Sprinto DashboardAPI Reference

Jamf - API Roles & Clients

The API Roles and Clients functionality in Jamf Pro provides a dedicated interface for controlling access to the Jamf Pro API and the Classic API. You can create custom privilege sets as API roles and assign them as needed, ensuring that API clients have only the necessary capabilities for their tasks.

Roles can be:

  • Shared between clients, or

  • Assigned more than one to a single client

This allows you to manage and reuse privilege sets conveniently and with greater granularity.

Creating an API Role

To grant privileges to an API client in Jamf Pro, you must first create an API role that defines a privilege set. One or more of these roles can then be assigned to a client to grant their cumulative privileges.

Steps

  1. In Jamf Pro, click Settings in the sidebar.

  2. In the System section, click API Roles and Clients.

  3. Click the API Roles tab at the top of the pane.

  4. Click New.

  5. Enter a display name for the API role.

  6. In the Jamf Pro API role privileges field, begin typing the name of a privilege you want to assign, and select it from the pop-up menu.

    • Continue adding privileges until you are finished.

  1. Click Save.

If you are using Jamf Setup, Jamf Reset, Jamf Parent, or Jamf Teacher in your environment, you may notice that API roles have already been created and are in use by these applications. These roles can be reused safely with other API clients that require similar privileges. However, Jamf does not recommend editing these roles, as it could interfere with the functionality of those apps. Jamf Pro also does not allow any API roles to be deleted while they are in use.

Creating an API Client

You can create an API client in Jamf Pro to generate a client secret, which can then be used by the Jamf Pro API to generate access tokens.

Requirements

  • At least one API role created in Jamf Pro.

Steps

  1. In Jamf Pro, click Settings in the sidebar.

  2. In the System section, click API Roles and Clients.

  3. Click the API Clients tab at the top of the pane.

  4. Click New.

  5. Enter a display name for the API client.

  6. In the API Roles field, add the roles you want to assign to the client.

    • The client will have the cumulative privileges of all assigned roles.

  7. Under Access Token Lifetime, enter the time (in seconds) that you want access tokens to remain valid.

Changing the Access Token Lifetime later does not affect access tokens that have already been generated. Similarly, deleting or disabling a client does not disallow access for previously generated tokens that are still valid. However, any changes made to the API roles assigned to a client will affect all tokens immediately.

  1. Click Save.

  2. Click Edit.

  3. Click Enable API Client to allow the client to be used for generating a client secret.

  4. Click Save.

Generating a Client Secret

After you have created an API client and assigned it one or more roles, you can generate a client secret, which can then be used to generate access tokens.

Requirements

  • An API client created in Jamf Pro with at least one role assigned to it.

Steps

  1. In Jamf Pro, navigate to the API client you want to generate an access token from.

  2. Click Generate Client Secret. A confirmation dialog appears.

  3. Click Create Secret. A pop-up window appears with the client secret.

The client secret will only be displayed once. Make sure to save it to a secure location before closing the dialog.

PreviousJamf IntegrationNextJumpCloud Integration

Last updated