Difficulties with Jamf Pro API authorisation

Lazy
New Contributor

Hi,

I am currently trying to use the Jamf Pro API to run software updates on our Mac environment. I did some testing a few weeks earlier and was able to successfully update a single mac using the API command. Recently I have tried to update a whole room full of macs but receive a http 401 error when running the script. The only change I made to the script was to add the device IDs of the relevant devices.

In order to try and troubleshoot this I removed all the device IDs except for the one I used in my initial test but still receive the 401 error.I have also confirmed that my credentials to Jamf Pro were correct, this is proven by the fact I do receive a valid bearer token when requested. I have also checked all of my Jamf Pro account permissions and I have every available permission assigned. Also the same bearer token is able to run this command.

curl --request GET --url "$url"/api/v1/macos-managed-software-updates/available-updates --header 'accept: application/json' --header "Authorization: Bearer $bearerToken"

 I get a valid response with the list of available updates. If I remove the "--header 'Authorization...'" switch I get the 401 error so i believe the bearer token to be valid and not expired as it is necessary to receive a response.

Please see full script below.

user="username"
pass="password"
url="https://JamfProFQDN:8443"

bearerToken=""
tokenExpirationEpoch="0"

response=$(curl -s -u "$user:$pass" "$url"/api/v1/auth/token -X POST)
bearerToken=$(echo "$response" | plutil -extract token raw -)

curl --request GET --url "$url"/api/v1/macos-managed-software-updates/available-updates --header 'accept: application/json' --header "Authorization: Bearer $bearerToken"

curl --request POST --url "$url"/api/v1/macos-managed-software-updates/send-updates --header 'accept: application/json' --header 'content-type: application/json' --header 'Authorization: Bearer $bearerToken' --data '
{
"deviceIds": [
"762",
"763",
"764",
"765",
"766",
"767",
"768",
"769",
"771",
"773",
"774",
"775",
"776",
"777",
"778",
"779",
"780",
"781",
"827",
"837"
],
"skipVersionVerification": false,
"applyMajorUpdate": false,
"forceRestart": true,
"priority": "HIGH"
}

Apologies if this has been asked before I had a look and the only post I found about this talks about the Jamf Pro user account permissions which I have already checked.

4 REPLIES 4

jtrant
Valued Contributor

I know you said you checked permissions, but does this account have 'Update' permissions for computers in addition to the permissions required to send the required MDM commands?

Lazy
New Contributor

Thanks for the quick response. Just double checked to be sure and I do have the permissions to "create", "read", "update" and "delete" Computers. I also have "Send Computer Remote Command to Download and Install macOS Update" permission ticked as well.

If it makes it any clearer there is not a single tickbox on the permissions page that is not ticked. Unless any of these actually remove permissions (I've had a quick look and none seem to deny permissions but it's entirely possible I have missed something) I should be able to do pretty much everything.

mm2270
Legendary Contributor III

Posting here because I'm also seeing errors when using your code above (with my own values entered of course)

I went back to the API guide from the Jamf Pro server, and set up an example command for that API resource and it sends back a differently formatted response. The 'data' section comes back like this

"{\"deviceIds\":[\"1\",\"2\",\"3\",\"4\"],\"maxDeferrals\":7,\"version\":\"12.0.1\",\"skipVersionVerification\":false,\"applyMajorUpdate\":false,\"updateAction\":\"DOWNLOAD_AND_INSTALL\",\"forceRestart\":false,\"priority\":\"HIGH\"}"

It contains the entire section in double quotes and then escapes the double quotes within the json. Also, it includes both a "version" item, specifying the exact version of the OS you want to install, and an "updateAction", as you can see. I'm not sure if both of those are strictly necessary for it to work. I would think at least the updateAction may be though.

I know in your posted example you're containing the json data within an open and close single quote, which I would think precludes the need to escape double quotes within it, but maybe try it as the example format shows and see if your result is any different.

Lazy
New Contributor

Thanks for the response mm2270. I cannot try this out at the moment but as soon as i get an opportunity I will give it a go with the escaped double quotes (Should get a chance on Friday). Find it a bit strange though as it is the same code that worked for me a couple of weeks previously. The only difference I can think of is last time I typed the commands into terminal whereas this time I pasted from textedit. I will try entering manually into terminal as well to see if it does not like the format or encoding.