diff --git a/config/configuration.sample.yml b/config/configuration.sample.yml
index 66d1895137..cf8954edfc 100644
--- a/config/configuration.sample.yml
+++ b/config/configuration.sample.yml
@@ -6,8 +6,6 @@ main:
     maintenance: false
     languages: []
     key: ''
-    api_require_ssl: true
-    api_token_header: false
     delete-account-require-email-confirmation: true
     database:
         host: 127.0.0.1
@@ -232,6 +230,10 @@ api_cors_paths: []
 session:
   idle: 0
   lifetime: 604800 # 1 week
+registry:
+    api-clients:
+        api_require_ssl: false
+        api_token_header_only: false
 crossdomain:
     site-control: 'master-only'
     allow-access-from:
diff --git a/docker/phraseanet/auto-install.sh b/docker/phraseanet/auto-install.sh
index fa77f9318c..6a8ce8ab12 100755
--- a/docker/phraseanet/auto-install.sh
+++ b/docker/phraseanet/auto-install.sh
@@ -52,7 +52,7 @@ bin/setup system:config set workers.queue.worker-queue.vhost /
 
 ## enable API and disable ssl on it
 /var/alchemy/Phraseanet/bin/setup system:config set registry.api-clients.api-enabled $PHRASEANET_API_ENABLED
-/var/alchemy/Phraseanet/bin/setup system:config set main.api_require_ssl $PHRASEANET_API_SSL
+/var/alchemy/Phraseanet/bin/setup system:config set registry.api-clients.api_require_ssl $PHRASEANET_API_SSL
 
 # set instance title
 bin/setup system:config set registry.general.title $PHRASEANET_PROJECT_NAME
diff --git a/lib/Alchemy/Phrasea/Controller/Api/OAuth2Controller.php b/lib/Alchemy/Phrasea/Controller/Api/OAuth2Controller.php
index 11dcf4e7f4..20768b4c23 100644
--- a/lib/Alchemy/Phrasea/Controller/Api/OAuth2Controller.php
+++ b/lib/Alchemy/Phrasea/Controller/Api/OAuth2Controller.php
@@ -282,7 +282,7 @@ class OAuth2Controller extends Controller
         /** @var PropertyAccess $config */
         $config = $this->app['conf'];
 
-        if ( ! $request->isSecure() && $config->get(['main', 'api_require_ssl'], true) == true) {
+        if ( ! $request->isSecure() && $config->get(['registry', 'api-clients', 'api_require_ssl'], true) == true) {
             throw new HttpException(400, 'This route requires the use of the https scheme: ' . $config->get(['main', 'api_require_ssl']), null, ['content-type' => 'application/json']);
         }
 
diff --git a/lib/Alchemy/Phrasea/Core/Version.php b/lib/Alchemy/Phrasea/Core/Version.php
index 79fe15eb4b..4afc5d48ea 100644
--- a/lib/Alchemy/Phrasea/Core/Version.php
+++ b/lib/Alchemy/Phrasea/Core/Version.php
@@ -16,7 +16,7 @@ class Version
     /**
      * @var string
      */
-    private $number = '4.1.1';
+    private $number = '4.1.2';
 
     /**
      * @var string
diff --git a/lib/classes/API/OAuth2/Adapter.php b/lib/classes/API/OAuth2/Adapter.php
index 4de6639d4d..0dd0d5bac4 100644
--- a/lib/classes/API/OAuth2/Adapter.php
+++ b/lib/classes/API/OAuth2/Adapter.php
@@ -537,7 +537,7 @@ class API_OAuth2_Adapter extends OAuth2
 
     public function verifyAccessToken($scope = null, $exit_not_present = true, $exit_invalid = true, $exit_expired = true, $exit_scope = true, $realm = null)
     {
-        $apiTokenHeader = $this->app['conf']->get(['main', 'api_token_header']);
+        $apiTokenHeader = $this->app['conf']->get(['registry', 'api-clients', 'api_token_header_only']);
 
         $useTokenHeader = $this->useTokenHeaderChoice($apiTokenHeader);
 
@@ -816,15 +816,13 @@ class API_OAuth2_Adapter extends OAuth2
     /**
      * Get the correct constante to call on Oauth2
      *
-     * @param $apiTokenHeader
+     * @param $apiTokenHeaderOnly
      * @return string
      */
-    private function useTokenHeaderChoice($apiTokenHeader)
+    private function useTokenHeaderChoice($apiTokenHeaderOnly)
     {
-        if ($apiTokenHeader === true) {
+        if ($apiTokenHeaderOnly === true) {
             return Oauth2::TOKEN_ONLY_IN_HEADER;
-        } elseif ($apiTokenHeader === false) {
-            return Oauth2::TOKEN_ONLY_IN_GETPOST;
         } else {
             return Oauth2::TOKEN_AUTO_FIND;
         }
diff --git a/lib/classes/patch/412.php b/lib/classes/patch/412.php
new file mode 100644
index 0000000000..150534df51
--- /dev/null
+++ b/lib/classes/patch/412.php
@@ -0,0 +1,76 @@
+<?php
+
+use Alchemy\Phrasea\Application;
+
+class patch_412 implements patchInterface
+{
+    /** @var string */
+    private $release = '4.1.2';
+
+    /** @var array */
+    private $concern = [base::APPLICATION_BOX];
+
+    /**
+     * Returns the release version.
+     *
+     * @return string
+     */
+    public function get_release()
+    {
+        return $this->release;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function concern()
+    {
+        return $this->concern;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function require_all_upgrades()
+    {
+        return false;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getDoctrineMigrations()
+    {
+        return [];
+    }
+
+    /**
+     * Apply patch.
+     *
+     * @param base $base The Application Box or the Data Boxes where the patch is applied.
+     * @param \Alchemy\Phrasea\Application $app
+     *
+     * @return boolean returns true if the patch succeed.
+     */
+    public function apply(base $appbox, Application $app)
+    {
+        // move api_require_ssl place in configuration.yml
+        if ($app['conf']->has(['main', 'api_require_ssl'])) {
+            $apiRequireSslValue = $app['conf']->get(['main', 'api_require_ssl']);
+            $app['conf']->remove(['main', 'api_require_ssl']);
+            $app['conf']->set(['registry', 'api-clients', 'api_require_ssl'], $apiRequireSslValue);
+        }
+
+        // change api_token_header place and name in configuration.yml
+        if ($app['conf']->has(['main', 'api_token_header'])) {
+            $apiTokenHeaderValue = $app['conf']->get(['main', 'api_token_header']);
+            $app['conf']->remove(['main', 'api_token_header']);
+            $app['conf']->set(['registry', 'api-clients', 'api_token_header_only'], $apiTokenHeaderValue);
+        }
+
+        // add svg in extension-mapping
+        if (!$app['conf']->has(['border-manager', 'extension-mapping', 'svg'])) {
+            $app['conf']->set(['border-manager', 'extension-mapping', 'svg'], 'image/svg+xml');
+        }
+    }
+}
diff --git a/lib/conf.d/configuration.yml b/lib/conf.d/configuration.yml
index 967446ee73..afede178b2 100644
--- a/lib/conf.d/configuration.yml
+++ b/lib/conf.d/configuration.yml
@@ -9,8 +9,6 @@ languages:
 main:
     maintenance: false
     key: ''
-    api_require_ssl: true
-    api_token_header: false
     database:
         host: 'sql-host'
         port: 3306
diff --git a/resources/ansible/roles/app/tasks/main.yml b/resources/ansible/roles/app/tasks/main.yml
index 9c00f7171e..0b1a3a05f7 100644
--- a/resources/ansible/roles/app/tasks/main.yml
+++ b/resources/ansible/roles/app/tasks/main.yml
@@ -50,7 +50,7 @@
     chdir: /vagrant/
 
 - name: Disable API SSL requirement
-  shell: php bin/setup system:config set main.api_require_ssl false
+  shell: php bin/setup system:config set registry.api-clients.api_require_ssl false
   args:
     chdir: /vagrant/
 
diff --git a/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration.yml b/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration.yml
index 33bd2ddb84..5db521725e 100644
--- a/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration.yml
+++ b/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration.yml
@@ -5,7 +5,6 @@ languages:
 main:
     maintenance: false
     key: ''
-    api_require_ssl: true
     delete-account-require-email-confirmation: true
     database:
         host: 'sql-host'