Creating an Authorization Token With JAMF Pro API - Help would be greatly appreciated

menashehertz
New Contributor II

I'm trying to use JAMF Pro API. In order to use it is required to generate an authentication token that will be passed with request.
I am coding this in Swift for an App. I have done this successfully with Classic API but can’t get it to work in JAMF Pro API I am having difficulty generating this authentication token and have not found documentation to help.

Here is what I did find.

  • Thread that gives a basic outline of how it is done. discussion

  • In the discussion this is how it said that it should be done.

We're working to get some official documentation up on the Developer Portal for the Jamf Pro API. In the meantime, you can request a token by sending a POST to _uapi_auth/tokens with the header “Authorization: Basic YOUR_CREDENTIALS” where YOUR_CREDENTIALS is base64 encoded credentials for an appropriate Jamf Pro server account. You'll receive a response back containing a token and an expiration epoch. You can use the generated token to make calls to any other Jamf Pro API endpoint by including it in a header using the format “Authorization: jamf-token <TOKEN_VALUE>”.

I followed the instructions

  • Do a POST request
  • The url is https://xxxeval.jamfcloud.com/uapi/auth/tokens
  • I did the Authorization: Basic YOUR_CREDENTIALS” where YOUR_CREDENTIALS is base64 encoded credentials for an appropriate Jamf Pro server account.

Here is the Swift code

let credentialData = "(user):(password)".data(using: String.Encoding.utf8)!
let base64Credentials = credentialData.base64EncodedString()

let sessionConfig = URLSessionConfiguration.default
let session = URLSession(configuration: sessionConfig, delegate: nil, delegateQueue: nil)

guard let url = URL(string: "https://xxxeval.jamfcloud.com/uapi/auth/tokens") else {return}
var request = URLRequest(url: url)
request.httpMethod = "POST"
request.addValue("Authorization: Basic (base64Credentials)", forHTTPHeaderField: "Authorization")

I get back a 401 - Authentication failed. Verify the credentials being used for the request.

If anyone can help with a working example or point me where I can find documentation or just offer some information, I would greatly appreciate it.

As it is now I am at my wits end.

Thanks

10 REPLIES 10

talkingmoose
Honored Contributor II

I have a GitHub gist that may help. It’s for using curl, but you may find it useful.

https://gist.github.com/talkingmoose/327427d23b422000f9d17183f8ef1d22

menashehertz
New Contributor II

@talkingmoose Thanks for sharing.

I now have a starting point to substitute my info and see if I get back a token.

jphillips
Contributor

@talkingmoose Thanks for the script.. I've just started messing around with API'ing prestige assignments and this helps immensely.

I am having an issue though: after inputting my own details I'm getting back a 404 from script. At /uapi/doc, under the get prestige by ID, I input the ID of the prestage and clicked Try it out. I still get a 404 that it can't be found, however the response body comes back as successfully and lists all of the prestage's correct information (so it does exist). Running 10.13 on cloud.

Is there a bug I'm not aware of with this 404?

talkingmoose
Honored Contributor II

@jphillips, a 404 means content can’t be found. Since you’re not receiving a 401, which means not authorized, you’re probably authenticating just fine but there’s a problem in your URL (maybe a misspelling or you’re using the wrong ID) or you may be requesting XML when you need to request JSON.

Which endpoint are you trying to use?

jphillips
Contributor

@talkingmoose Nevermind.. I just realized my idiocy: the endpoint /mobile-device-prestages/id/scope does not exist on 10.13.

nanfay
New Contributor III

@talkingmoose Thanks for sharing - that was huge help. I had about 1900 iPads that needed to be moved from one PreStage into multiple PreStages, and the names are all based by serial number so very tedious if I hadn't been able to script it. Your gist gave me the starting point I needed. Project completed - Happy Friday!

eaititig
New Contributor II

Yeah, I'm trying to do the same thing. I can use the Classic API with curl/PHP but I want to write an iOS app in Swift and I can't get that token ... so failed at the first step. I get 401 when using the base64 of the username:password as Basic Auth

Maybe the API doesn't work on cloud instances?!?

jphillips
Contributor

The API works fine with Swift and Cloud instances as we have been using it extensively since this thread. The thing that really helped me figure out how it all worked was to look at MUT's open-source code and how it retrieved the token: https://github.com/mike-levenick/mut

user-AbzzTNbfcS
New Contributor

Special characters are not supported in the passwords when using the API. i got this response from JAMF support.

leslie
Contributor II

Special characters are fine. Depending on the language you're coding in you may need to manually encode them.