This API is currently in private beta. A public beta will be announced in the future along with information on how to participate.
Overview
This article will walk through the workflow of configuring and enabling all necessary items to allow you to interact with Jamf's Platform API.
Jamf Account
Configuration of environments and generation of credentials is handled within Jamf Account. If you do not already have an account, make sure to register with the email address that Jamf has on file for your organization, or reach out to your organization administrator to get your user added.
Environments
Environments are a collection of one or more tenants from one or more Jamf Products. Since the Platform API spans multiple Jamf products, a method of organizing which tenants a particular set of credentials is valid for must be created; these will be referred to as environments.
Notice
At this time, environments are only applicable to the Unified Inventory API which is capable of returning data from Jamf Pro and Jamf Protect, or Jamf School and Jamf Protect.
-
Login to Jamf Account.
-
Select Environments from the left pane.
-
Click Create a new environment from the top right.
-
Provide a name and select the region and environment type from the available drop down options.
-
Click Next: Select tenants and choose the tenants to include within the environment.
-
Click Save
This environment will now be available for use when generating credentials to interact with the API.
Credentials
Credentials are comprised of a client_id and client_secret and are used to authenticate to the API using the OAuth 2.0 Client Credentials grant type. Within Jamf Account, additional details, including the URL for which the set of credentials can be authenticated against as well as a sample curl request are provided. Follow the instructions below to create a set of credentials.
- Login to Jamf Account.
- Select APIs from the left pane and APIs from the sub-menu.
- Click Create Credential next to the API for which you'd like to interact with.
- Provide the Name, Region, API and Environment then click Create Credential.
- Select Credentials from the left pane.
- Click Get Credentials to view the Client ID, Client Secret, and Token URL.
The details available within Step 6 can be used to obtain an access token to be passed as a bearer token via the Authorization header. First, obtain the access token using the sample curl request provided in Step 6, similar to the following:
curl --request POST \
--url https://exampleServer.com/auth/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=SampleID' \
--data-urlencode 'client_secret=SampleSecret'
The server will respond similar to the following:
{
"access_token": "redactedAccessTokenValue",
"expires_in": 900,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "default-plan tenant-environment devices-inventory-product.read"
}
The access_token can now be used for 900 seconds to interact with endpoints within the API for which you generated the credentials for. Below is a sample request to the Unified Inventory API.
curl --location 'https://exampleServer.com/v1/computers?page=0&page-size=100&filter=' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer redactedAccessTokenValue'