Jamf Protect API
- Last UpdatedNov 2, 2023
- 3 minute read
The Jamf Protect API is the primary resource for programmatically interacting with Jamf Protect. The Jamf Protect API uses GraphQL, an advanced query service and language that allows you to search and access your data from a single endpoint.
To learn more about GraphQL, see the Introduction to GraphQL page on the GraphQL Foundation website.
Your Jamf Protect endpoint is your Jamf Protect tenant URL succeeded by /graphql:
https://your-organization.protect.jamfcloud.com/graphql
Before you can interact with the Jamf Protect API, you must create an API client in Jamf Protect. Creating an API Client generates configuration and endpoint information, such as a client ID and API client password, which can be used for the following:
-
To obtain an access token
-
Register your Jamf Protect tenant with Jamf Pro.
Before creating an API client, consider the permissions necessary for that client. You can create a new role and assign the minimum required permissions for the API Integration, or you can assign the Read Only role to the client. The Read Only role will automatically include any future read-only permissions. The following permissions are the current recommended minimum permissions required for an API client.
Read only: Plans
Read only: API Clients
Read only: Downloads
These permissions are subject to change, and can be updated at any time. For more information about assigning custom roles, see User Roles and Groups.
You can have up to five API clients in Jamf Protect. To add an additional API client, you must delete one of the existing clients.
- Copy the API client password for later use.Important:
This value will not be displayed again by Jamf Protect.
Your API client configuration and endpoint information displays.
If you plan to use an API client to integrate with Jamf Pro or test with the Altair GraphQL Client application, make sure to copy the client ID in the API Client Configuration pane and the Jamf Protect API URL in the Token and API Endpoints pane.
To complete Jamf Protect API requests, each GraphQL query must include an authorization header with an access token.
To obtain an access token to include in an authorization header for Jamf Protect API requests, you can execute the following command using information from your API client configuration:
curl --request POST \ --header 'content-type: application/json' \ --url "https://your-tenant.protect.jamfcloud.com/token" \ --data '{"client_id": "<CLIENT-ID>", "password": "<API-CLIENT-PASSWORD>"}'The access token can then be included in API requests similar to the following curl command:
curl -H "Content-Type: application/json" \ -H "Authorization: YOUR-ACCESS-TOKEN" \ -X POST "https://your-tenant.protect.jamfcloud.com/graphql" \ -d '{"query": "query {listComputers {items {hostName, uuid, checkin}}}"}'