The objective of this session, said Ben, was not to go through the basics of API but to provide tips and tricks to facilitate the data extraction. The talk focused on three areas:
- Jamf Pro API Scalability Best Practices and how to let Jamf Pro do the heavy lifting.
- What to do if you have Jamf Cloud but no SIEM?
- Getting inventory data to devices: have you tried a profile?
Jamf Pro API Scalability Best Practices
Rate limit: Although Jamf Pro has no built-in rate limit, it is essential to limit the number of concurrent connections to Jamf Pro API to five. When building an integration app, it is important to measure response times and adjust the number of requests accordingly. A large number of concurrent API calls will impact the performance of Jamf Pro.
Error handling: Use an exponential backoff algorithm to respond to error codes as they happen. Ben shared some exciting resources for HTTP codes, which are relevant for most APIs.
Syncing device inventory data: If you have an API integration that is constantly polling Jamf Pro, review and adjust the frequency level by considering when devices update inventory.
Using advanced search: By using this option, you can avoid polling every API endpoint for every record and have Jamf Pro server perform much lower calculations, decreasing the response time from API integrations and scripts.
You can also use the advanced search to find values within the device record. Ben used an example of how to find the information about whether a hard drive is file encrypted by identifying and pulling the value from the record to use in your integrations.
Jamf Cloud but no SIEM?
If you have Jamf Cloud but not a log streaming option enabled, you can still retrieve alerts via the API through the notifications option on the top right corner of the screen. A tip is to set up a read-only API account that can be used to access these notifications, allowing you to review alerts proactively.
Getting inventory data to devices
You can obtain data from Jamf Pro by using configuration profiles. Configuration profiles contain a comprehensive set of variables for devices and users that can be utilized to update inventory data. You can set up a workflow to deploy those variables to your domain: as the MDM deploys the profile, it swaps out the variables for the value required and sends it to the device.
You can find further information about how to establish this workflow here.
Register for JNUC to access this session as well as others on demand.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.