![]() # If you do not want to hardcode API information into the script, you can also store Overview. Name Identifier - Select "Email" from the dropdown menu. Send grants permission to send mail on behalf of the signed-in user. To access the landing page, append /api to your Jamf Pro URL. The reporting and web APIs are individually versioned. If you plan to use an API client to integrate with Jamf Use the steps below to generate an encoded set of credentials for access to API endpoints. This procedure provides JAMF/JSS configuration instructions for the clients installed in AD controlled macOS devices. Copy the API client password for later use. This plugin uses the Jamf Pro API to get and manage user and device information. These REST API endpoints enable you to get alert, event, and client data, manage quarantine and legal hold files, update hash file and URL lists, and perform several other functions. # jamfpro_user="" # Set the username here if you want it hardcoded. This collection is provided to assist Jamf Pro users of the Classic API. Jamf Software's Jamf Pro server (JPS) provides an Application Programming Interface, or API, to interact with the JPS database.Clone via HTTPS Clone with Git or checkout with SVN using the repository’s web address. Token=$( /usr/bin/osascript -l 'JavaScript' -e "JSON.parse(\`$jsonresponse\`).Jamf api url. Jsonresponse=$( /usr/bin/curl -s "$" -X POST | tr -d "\n" ) Jss_url=$( /usr/bin/defaults read /Library/Preferences/ jss_url ) Finally we’ll use the tr command to remove ALL the line feeds from the output. I’m going to put in some extra code to find our Jamf Pro address too. Next step will be to use it to get a bearer token for our use. ~ % printf "username:password" | iconv -t ISO-8859-1 | base64 -i. In this example I’ll be using username and password for … username and password. Let’s start with doing a base64 encode of your credentials. As an added security measure, your access credentials in Jamf ARE scoped only to the task you’re performing right? ? Quick note: the tokens have an expiry but it’s just good practice to invalidate them after use especially if your operations are quick. Use the token for the operations you need.Separate the token from the rest of the output.Feed that to a specific API endpoint to obtain a bearer token.base64 encode your existing API credentials.curl -u username:password -X GET "" -H "accept: application/xml" I would highly recommend reading this first.Īs mentioned above, the original method was to supply a username and password with your curl command to authenticate. Matthew Warren has discovered a way of doing JSON with native tools, it’s just the tool is JavaScript. This is where we have to stand on the shoulders of giants. What about jq? Oh great, having to obtain and mass deploy a CLI tool to use infrequently and then deal with it’s upkeep. (We’ll come back to this).īut aha I hear you cry! What about perl? What about Python? True these do have support but … they’re going away from macOS and you get warnings trying to use them in macOS Monterey. That’s all well and good but macOS doesn’t really have native tools for JSON. The full move to JSON is pitched at using a platform agnostic type standard. The endpoint changes mostly result in methods having to be rethought and reworked but the JSON only? AARGH. ![]() In order, dealing with a lack of Basic auth is awkward but not insurmountable. You now have to work entirely with JSON input and output.All the API endpoints have changed names, changed behaviors and in some cases disappeared altogether.The old method of submitting a username and password is horrifically insecure so a newer method with access tokens is in place. ![]() Now this comes with some big caveats and I’m going to list the ones I’ve found here: You can find more in depth details here but you can also find a sandbox environment on your own Jamf Pro server by using /api at the end of the URL. To solve this and other issues, Jamf has been busy building a newer API on a more modern underpinning. Oracle Java would give you xml every time, OpenJDK gave JSON and don’t even ask about Corretto… curl -X GET "" -H "accept: application/xml" There were always issues such as having to explicitly specify the type of output in the curl command because different installed Java on the server behaved differently. All of Jamf’s love and attention is focussed on the newer “Jamf Pro” one and while at the time of writing the “Classic” still works, I’ve noticed it becoming a touch flaky over time. Jamf Pro has two API’s that are accessible for administrators, the “Classic” and the “Jamf Pro”. New and shiny appears nice but there are pitfalls!
0 Comments
Leave a Reply. |