Setting Basic and NTLM authentication options for scanning an application

This REST service will set the user credentials to log in to a website that uses Basic or NTLM authentication. The password is encoded before it is saved in the database, but it is received in clear text. Call this REST service over HTTPS and use a test user account during the manual explore to prevent usernames and passwords from appearing in clear text in the Enterprise Console interface.

HTTP method

POST

GET

Service format

To set the username for authentication: /services/folderitems/<fiid>/options/esCOTHttpUser.

To set the password for authentication: /services/folderitems/<fiid>/options/esCOTHttpPassword.

To enable/disable authentication: /services/folderitems/<fiid>/options/ebCOTHttpAuthentication.

Query string parameters

None

POST data

Content-Type: application/x-www-form-urlencoded

Enter the 'value=<option value>' in the body of the request:

For esCOTHttpUser: value=<username>
For esCOTHttpPassword: value=<Clear Text Password>
For ebCOTHttpAuthentication: value=<1 (enable) or 0 (disable)>

Returns

With the GET method:

"esCOTHttpUser" returns option value
"ebCOTHttpAuthentication" returns option value
The GET method is not provided for "esCOTHttpPassword". If invoked, it returns a 404 error

Refer to documented schema for more details.