This article describes the changes to the authentication mechanisms supported by the Classic API, beginning in version 10.35.0 of Jamf Pro, as well as recommendations on how to update your tools or applications to support these changes.
Beginning in version 10.35.0 of Jamf Pro, the Classic API now accepts Bearer Token authentication. Tokens can be obtained from the Jamf Pro API using the /v1/auth/tokens endpoint. Please refer to the Jamf Pro API Overview documentation for more details on interacting with the Jamf Pro API.
As of version 10.35.0, multiple versions of authentication endpoints are supported by Jamf Pro, some of which have been deprecated and will be removed at a future date. When updating applications to support Bearer Token authentication, ensure that you use the latest version of the authentication endpoints. More information about endpoint deprecations can be found here.
Basic authentication in the Classic API will no longer be enabled by default for new Jamf Pro instances (targeted for release in 10.42) for enhanced security. Support for Basic authentication will be removed in a future release. Jamf will provide additional information at a later date. To disable Basic authentication before support is removed, navigate to Settings > Jamf Pro User Accounts & Groups > Password Policy and deselect the Allow Basic authentication in addition to Bearer Token authentication checkbox.
Attempting to interact with a Jamf Pro environment that has disabled support for Basic authentication will result in a 401 Unauthorized response. It is worth noting that this response is no different than the response received when using invalid credentials to interact with the Classic API via Basic authentication.
Jamf recommends providing backwards compatibility for your applications that interface with the Classic API. By implementing a version check of Jamf Pro, your application can determine whether Bearer Token authentication is supported (v10.35.0 or later) or if use of Basic authentication is required (v10.34.0 and earlier). The jamf-pro-version endpoint within the Jamf Pro API returns the version of the Jamf Pro Server, to help your application determine authentication compatibility with a given Jamf Pro Server. Jamf recommends including a preference to allow users to select the authentication schema based on their environment configuration or dynamically determining which authentication mechanism to use based on the Jamf Pro Server version.
In addition to the recommendations provided above, Jamf has updated the Classic API Postman Collection to now default to the use of Bearer Token authentication. Older versions of the collection will continue to be available for interaction with environments not yet upgraded to 10.35.0 or later, however the new collection will default to using Bearer Token authentication.
Updated 5 months ago