Jss_url=$( /usr/bin/defaults read /Library/Preferences/ jss_url ) Finally we’ll use the tr command to remove ALL the line feeds from the output.
#JAMF PRO API CODE#
I’m going to put in some extra code to find our Jamf Pro address too. Next step will be to use it to get a bearer token for our use. ~ % printf "username:password" | iconv -t ISO-8859-1 | base64 -i.
#JAMF PRO API PASSWORD#
In this example I’ll be using username and password for … username and password. Let’s start with doing a base64 encode of your credentials. As an added security measure, your access credentials in Jamf ARE scoped only to the task you’re performing right? 😉 Quick note: the tokens have an expiry but it’s just good practice to invalidate them after use especially if your operations are quick. Use the token for the operations you need.Separate the token from the rest of the output.Feed that to a specific API endpoint to obtain a bearer token.base64 encode your existing API credentials.curl -u username:password -X GET "" -H "accept: application/xml" I would highly recommend reading this first.Īs mentioned above, the original method was to supply a username and password with your curl command to authenticate. Matthew Warren has discovered a way of doing JSON with native tools, it’s just the tool is JavaScript. This is where we have to stand on the shoulders of giants. What about jq? Oh great, having to obtain and mass deploy a CLI tool to use infrequently and then deal with it’s upkeep.
(We’ll come back to this).īut aha I hear you cry! What about perl? What about Python? True these do have support but … they’re going away from macOS and you get warnings trying to use them in macOS Monterey. That’s all well and good but macOS doesn’t really have native tools for JSON.
.png "jamf pro api")
#JAMF PRO API FULL#
The full move to JSON is pitched at using a platform agnostic type standard. The endpoint changes mostly result in methods having to be rethought and reworked but the JSON only? AARGH. In order, dealing with a lack of Basic auth is awkward but not insurmountable. You now have to work entirely with JSON input and output.All the API endpoints have changed names, changed behaviors and in some cases disappeared altogether.The old method of submitting a username and password is horrifically insecure so a newer method with access tokens is in place.Now this comes with some big caveats and I’m going to list the ones I’ve found here: You can find more in depth details here but you can also find a sandbox environment on your own Jamf Pro server by using /api at the end of the URL. To solve this and other issues, Jamf has been busy building a newer API on a more modern underpinning. Oracle Java would give you xml every time, OpenJDK gave JSON and don’t even ask about Corretto… curl -X GET "" -H "accept: application/xml" There were always issues such as having to explicitly specify the type of output in the curl command because different installed Java on the server behaved differently. All of Jamf’s love and attention is focussed on the newer “Jamf Pro” one and while at the time of writing the “Classic” still works, I’ve noticed it becoming a touch flaky over time. Jamf Pro has two API’s that are accessible for administrators, the “Classic” and the “Jamf Pro”. New and shiny appears nice but there are pitfalls!
0 kommentar(er)
