HomeGuidesRecipesAPI ReferenceChangelog
Log In
Guides

Client Credentials

Learn how client credentials can be used to interact with Jamf Pro APIs

Overview

Beginning in Jamf Pro Version 10.49.0, both the Classic and Jamf Pro APIs now support Client Credentials based authorization. This new authorization mechanism provides access exclusively to Jamf Pro APIs, helping secure the credentials of your Jamf Pro Administrators and access to the Jamf Pro user interface. For more information on this feature and how to generate credentials for use with the API, see the Jamf Pro documentation.

API Roles and Clients

Before interacting with the the API an API Client and API Role must be configured within Jamf Pro. API Roles are a collection of privileges, defining which API endpoints an API Client has access to. One or more API Roles can be assigned to an API Client, granting their cumulative privileges. Documentation on how to create API Roles and API Clients via the user interface can be found in the Jamf Pro documentation.

In addition to the user interface, API endpoints have been provided to interact with all components of API Roles and API Clients. See api-roles and api-integrations for more details. This is especially useful for associating multiple privileges with an API Role. The api-role-privileges endpoints can be used to lookup the available privileges. When paired with the Update API Role or Create API Role endpoints, multiple privileges can be easily associated with an API Role.

📘

Notice

Adding or removing an API Role from an existing API Client requires that the client secret be rotated for the changes to take effect. Adding or removing a privilege from an API Role will immediately take effect for all newly generated access tokens, without the need to rotate the client secret.

Access Tokens

Access tokens can be used to interact with API endpoints in both the Classic and Jamf Pro APIs. A client ID and client secret cannot be used to directly interface with API endpoints, other than to obtain an access token. Similar to obtaining a bearer token using a username and password, the client ID and client secret can be exchanged for a short lived access token. Below you will find a recipe which includes sample code for interacting with the API via client credentials.

Postman Collection

In addition to the recipe and sample code provided within the Jamf Pro documentation, we've created Postman collections for both the Jamf Pro API as well as the Classic API. You can get the Jamf Pro API collection using the link below:

Run in Postman

To use either of these Postman collections, you will need to create an environment and specify environment variables as described in the charts below. Note, the collections are designed to function only with the use of environment variables, variables defined at the collection level are not supported. For more information on environments, see the Postman documentation.

Variable NameVariable DescriptionExample Value
client_idClient ID6cabf059-21c9-44d6-bbde-02898f7430dd
client_secretClient secretdzmsPks-FwXpks80jhQGZZrAV3H2_ER0NAk91RE-
xOBZvfghd98EM1hF9msfkanl
baseUrlJamf Pro server URL, including /api base pathhttps://yourServer.jamfcloud.com/api

The Postman collection for the Classic API can be found below.

Run in Postman

📘

Notice

The naming convention of the variable specifying the Jamf Pro server URL as well as their expected values differ between these two collections.

Variable NameVariable DescriptionExample Value
client_idClient ID6cabf059-21c9-44d6-bbde-02898f7430dd
client_secretClient secretdzmsPks-FwXpks80jhQGZZrAV3H2_ER0NAk91RE-
xOBZvfghd98EM1hF9msfkanl
urlJamf Pro server URL (excludes base path)https://yourServer.jamfcloud.com