Posted on 08-15-2024 03:57 AM
Greetings all,
Until last JAMF Pro update i had no issue with the script below. But as of today, the script returning blank result without error. Any idea ?
APIUsername=""
APIuserpassword=""
JAMFServer=""
EAID1=69
JAMFAPIToken=$(curl -X POST -u $APIUsername:$APIuserpassword -s $JAMFServer/api/v1/auth/token | plutil -extract token raw -)
DeviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
curl -u $APIUsername:$APIuserpassword -H "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes | xpath -e \
"//*[id=$EAID1]/value/text()" 2>/dev/null
Solved! Go to Solution.
Posted on 08-19-2024 06:03 AM
i see that you use the basic authentication method for your API command, since version 11.5 it is no longer supported. try making your API cal with Bearer Token Authentication.
Posted on 08-19-2024 11:40 PM
You're right ! i missed that part. Now all fine.
APIUsername=""
APIuserpassword=""
JAMFServer=""
EAID1=69
JAMFAPIToken=$(curl -X POST -u $APIUsername:$APIuserpassword -s $JAMFServer/api/v1/auth/token | plutil -extract token raw -)
DeviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
curl -X GET -H "Authorization: Bearer $JAMFAPIToken" "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes | xpath -e \
"//*[id=$EAID1]/value/text()" 2>/dev/null
or better one :)
xmlquery=$(curl -X GET -H "Authorization: Bearer $JAMFAPIToken" "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes)
EAQuery=$(echo $xmlquery | xpath -e "//*[id=$EAID1]/value/text()" 2>/dev/null)
Posted on 08-19-2024 06:03 AM
i see that you use the basic authentication method for your API command, since version 11.5 it is no longer supported. try making your API cal with Bearer Token Authentication.
Posted on 08-19-2024 11:40 PM
You're right ! i missed that part. Now all fine.
APIUsername=""
APIuserpassword=""
JAMFServer=""
EAID1=69
JAMFAPIToken=$(curl -X POST -u $APIUsername:$APIuserpassword -s $JAMFServer/api/v1/auth/token | plutil -extract token raw -)
DeviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
curl -X GET -H "Authorization: Bearer $JAMFAPIToken" "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes | xpath -e \
"//*[id=$EAID1]/value/text()" 2>/dev/null
or better one :)
xmlquery=$(curl -X GET -H "Authorization: Bearer $JAMFAPIToken" "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes)
EAQuery=$(echo $xmlquery | xpath -e "//*[id=$EAID1]/value/text()" 2>/dev/null)
Posted on 08-20-2024 02:53 AM
Going forward, its best practice to use a function to get a token, one to check if the token is still valid and another to invalidate the token.
Then if you're doing multiple queries that might take longer than the timeout you set in the API Role, instead of getting a new token, you can check if its still valid and it will regen a new one if not. Then as part of the clean up, you invalidate it.
# JAMF Cloud details
jamf_url="${4:-}"
# API login details
client_id="${5:-}"
client_secret="${6:-}"
# Establish API token. API session is set in API client and roles section
get_access_token() {
response=$(/usr/bin/curl \
--silent \
--location \
--request POST "${jamf_url}/api/oauth/token" \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=${client_id}" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=${client_secret}")
current_epoch=$(date +%s)
access_token=$(echo "$response" | plutil -extract access_token raw -)
token_expires_in=$(echo "$response" | plutil -extract expires_in raw -)
token_expiration_epoch=$((+-1))
}
check_token_expiration() {
current_epoch=$(date +%s)
if [[ $token_expiration_epoch -ge $current_epoch ]]; then
echo "Current epoch time: $current_epoch"
echo "Token valid until the following epoch time: " "$token_expiration_epoch"
else
echo "No valid token available, getting new token"
get_access_token
fi
}
invalidate_token() {
responseCode=$(/usr/bin/curl \
-w "%{http_code}" \
-H "Authorization: Bearer ${access_token}" $jamf_url/api/v1/auth/invalidate-token \
-X POST \
-s -o /dev/null)
if [[ ${responseCode} == 204 ]]; then
echo "Token successfully invalidated"
access_token=""
token_expiration_epoch="0"
elif [[ ${responseCode} == 401 ]]; then
echo "Token already invalid"
else
echo "An unknown error occurred invalidating the token"
fi
}
# -----------------------------------------------------------------------------
# OPERATIONS
# -----------------------------------------------------------------------------
check_token_expiration
# Do some API queries
# Do some more that take longer than 60 seconds
check_token_expiration
# clean up
invalidate_token