Sending iOS Commands via API

sarky_marty
New Contributor II

Hi all!

I'm writing a script to allow users to send a management command to their iOS device directly from a Self Service policy on their Mac.

Looking at the API documentation, the process for sending commands to iOS devices is fair bit more complicated than the standard API PUT and POST schema. I'm not really sure that I understand what is needed, so any help would be greatly appreciated! Does anyone have an example of an XML file that they've created for the purpose of sending management commands? I can't seem to find any detailed information on this anywhere!

Thanks in advance!

1 ACCEPTED SOLUTION

m_donovan
Contributor III

I have tried every configuration of the xml I can think of and I can not get it to work with any commands except UpdateInventory and BlankPush. All other commands fail.

deviceID="123456"

###This works for commands with multiple parameters
data="<mobile_device_command><general><command>DeviceLock</command><lock_message>bring this to your teacher</lock_message></general><mobile_devices><mobile_device><id>${deviceID}</id></mobile_device></mobile_devices></mobile_device_command>"

## This works for single commands
data="<mobile_device_command><general><command>UpdateInventory</command></general><mobile_devices><mobile_device><id>${deviceID}</id></mobile_device></mobile_devices></mobile_device_command>"

curl -fsku "${jssAPIUsername}:${jssAPIPassword}" -H "Content-Type: text/xml" "${jssAddress}/JSSResource/mobiledevicecommands/command" -d $data -X POST

Edit: I was using a test account without the required permissions after fixing the account permissions both methods worked.

View solution in original post

6 REPLIES 6

m_donovan
Contributor III

Here is a command I use in an Xcode application I built but you can see how it is structured from a bash command.

do shell script "curl -ksu " & apiuser & ":'" & apipass & "' " & jssurl & "/JSSResource/mobiledevicecommands/command/BlankPush/id/" & mobileDeviceID & " -X POST"

I hope this helps.

BradB
New Contributor III

There is some basic sample code on the Jamf Developer Portal that shows how to issue a remote command to a mobile device: https://developer.jamf.com/sample-code#sample5. That example uses the /mobiledevicecommands/command API resource with XML to indicate the command and device to send it to. The example @m.donovan gave above is another great to way to issue commands without having to deal with sending the XML.

sarky_marty
New Contributor II

Thank you, both!

The first response looks like the kind of JSS API curls I'm used to, which gives me some more confidence, but it seems that many commands require multiple pieces of data to function and that is where I'm now stuck.

I had been looking at what I assumed was both the in-built API docs and the ones on the developer page, but it seems I had the in-built ones open on two tabs and ignored the developer ones on the third. Now that I read the two documents together, they each fill in gaps that the other leaves unplugged.

I'd specifically like to send the Enable Lost Mode command, which requires at least two pieces of additional information, and I'd also like to send the Clear Passcode command to ensure the device can connect to WiFi if it's lacking a cellular connection.

From the developer docs, I can see how to lay out the XML file for the <command> itself, but I'm unsure where to include the extra bits of required info. Would it look like this?

<?xml version="1.0" encoding="UTF-8"?>
<mobile_device_command>
    <general>
        <command>EnableLostMode</command>
        <lost_mode_message>Lock Message Here</lost_mode_message>
        <lost_mode_phone>0123456789</lost_mode_phone>
        <lost_mode_footnote>Footnote</lost_mode_footnote>
        <always_enforce_lost_mode>true</always_enforce_lost_mode>
        <lost_mode_with_sound>false</lost_mode_with_sound>
    </general>
    <mobile_devices>
        <mobile_device>
            <id>1</id>
        </mobile_device>
    </mobile_devices>
</mobile_device_command>

I also assume that I should (need to) send the Clear Passcode command as a separate API POST command with its own XML file?

Can the XML be sent as a one-liner in the curl command (or set as a variable to be expanded), or do I have to write an XML file to the drive and then read it from there?

m_donovan
Contributor III

I will try and do some testing and see what I can figure out. Typically I use the file format rather than a one liner.

m_donovan
Contributor III

I have tried every configuration of the xml I can think of and I can not get it to work with any commands except UpdateInventory and BlankPush. All other commands fail.

deviceID="123456"

###This works for commands with multiple parameters
data="<mobile_device_command><general><command>DeviceLock</command><lock_message>bring this to your teacher</lock_message></general><mobile_devices><mobile_device><id>${deviceID}</id></mobile_device></mobile_devices></mobile_device_command>"

## This works for single commands
data="<mobile_device_command><general><command>UpdateInventory</command></general><mobile_devices><mobile_device><id>${deviceID}</id></mobile_device></mobile_devices></mobile_device_command>"

curl -fsku "${jssAPIUsername}:${jssAPIPassword}" -H "Content-Type: text/xml" "${jssAddress}/JSSResource/mobiledevicecommands/command" -d $data -X POST

Edit: I was using a test account without the required permissions after fixing the account permissions both methods worked.

sarky_marty
New Contributor II

I eventually ended up creating an XML file and passing it into the API command, but I can confirm that @m.donovan nailed it.

I also ran up against the issue of having insufficient privileges on my API user account, and it took me a long time to work out that it was that which was causing the errors and not a problem with my command. That's definitely something to watch out for, if you're reading this thread looking for help!