Client Credentials
Learn how client credentials can be used to interact with Jamf Pro APIs
Overview
Beginning in Jamf Pro Version 10.49.0, both the Classic and Jamf Pro APIs now support Client Credentials based authorization. This new authorization mechanism provides access exclusively to Jamf Pro APIs, helping secure the credentials of your Jamf Pro Administrators and access to the Jamf Pro user interface. For more information on this feature and how to generate credentials for use with the API, see the Jamf Pro documentation.
API Roles and Clients
Before interacting with the the API an API Client and API Role must be configured within Jamf Pro. API Roles are a collection of privileges, defining which API endpoints an API Client has access to. One or more API Roles can be assigned to an API Client, granting their cumulative privileges. Documentation on how to create API Roles and API Clients via the user interface can be found in the Jamf Pro documentation.
In addition to the user interface, API endpoints have been provided to interact with all components of API Roles and API Clients. See api-roles and api-integrations for more details. This is especially useful for associating multiple privileges with an API Role. The api-role-privileges endpoints can be used to lookup the available privileges. When paired with the Update API Role or Create API Role endpoints, multiple privileges can be easily associated with an API Role.
Access Tokens
Access tokens can be used to interact with API endpoints in both the Classic and Jamf Pro APIs. A client ID and client secret cannot be used to directly interface with API endpoints, other than to obtain an access token. Similar to obtaining a bearer token using a username and password, the client ID and client secret can be exchanged for a short lived access token. Below you will find a recipe which includes sample code for interacting with the API via client credentials.
Postman Collection
In addition to the recipe and sample code provided within the Jamf Pro documentation, we've created Postman collections for both the Jamf Pro API as well as the Classic API. You can get the Jamf Pro API collection using the link below:
To use either of these Postman collections, you will need to create an environment and specify environment variables as described in the charts below. Note, the collections are designed to function only with the use of environment variables, variables defined at the collection level are not supported. For more information on environments, see the Postman documentation.
Variable Name | Variable Description | Example Value |
---|---|---|
client_id | Client ID | 6cabf059-21c9-44d6-bbde-02898f7430dd |
client_secret | Client secret | dzmsPks-FwXpks80jhQGZZrAV3H2_ER0NAk91RE- xOBZvfghd98EM1hF9msfkanl |
baseUrl | Jamf Pro server URL, including /api base path | https://yourServer.jamfcloud.com/api |
The Postman collection for the Classic API can be found below.
Notice
The naming convention of the variable specifying the Jamf Pro server URL as well as their expected values differ between these two collections.
Variable Name | Variable Description | Example Value |
---|---|---|
client_id | Client ID | 6cabf059-21c9-44d6-bbde-02898f7430dd |
client_secret | Client secret | dzmsPks-FwXpks80jhQGZZrAV3H2_ER0NAk91RE- xOBZvfghd98EM1hF9msfkanl |
url | Jamf Pro server URL (excludes base path) | https://yourServer.jamfcloud.com |
Updated about 1 year ago