Manualshelf

CLI Reference Guide

ManualsBrandsHP ManualsSolutionsHP Embedded Capture
12345678910
2 API security
To avoid unauthorized access, all API calls can be password protected by the administrator. Protecting the
API guarantees that the MFP cannot be accessed by any client PC or application that does not know the
credentials to execute the API calls.
NOTE: It is highly recommended that the API be protected by setting the access control password.
2.1 Administrator and API accounts
2.1.1 Admin account
The admin account corresponds with the device administrator account credentials (admin). An MFP device
needs to be protected with an administrator password so that advanced options, network settings, etc...
(embedded webserver) can be accessed.
The administrator completes the following operations during the installation and normal setup of Embedded
Capture:
setButton
removeButton
setApiPassword
put (silent mode)
resetSolution
It is, however, recommended that a different password be used for standard API calls. This is explained in the
following sections.
2.1.1.1 “apiuser” user account
Setting up this account is optional, but highly recommended. Though once set, it is required for all API
operations except the ones specified above (setButton, removeButton, setApiPassword, put (silent mode),
resetSolution).
2.1.2 Using the API without authentication
If authentication is not used on the API, certain operations still require setup using an administrator
password. This is due to the following standard device usage constraints:
setButton, removeButton, resetSolution:
Administrator user/password is required for execution of these calls. When the solution is installed
from the administrator console, a default button is created, and this password is already used in a
transparent way for the administrator (specified on the device list).
putSilent:
Administrator user/password is required to execute this call. Once the solution is installed, the
administrator password is remembered by HP Embedded Capture. This is to avoid having to specify a
password on the API "put (silent mode)" calls. If the device administrator password is changed, the
Embedded Capture “cached” password must be refreshed using ONE of the following two options:
Section 2.1 Administrator and API accounts 3