API result return as blank

EmreU
New Contributor III

 

Greetings all,

Until last JAMF Pro update i had no issue with the script below. But as of today, the script returning blank result without error. Any idea ? 

 

 

APIUsername=""
APIuserpassword=""
JAMFServer="" 
EAID1=69
JAMFAPIToken=$(curl -X POST -u $APIUsername:$APIuserpassword -s $JAMFServer/api/v1/auth/token | plutil -extract token raw -)
DeviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')


curl -u $APIUsername:$APIuserpassword -H "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes | xpath -e \
	"//*[id=$EAID1]/value/text()" 2>/dev/null

 

2 ACCEPTED SOLUTIONS

ivanlovisi
Contributor

i see that you use the basic authentication method for your API command, since version 11.5 it is no longer supported. try making your API cal with Bearer Token Authentication.

View solution in original post

EmreU
New Contributor III

You're right ! i missed that part. Now all fine. 

APIUsername=""
APIuserpassword=""
JAMFServer="" 
EAID1=69
JAMFAPIToken=$(curl -X POST -u $APIUsername:$APIuserpassword -s $JAMFServer/api/v1/auth/token | plutil -extract token raw -)
DeviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')

curl -X GET -H "Authorization: Bearer $JAMFAPIToken" "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes | xpath -e \
"//*[id=$EAID1]/value/text()" 2>/dev/null

or better one :)

xmlquery=$(curl -X GET -H "Authorization: Bearer $JAMFAPIToken" "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes)
EAQuery=$(echo $xmlquery | xpath -e "//*[id=$EAID1]/value/text()" 2>/dev/null)

View solution in original post

3 REPLIES 3

ivanlovisi
Contributor

i see that you use the basic authentication method for your API command, since version 11.5 it is no longer supported. try making your API cal with Bearer Token Authentication.

EmreU
New Contributor III

You're right ! i missed that part. Now all fine. 

APIUsername=""
APIuserpassword=""
JAMFServer="" 
EAID1=69
JAMFAPIToken=$(curl -X POST -u $APIUsername:$APIuserpassword -s $JAMFServer/api/v1/auth/token | plutil -extract token raw -)
DeviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')

curl -X GET -H "Authorization: Bearer $JAMFAPIToken" "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes | xpath -e \
"//*[id=$EAID1]/value/text()" 2>/dev/null

or better one :)

xmlquery=$(curl -X GET -H "Authorization: Bearer $JAMFAPIToken" "Accept: application/xml" $JAMFServer/JSSResource/computers/serialnumber/$DeviceSerialNumber/subset/extension_attributes)
EAQuery=$(echo $xmlquery | xpath -e "//*[id=$EAID1]/value/text()" 2>/dev/null)

Going forward, its best practice to use a function to get a token, one to check if the token is still valid and another to invalidate the token.

Then if you're doing multiple queries that might take longer than the timeout you set in the API Role, instead of getting a new token, you can check if its still valid and it will regen a new one if not. Then as part of the clean up, you invalidate it.

 

# JAMF Cloud details
jamf_url="${4:-}"

# API login details
client_id="${5:-}"
client_secret="${6:-}"

# Establish API token. API session is set in API client and roles section
get_access_token() {
    response=$(/usr/bin/curl \
        --silent \
        --location \
        --request POST "${jamf_url}/api/oauth/token" \
        --header "Content-Type: application/x-www-form-urlencoded" \
        --data-urlencode "client_id=${client_id}" \
        --data-urlencode "grant_type=client_credentials" \
        --data-urlencode "client_secret=${client_secret}")
    current_epoch=$(date +%s)
    access_token=$(echo "$response" | plutil -extract access_token raw -)
    token_expires_in=$(echo "$response" | plutil -extract expires_in raw -)
    token_expiration_epoch=$((+-1))
}

check_token_expiration() {
    current_epoch=$(date +%s)
    if [[ $token_expiration_epoch -ge $current_epoch ]]; then
        echo "Current epoch time: $current_epoch"
        echo "Token valid until the following epoch time: " "$token_expiration_epoch"
    else
        echo "No valid token available, getting new token"
        get_access_token
    fi
}

invalidate_token() {
    responseCode=$(/usr/bin/curl \
        -w "%{http_code}" \
        -H "Authorization: Bearer ${access_token}" $jamf_url/api/v1/auth/invalidate-token \
        -X POST \
        -s -o /dev/null)

    if [[ ${responseCode} == 204 ]]; then
        echo "Token successfully invalidated"
        access_token=""
        token_expiration_epoch="0"
    elif [[ ${responseCode} == 401 ]]; then
        echo "Token already invalid"
    else
        echo "An unknown error occurred invalidating the token"
    fi
}

# -----------------------------------------------------------------------------
# OPERATIONS
# -----------------------------------------------------------------------------

check_token_expiration

# Do some API queries
# Do some more that take longer than 60 seconds

check_token_expiration

# clean up
invalidate_token