5. Developer Guide

This section of the user guide describes how you can programmatically interact with the MetaDefender for Secure Storage REST API. Below are some common tasks that can be done using the available REST APIs:

  • Authenticate to obtain a JSON Web Token (JWT)

  • Start or stop a process (scan)

  • Add / remove storage units

  • Process (scan) a single file from a storage unit

About this REST API

The exposed endpoint is located by default at http://md-storage-server/api/ (for example, the authentication endpoint is available at http://md-storage-server/api/user/authenticate). All requests are handled by the NGINX web server before being proxied to the backend API Gateway service.

All endpoints perform authentication and authorization checks. For these checks to succeed, a valid token should be presented in the Authorization header in the form of Bearer <JWT token>.

Please note that all issued tokens have a timestamp and signature associated in order to prevent long-term usage without re-authentication. The lifespan of the token is currently set to 60 minutes, meaning you will have to request a new token before it expires in order to avoid error responses.

Interactive API documentation

This user guide provides advanced documentation only for a small number of APIs. For a complete list of APIs please check out our Swagger generated documentation at http://md-storage-server/api/docs.

The documentation provides examples and description of requests and responses that are always up-to-date. Even more, it has support for executing live requests against the server for you to get familiar with the REST API endpoints.