Help

Creating an Authorization Token With JAMF Pro API - Help would be greatly appreciated

menashehertz
New Contributor II

Posted on ‎07-14-2019 07:37 PM

I'm trying to use JAMF Pro API. In order to use it is required to generate an authentication token that will be passed with request.
I am coding this in Swift for an App. I have done this successfully with Classic API but can’t get it to work in JAMF Pro API I am having difficulty generating this authentication token and have not found documentation to help.

Here is what I did find.

  • Thread that gives a basic outline of how it is done. discussion

  • In the discussion this is how it said that it should be done.

We're working to get some official documentation up on the Developer Portal for the Jamf Pro API. In the meantime, you can request a token by sending a POST to _uapi_auth/tokens with the header “Authorization: Basic YOUR_CREDENTIALS” where YOUR_CREDENTIALS is base64 encoded credentials for an appropriate Jamf Pro server account. You'll receive a response back containing a token and an expiration epoch. You can use the generated token to make calls to any other Jamf Pro API endpoint by including it in a header using the format “Authorization: jamf-token <TOKEN_VALUE>”.

I followed the instructions

  • Do a POST request
  • The url is https://xxxeval.jamfcloud.com/uapi/auth/tokens
  • I did the Authorization: Basic YOUR_CREDENTIALS” where YOUR_CREDENTIALS is base64 encoded credentials for an appropriate Jamf Pro server account.

Here is the Swift code

let credentialData = "(user):(password)".data(using: String.Encoding.utf8)!
let base64Credentials = credentialData.base64EncodedString()

let sessionConfig = URLSessionConfiguration.default
let session = URLSession(configuration: sessionConfig, delegate: nil, delegateQueue: nil)

guard let url = URL(string: "https://xxxeval.jamfcloud.com/uapi/auth/tokens") else {return}
var request = URLRequest(url: url)
request.httpMethod = "POST"
request.addValue("Authorization: Basic (base64Credentials)", forHTTPHeaderField: "Authorization")

I get back a 401 - Authentication failed. Verify the credentials being used for the request.

If anyone can help with a working example or point me where I can find documentation or just offer some information, I would greatly appreciate it.

As it is now I am at my wits end.

Thanks

Labels:
10 REPLIES 10

talkingmoose
Moderator
Moderator

Posted on ‎07-15-2019 07:01 AM

I have a GitHub gist that may help. It’s for using curl, but you may find it useful.

https://gist.github.com/talkingmoose/327427d23b422000f9d17183f8ef1d22

menashehertz
New Contributor II

Posted on ‎07-15-2019 11:31 AM

@talkingmoose Thanks for sharing.

I now have a starting point to substitute my info and see if I get back a token.

0 Kudos

jphillips
Release Candidate Programs Tester

Posted on ‎07-15-2019 02:16 PM

@talkingmoose Thanks for the script.. I've just started messing around with API'ing prestige assignments and this helps immensely.

I am having an issue though: after inputting my own details I'm getting back a 404 from script. At /uapi/doc, under the get prestige by ID, I input the ID of the prestage and clicked Try it out. I still get a 404 that it can't be found, however the response body comes back as successfully and lists all of the prestage's correct information (so it does exist). Running 10.13 on cloud.

Is there a bug I'm not aware of with this 404?

0 Kudos

talkingmoose
Moderator
Moderator

Posted on ‎07-15-2019 03:36 PM

@jphillips, a 404 means content can’t be found. Since you’re not receiving a 401, which means not authorized, you’re probably authenticating just fine but there’s a problem in your URL (maybe a misspelling or you’re using the wrong ID) or you may be requesting XML when you need to request JSON.

Which endpoint are you trying to use?

0 Kudos

jphillips
Release Candidate Programs Tester

Posted on ‎07-16-2019 04:05 AM

@talkingmoose Nevermind.. I just realized my idiocy: the endpoint /mobile-device-prestages/id/scope does not exist on 10.13.

0 Kudos

nanfay
New Contributor III

Posted on ‎03-06-2020 01:40 PM

@talkingmoose Thanks for sharing - that was huge help. I had about 1900 iPads that needed to be moved from one PreStage into multiple PreStages, and the names are all based by serial number so very tedious if I hadn't been able to script it. Your gist gave me the starting point I needed. Project completed - Happy Friday!

eaititig
New Contributor III

Posted on ‎06-16-2021 11:39 PM

Yeah, I'm trying to do the same thing. I can use the Classic API with curl/PHP but I want to write an iOS app in Swift and I can't get that token ... so failed at the first step. I get 401 when using the base64 of the username:password as Basic Auth

Maybe the API doesn't work on cloud instances?!?

0 Kudos

jphillips
Release Candidate Programs Tester

Posted on ‎06-17-2021 04:24 AM

The API works fine with Swift and Cloud instances as we have been using it extensively since this thread. The thing that really helped me figure out how it all worked was to look at MUT's open-source code and how it retrieved the token: https://github.com/mike-levenick/mut

0 Kudos

user-AbzzTNbfcS
New Contributor

Posted on ‎06-18-2021 05:50 AM

Special characters are not supported in the passwords when using the API. i got this response from JAMF support.

0 Kudos

leslie
Contributor II
Contributor II

Posted on ‎06-18-2021 07:01 AM

Special characters are fine. Depending on the language you're coding in you may need to manually encode them.

0 Kudos