API Reference
Start typing to search…

Getting Started

📘

This API is currently in private beta. A public beta will be announced in the future along with information on how to participate.

Overview

This article will walk through the workflow of configuring and enabling all necessary items to allow you to interact with Jamf's Platform API.

Jamf Account

Configuration of environments and generation of credentials is handled within Jamf Account. If you do not already have an account, make sure to register with the email address that Jamf has on file for your organization, or reach out to your organization administrator to get your user added.

Environments

Environments organize and manage access across multiple Jamf product instances. Since the Platform API integrates with various Jamf products, environments provide a structured way to define which product instances your credentials can access, ensuring proper authorization and scope management across your entire Jamf ecosystem.

Credentials

Credentials are comprised of a client_id and client_secret and are used to authenticate to the API using the OAuth 2.0 Client Credentials grant type. Within Jamf Account, additional details, including the URL for which the set of credentials can be authenticated against as well as a sample curl request are provided. Follow the instructions below to create a set of credentials.

  1. Login to Jamf Account.
  2. Select APIs from the left pane and APIs from the sub-menu.
  3. Click Create Credential next to the API for which you'd like to interact with.
  4. Provide the Name, Region, API and Environment then click Create Credential.
  5. Select Credentials from the left pane.
  6. Click Get Credentials to view the Client ID, Client Secret, and Token URL.

The details available within Step 6 can be used to obtain an access token to be passed as a bearer token via the Authorization header. First, obtain the access token using the sample curl request provided in Step 6, similar to the following:

curl --request POST \
	--url https://us.apigw.jamf.com/auth/token \
	--header 'Content-Type: application/x-www-form-urlencoded' \
	--data-urlencode 'grant_type=client_credentials' \
	--data-urlencode 'client_id=SampleID' \
  --data-urlencode 'client_secret=SampleSecret'

The server will respond similar to the following:

{
  "access_token": "redactedAccessTokenValue",
  "expires_in": 900,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "default-plan tenant-environment devices-inventory-product.read"
}

The access_token can now be used for 900 seconds to interact with endpoints within the API for which you generated the credentials for. Below is a sample request to the Unified Inventory API.

curl --location 'https://exampleServer.com/v1/computers?page=0&page-size=100&filter=' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer redactedAccessTokenValue'