JAMF PRO API Token renewal

nnewport
New Contributor III

I am running into an issue with a script where the new API token is expiring before it finishes.  I know there is a way to renew the token with a keep-alive command, but I'm not having any luck getting the syntax of the command correct.  Does anyone know how to renew an active token in the new API?  Thanks for your help!

3 REPLIES 3

cbrewer
Valued Contributor II

What language is your api script written in? I think the token is good for 30 minutes. I've handled this by using a function that checks to see if the current date is within 5 minutes of the expiration date and posts to keep-alive if so.

 

This is powershell, but you can probably convert the idea to other languages - although bash might be tricky.

 

function checkJamfAuthToken {
  # https://stackoverflow.com/questions/24672760/powershells-invoke-restmethod-equivalent-of-curl-u-basic-authentication
  if (!$authTokenData) {
    Write-Host 'Getting new Jamf authorization token... ' -NoNewline
    $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $jamfUser,$jamfPass)))
    $script:authTokenData = Invoke-RestMethod -Uri "$jamfUrl/api/v1/auth/token" -Credential $creds -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method Post
    $script:authToken = $authTokenData.token
    $script:authTokenExpireDate = Get-Date "$($authTokenData.expires)"
    Write-Host 'Done.'
  } else {
    # Update token if it expires in 5 minutes or less
    if  ($(Get-Date).AddMinutes(5) -gt $authTokenExpireDate) {
      Write-Host 'Renewing Jamf authorization token... ' -NoNewline
      $script:authTokenData = Invoke-RestMethod -Uri "$jamfUrl/api/v1/auth/keep-alive" -Headers $jamfApiHeaders -Method Post
      $script:authToken = $authTokenData.token
      $script:authTokenExpireDate = Get-Date "$($authTokenData.expires)"
      Write-Host 'Done.'
    }
  }

  $script:jamfApiHeaders = @{
    Authorization="Bearer $authToken"
    Accept="application/json"
  }
}

 

I'm not able to renew bearer token.  I've updated to use the new API commands and still not working. I'm not sure what I'm missing.  Can someone assist?

$jamfUrl = "https://yourserver.jamfcloud.com:8443"
$jamfUser = ""
$jamfPass = ""

function checkJamfAuthToken {
  # https://stackoverflow.com/questions/24672760/powershells-invoke-restmethod-equivalent-of-curl-u-basic-authentication
  if (!$authTokenData) {
    Write-Host 'Getting new Jamf authorization token... ' -NoNewline
    $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $jamfUser,$jamfPass)))
    $script:authTokenData = Invoke-RestMethod -Uri "$jamfUrl/uapi/auth/tokens" -Credential $creds -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method Post
    $script:authToken = $authTokenData.token
    $script:authTokenExpireDate = Get-Date "$($authTokenData.expires)"
    Write-Host 'Done.'
  } else {
    # Update token if it expires in 5 minutes or less
    if  ($(Get-Date).AddMinutes(5) -gt $authTokenExpireDate) {
      Write-Host 'Renewing Jamf authorization token... ' -NoNewline
      $script:authTokenData = Invoke-RestMethod -Uri "$jamfUrl/uapi/auth/tokens" -Headers $jamfApiHeaders -Method Post
      $script:authToken = $authTokenData.token
      $script:authTokenExpireDate = Get-Date "$($authTokenData.expires)"
      Write-Host 'Done.'
    }
  }

  $script:jamfApiHeaders = @{
    Authorization="Bearer $authToken"
    Accept="application/json"
  }
}
checkJamfAuthToken
Get-Date
$authToken
$authTokenData

Response: Date expired a couple of hours ago 

Friday, May 3, 2024 9:02:39 AM
token   : eyJhbGciOiJIUzI1NiJ9.eyJhd
expires : 5/3/2024 12:56:48 PM

kgam
Contributor

I know this is an older post but I'm just getting into the Jamf Pro API and Bearer Tokens and wanted to share the bash command I've found to work for token renewal. Note that the existing token used for renewal has been shortened for readability.

curl -X POST "https://yourcompany.jamfcloud.com/api/v1/auth/keep-alive" -H "Accept: application/json" -H "Authorization: Bearer egJhCGciJiJIizKiJ9.eyJhdRoZW5aWNhdVkLWFcC6Ikd............."