Jamf Pro API Script Remote Device Lock - "The request requires user authentication"

MathiasO_TK
New Contributor

hey folks!

I Need some help with my Script to trigger API Computer Command "Remote Device Lock"

Purpose: I want a script which requests user input with "Computer Name" , get the Computer Jamf ID (this works!), and afterwords send the Remote Command "Lock Device" with this ID -> at this point I get a Error:

Script result: <html>
<head>
<title>Status page</title>
</head>
<body style="font-family: sans-serif;">
<p style="font-size: 1.2em;font-weight: bold;margin: 1em 0px;">Unauthorized</p>
<p>The request requires user authentication</p>
<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>
Please continue your visit at our <a href="/">home page</a>.
</p>
</body>
</html>

Here are more Informations: I user the API Client&Roles Setting in Jamf, created a API Client with some Priviliges:
"Read Computer Inventory Collection, Update Computers, Read Computers, Create Computers, Send Computer Remote Lock Command"

This is my Script:

 

Script:
***************************************************************
#!/bin/zsh
read -r -d '' applescriptCode <<'EOF'
   set dialogText to text returned of (display dialog "Bitte trage die MacBook-Namen ein." default answer "no input")
   return dialogText
EOF
computerName=$(osascript -e "$applescriptCode");
# API login
bearerToken=""
url=https://XXXXXXXX.XXXX:8443
client_id="API Client ID
client_secret="API Client Secret"
# Create Token
token=$(curl --location --request POST "$url/api/oauth/token" \
     --header "Content-Type: application/x-www-form-urlencoded" \
     --data-urlencode "client_id=$client_id" \
     --data-urlencode "grant_type=client_credentials" \
     --data-urlencode "client_name=Test" \
     --data-urlencode "client_secret=$client_secret")
# Catch Token
bearerToken=$(echo "$token" | plutil -extract access_token raw -)
# determine Jamf Pro device id
deviceID=$(curl -s -H "Accept: text/xml" -H "Authorization: Bearer ${bearerToken}" ${url}/JSSResource/computers/name/"$computerName" | xmllint --xpath '/computer/general/id/text()' -)
#echo "$deviceID"
# Execute Device Lock Command
curl -s -H "Accept: application/xml" -H "Authorization: Bearer ${bearerToken}" ${url}/JSSResource/computercommands/command/DeviceLock/passcode/615243/id/"$deviceID" -X POST

 

5 REPLIES 5

jamf-42
Valued Contributor II

maybe a typo but this is not closed 

client_id="API Client ID

This is just a Placeholder for the real Name of the API Client :D 

in the real script there is an other ID and secret..

I guess it is something like Access Rights could be the Error, but I cant think of something I forgot..

RaGL
New Contributor III

I never tried this specific command via API before, but when checking the API Description for this command it says, that only "ScheduleOSUpdate" is a supported command currently and it's basically also deprecated since 2022. So I guess "DeviceLock" might just not be a supported command anymore.

Xnip2024-07-10_12-57-41.jpg

Hey, thanks for reply..
on our API Site I used this:

Bildschirmfoto 2024-07-10 um 13.08.58.png

 This is the one extra for Device Lock.

stevewood
Honored Contributor II
Honored Contributor II

If you're doing this from a management workstation, like your own, and sending the commands to devices that are enrolled in your Jamf Pro, take a look at Jamf Actions. Jamf Actions are shortcuts for the Shortcuts app that allow you to send MDM commands easily from your workstation.

There are other Jamf created items on that Jamf Concepts GitHub repo.