API Account Permissions for File Attachments

PhillyPhoto
Valued Contributor

I'm trying to utilize a script that will upload a file as an attachment to a computer. I'm trying to figure out the minimum necessary permissions to accomplish this. I used an admin account and was able to upload fine, but when I try to use a lower-privileged account, I get an HTTP 502 response code from the CURL command.

Some of the permissions I think might be related already are:
- Allowed File Extensions (Read)
- API Integrations (Read)
- Computers (Read, Update)
- File Attachments (Create, Read, Update, Delete)

I can't find anything in the admin guide or on the API page

2 REPLIES 2

gabester
Contributor III

Strangely, you need the ONLY the CREATE permission for Computers for this particular API call to work. Nothing else.

curl -su "api_user1:pass" https://jss.url/JSSResource/fileuploads/computers/id/# -F "name=@/localcomputer/path/to/file" -X POST

fileupload_api_computer_create_only.png

Now I'd like to know how to delete all those attachments with the API to reduce DB bloat. 

check out this script 

#!/usr/bin/env bash

# Script to delete all the attachment on a single device.
# Created by macstuff.dev - Melwin Moeskops 
#
# Will delete from 1 till 450 with a sleep to keep the server from being overloaded.

# --------------    edit the variables below this line    ----------------

# API username
username=""

# API password
password=""

# JSS URL without trailing slash
jamfProURL="https://url.jamfcloud.com"

# Device ID (Example where to find: https://URL.jamfcloud.com/computers.html?id=2523&o=r) ID 2523 in example.
deviceID="2227"

# ------------------  do not edit below this line  -------------------

# Create base64-encoded credentials
encodedCredentials=$( printf "${username}:${password}" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - )

# Generate an authorization bearer token
authToken=$( /usr/bin/curl "${jamfProURL}/uapi/auth/tokens" --silent --request POST --header "Authorization: Basic ${encodedCredentials}" )

# Clean up token to omit expiration details
token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "${authToken}" | /usr/bin/xargs )

# Start deletion loop (adjust 450 to desired amount)
for attachmentId in {1..450}
  do
    # Wait 1 second to prevent the server from overloading
  sleep 1
  # Delete attachement
  curl -X DELETE "${jamfProURL}/api/v1/computers-inventory/${deviceID}/attachments/${attachmentId}" -H "accept: */*" -H "Authorization: Bearer ${token}"
done

# Expire our authorization token
curl "${jamfProURL}/uapi/auth/invalidateToken" \
--silent \
--request POST \
--header "Authorization: Bearer ${token}"

exit 1