Skip to main content

Jamf Pro API Documentation

The base URL for the Jamf Pro API is located at /uapi on each Jamf Pro instance. Documentation and “Try it out” features are built into each instance of Jamf Pro, and can be accessed at /api/doc.

Authentication and Authorization

The Classic API supports Basic Authentication and uses the standard User Accounts and Groups functionality of Jamf Pro. The Create, Read, Update and Delete privileges for an account or group within Jamf Pro correspond respectively with the POST, GET, PUT and DELETE HTTP methods. Furthermore, the Jamf Pro Server Object or Jamf Pro Server Setting should closely describe the endpoint for which permissions would be granted (e.g privileges for Advanced Computer Searches would be required to interact with the advancedcomputersearches endpoint).

The Jamf Pro API leverages the same User Accounts and Groups functionality of Jamf Pro as the Classic API, but uses a token-based authentication scheme. In order to perform successful requests to the Jamf Pro API you must present a valid token in the Authorization header of each request. The workflow of requesting an initial token and using that token in API requests is outlined below:

  1. Request Token by sending a POST to /uapi/auth/tokens with the header “Authorization: Basic YOUR_CREDENTIALS”
  2. You should receive a response that includes a token and an expiration epoch similar to the following example:
    {
        "token": "eyJhbGciOiJIUzUxMiJ9...",
        "expires": 1532533249439
    }
    
  3. You can use the previously generated token to make calls to any other Jamf Pro API endpoint by including it in a header using the format Authorization: Bearer <TOKEN_VALUE>

Tokens expire after 30 minutes by default, but you can generate a new token with the same information using the /uapi/auth/keepAlive endpoint. Simply send a POST to the endpoint with the existing token in an Authorization header like you would to any other endpoint (see step 3 above). The keepAlive endpoint will respond with a new token and expiration and will invalidate the previous token.

Below you will find a link to a Postman collection that can be used to generate tokens and store them as variables for future API calls in Postman. After downloading and importing the collection, click the ellipsis next to the “Jamf Pro API Authentication” collection and select Edit. Navigate to the Variables tab and populate the username, password and URL for your Jamf Pro environment. Now the endpoints can be used to generate, refresh or invalidate tokens. Use the {{accessToken}} variable with the Bearer Token authentication type selected to perform calls to all other Jamf Pro API endpoints.

HTTP Methods

The Jamf Pro API is a RESTful interface that uses standard HTTP methods to issue requests and receive responses.

POST
POST is used to create new objects or issue new actions. All POST operations require that a JSON body be passed with the request. Jamf Pro auto-assigns the object an ID and will respond to successful requests with the ID of the created resource.
GET
GET is used to retrieve information identified by the request-URI. Many endpoints support URL query parameters to allow for searching, sorting, and filtering of responses. Supported parameters are documented within the API Reference page.
PUT
PUT is used to update existing records, identified by the request-URI. PUT will overwrite all fields specified within the request body with the values specified, any omitted fields will be set to a null value. Responses to successful requests will include the ID of the updated resource.
DELETE
DELETE is used to remove the resource identified by the request-URI. If successful the message response should include the ID of the deleted resource.
PATCH
PATCH is used to selectively update fields for a resource, identified by the request-URI. If successful, the response will include the ID of the updated resource.

Schema

The Jamf Pro API currently accepts and returns exclusively JSON.

Errors

The Jamf Pro API returns standard HTTP status codes for both successful and unsuccessful API calls. All errors returned will contain an HTML response that will contain a message with a description of the failure.

Common error codes and steps to troubleshoot failures.
Code Description
200 Request successful.
201 Request to create or update object successful.
204 Request successful. Object successfully deleted.
400 Bad request. Verify the syntax of the request specifically the JSON body.
401 Authentication failed. Verify the credentials being used for the request.
403 Invalid permissions. Verify the account being used has the proper permissions for the object/resource you are trying to access.
404 Object/resource not found. Verify the URL path is correct.
412 Precondition failed.
500 Internal server error. Retry the request or contact Jamf support if the error is persistent.

Jamf Pro API Changelog

Historical information about the changes to the Jamf Pro API over time, including changes in the upcoming beta release of Jamf Pro.