diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index e58ebf7d280..a6f48df1026 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -457,6 +457,22 @@ class Documents extends DolibarrApi
 
 			$upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
 		}
+		elseif ($modulepart == 'categorie' || $modulepart == 'category')
+		{
+			require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
+
+			if (!DolibarrApiAccess::$user->rights->categorie->lire) {
+				throw new RestException(401);
+			}
+
+			$object = new Categorie($this->db);
+			$result = $object->fetch($id, $ref);
+			if (!$result) {
+				throw new RestException(404, 'Category not found');
+			}
+
+			$upload_dir = $conf->categorie->multidir_output[$object->entity].'/'.get_exdir($object->id, 2, 0, 0, $object, 'category').$object->id."/photos/".dol_sanitizeFileName($object->ref);
+		}
 		else
 		{
 			throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php
index 1b619acfeb7..7b47c59dbb7 100644
--- a/htdocs/api/class/api_setup.class.php
+++ b/htdocs/api/class/api_setup.class.php
@@ -1426,7 +1426,7 @@ class Setup extends DolibarrApi
     		throw new RestException(403, 'Error API open to admin users only or to the login user defined with constant API_LOGIN_ALLOWED_FOR_ADMIN_CHECK');
     	}
 
-    	if (! preg_match('/[^a-zA-Z0-9_]/', $confname) || ! isset($conf->global->$confname)) {
+    	if (! preg_match('/^[a-zA-Z0-9_]+$/', $confname) || ! isset($conf->global->$confname)) {
     		throw new RestException(500, 'Error Bad or unknown value for constname');
     	}
     	if (preg_match('/(_pass|password|secret|_key|key$)/i', $confname)) {