYwCQ17DA8XR",   "numberOfSessions": 2,   "numberOfFilesProcessed": 20,   "numberOfSessionsWithThreatsDetected": 2,   "numberOfThreatsFound": 12,   "numberOfFilesSanitized": 0  },  {   "id": "MSCLKoY7nwNojbFGlYeqaldBrAqu6aLQ4ItQ",   "name": "MSCLKoY7nwNojbFGlYeqaldBrAqu6aLQ4ItQ",   "numberOfSessions": 1,   "numberOfFilesProcessed": 16,   "numberOfSessionsWithThreatsDetected": 1,   "numberOfThreatsFound": 1,   "numberOfFilesSanitized": 5  } ]}
Copy

Get Kiosk session detail

Auth

GET /o/pmp/v1/devices/{deviceId}/report/scan/{sessionId}

 
curl --get \ --url 'https://product.my.us.opswat.com/o/pmp/v1/devices/{deviceId}/report/scan/{sessionId}' \ --header 'Authorization: Bearer {token}'
Copy

Responses

200

Root Type for GetKioskSessionDetailReq	object
deviceId	string
sessionId	string
malwareInfected	int32
vulnerableApp	int32
exploitProtection	int32
malwareSandbox	int32
cooViolation	int32
privacyViolation	int32
skippedFile	int32

401

Unauthorized

500

Internal Server Error

Response

 
{ "deviceId": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD", "sessionId": "2C640579-8F66-4D57-A4E9-5A7EBF9BDB3A", "malwareInfected": 93, "vulnerableApp": 0, "exploitProtection": 0, "malwareSandbox": 0, "cooViolation": 0, "privacyViolation": 0, "skippedFile": 0}
Copy

Get Kiosk Detail

Auth

GET /o/pmp/v1/kiosk/devices/{deviceId}

 
curl --get \ --url 'https://product.my.us.opswat.com/o/pmp/v1/kiosk/devices/{deviceId}' \ --header 'Authorization: Bearer {token}'
Copy

Responses

200

Root Type for GetKioskDetailRes	object
deviceId	string
productType	string
deviceName	string
healthStatus	string
statusMessages	array[string]
modelId	string
hardwareVersionId	string
deviceType	string
agentVersion	string
isRequired	boolean
publicIp	string
location	string
groupId	string
groupName	string
policyId	string
groupPolicyId	string
groupPolicyName	string
lastSeen	int32
enrolledAt	int32
lastReport	int32
tags	array
coreInfo	object
coreDeploymentId	string
coreVersion	string
coreId	string
coreName	string
isCoreEnrolled	boolean
geolocation	object
coordinates	object
latitude	string
longitude	string
country	object
friendlyName	string
iso2Code	string
properties	object
biosVersion	string
hardware	object
manufacturer	string
model	string
serialNumber	string
network	array[object]
adapterName	string
ipv4	string
macAddress	string
hostName	string
kioskVersion	string
osInfo	string
hardenedImageVersion	string
configurationStatus	object
status	string
lastFetched	int32

401

Unauthorized

404

Not Found

500

Internal Server Error

Response

 
{ "deviceId": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD", "productType": "KIOSK", "deviceName": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD", "healthStatus": "500", "statusMessages": [  "Unknown" ], "modelId": "kiosk-mobile", "hardwareVersionId": "k2100-dell-7220", "deviceType": "kiosk", "agentVersion": "4.7.7.3797", "isRequired": true, "publicIp": "119.82.139.107", "location": "", "groupId": "KIOSKc886bc61-efff-4fdc-826a-21aa84cc6b6f", "groupName": "Default Kiosk Windows", "policyId": "", "groupPolicyId": "0350ec4e-95ce-4642-a0b2-c67259b551e5", "groupPolicyName": "Kiosk 4.7.5.3231", "lastSeen": 1755602542175, "enrolledAt": 1755601825203, "lastReport": 0, "tags": [], "coreInfo": {  "coreDeploymentId": "DEVICE_02",  "coreVersion": "5.15.0",  "coreId": "",  "coreName": "",  "isCoreEnrolled": false }, "geolocation": {  "coordinates": {   "latitude": "106.684879",   "longitude": "10.769970"  },  "country": {   "friendlyName": "Vietnam",   "iso2Code": "VN"  } }, "properties": {  "biosVersion": "1.6.0",  "hardware": {   "manufacturer": "Dell Inc.",   "model": "Latitude 5450",   "serialNumber": "46KR444"  },  "network": [   {    "adapterName": "Intel(R) Ethernet Connection (18) I219-LM",    "ipv4": "10.40.51.50",    "macAddress": "28:00:AF:60:4C:38"   }  ],  "hostName": "LE11-D9532",  "kioskVersion": "4.7.7.3797",  "osInfo": "Windows 11 Enterprise (24H2, Build 26100.4351)",  "hardenedImageVersion": "25.03.0" }, "configurationStatus": {  "status": "unknown",  "lastFetched": 0 }}
Copy

Get Kiosk List

Auth

GET /o/pmp/v1/kiosk/devices

 
curl --get \ --url 'https://product.my.us.opswat.com/o/pmp/v1/kiosk/devices' \ --header 'Authorization: Bearer {token}'
Copy

Responses

200

Root Type for GetKioskListRes	object
total	int32
items	array[object]
deviceID	string
deviceName	string
modelID	string
HardwareVersionID	string
deviceType	string
productType	string
os	string
username	string
groupName	string
location	string
version	string
localIP	string
lastSeen	int32
isRequired	boolean
healthStatus	string
statusMessages	array[string]
productStatus	string
scanSession	int32
tags	array
configurationStatus	object
status	string
lastFetched	int32
hardwareName	string
hardenedImageVersion	string
hardwareModel	string
hardwareSerialNumber	string
coreName	string
biosVersion	string

401

Unauthorized

500

Internal Server Error

Response

 
{ "total": 1, "items": [  {   "deviceID": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD",   "deviceName": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD",   "modelID": "kiosk-mobile",   "HardwareVersionID": "k2100-dell-7220",   "deviceType": "kiosk",   "productType": "KIOSK",   "os": "Windows 11 Enterprise (24H2, Build 26100.4351)",   "username": "",   "groupName": "Default Kiosk Windows",   "location": "",   "version": "4.7.7.3797",   "localIP": "10.40.51.50",   "lastSeen": 1755602542175,   "isRequired": true,   "healthStatus": "500",   "statusMessages": [    "Unknown"   ],   "productStatus": "Disconnected",   "scanSession": 0,   "tags": [],   "configurationStatus": {    "status": "",    "lastFetched": 0   },   "hardwareName": "Latitude 5450",   "hardenedImageVersion": "25.03.0",   "hardwareModel": "kiosk-mobile",   "hardwareSerialNumber": "46KR444",   "coreName": "DEVICE_02",   "biosVersion": "1.6.0"  } ]}
Copy