Jamf Pro API – Initializing the Cloud Services Token

As I am continuing on my pursuit to use the Jamf Pro API as much as possible, I started creating scripts that would start to build out my Jamf Pro servers in a quicker, more efficient, and consistent way. I will post these mini scripts here as they come up and hopefully someone else will also find them useful.

For this post within the series, I will go through using the Jamf Pro API to initialize the Cloud Services token exchange. After enabling the Cloud Service Connection your Jamf Pro server will have access to the Icon Service, Jamf Pro Platform Integration Service, and Title Editor.

The Icon Service, once enabled, allows icons to be stored in the Icon Service rather than in the Jamf Pro database. The Icon Service uses the hosted data regions: us-east-1 and us-west-2.

The Jamf Pro Platform Integration Service allows you to complete a registration process to integrate Jamf Protect with Jamf Pro. This integration allows for the download of the latest Jamf Protect package and gives the ability to deploy the package and adjust the scope of the Jamf Protect plan with configuration profiles within Jamf Pro. The integration also allows for the download and deployment and updates of Jamf Connect with configuration profiles inside of Jamf Pro.

The Title Editor service allows for you to create custom software titles, override existing patch definitions, and create custom patch definitions. Title Editor uses the us-east-1 hosted data region.

The Cloud Service Connection brings quite the value to your Jamf Pro server, and I will show you how this can be achieved with the Jamf Pro API. First, we will set up our script variables.

#!/bin/bash

##################################################
# Variables -- edit as needed

# Jamf Pro API Credentials
jamfProAPIUsername="apiUsername"
jamfProAPIPassword="apiPassword"
jamfProURL="https://server.jamfcloud.com"

# Jamf Nation Credentials
JNEmail="jamfRules@anyOrg.com"
JNPassword="C4ntW4itF0rJNUC2022!"

In our variables above, we will need a valid Jamf Nation credential to create the connection. This credential does not get stored in Jamf Pro.

Now we have our variables, we will set up our functions.

#
##################################################
# Functions -- do not edit below here

# Get a bearer token for Jamf Pro API Authentication
getBearerToken(){
	# Encode credentials
	encodedCredentials=$( printf "${jamfProAPIUsername}:${jamfProAPIPassword}" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - )
	
	# Generate an auth token
	authToken=$( /usr/bin/curl "${jamfProURL}/uapi/auth/tokens" \
		--silent \
		--request POST \
		--header "Authorization: Basic ${encodedCredentials}" 
)
	
	# Parse authToken for token, omit expiration
	token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "${authToken}" | /usr/bin/xargs )
}

# Invalidate the token when done
invalidateToken(){
	curl --request POST \
	--url ${jamfProURL}/api/v1/auth/invalidate-token \
	--header 'Accept: application/json' \
	--header "Authorization: Bearer ${token}"
}

# Initialize the CSA token exchange
createCSA(){
	curl --request POST \
	--url ${jamfProURL}/api/v1/csa/token \
	--header 'Accept: application/json' \
	--header 'Content-Type: application/json' \
	--header "Authorization: Bearer ${token}" \
	--data '
{
	"emailAddress": "'"${JNEmail}"'",
	"password": "'"${JNPassword}"'"
}
'
}

Functions are done, now we do the script work by calling our functions.

#
##################################################
# Script Work
#

getBearerToken
createCSA
invalidateToken

exit 0

Now we can put it all together and it looks like:

#!/bin/bash

##################################################
# Variables -- edit as needed

# Jamf Pro API Credentials
jamfProAPIUsername="apiUsername"
jamfProAPIPassword="apiPassword"
jamfProURL="https://server.jamfcloud.com"

# Jamf Nation Credentials
JNEmail="jamfRules@anyOrg.com"
JNPassword="C4ntW4itF0rJNUC2022!"

#
##################################################
# Functions -- do not edit below here

# Get a bearer token for Jamf Pro API Authentication
getBearerToken(){
	# Encode credentials
	encodedCredentials=$( printf "${jamfProAPIUsername}:${jamfProAPIPassword}" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - )
	
	# Generate an auth token
	authToken=$( /usr/bin/curl "${jamfProURL}/uapi/auth/tokens" \
		--silent \
		--request POST \
		--header "Authorization: Basic ${encodedCredentials}" 
)
	
	# Parse authToken for token, omit expiration
	token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "${authToken}" | /usr/bin/xargs )
}

# Invalidate the token when done
invalidateToken(){
	curl --request POST \
	--url ${jamfProURL}/api/v1/auth/invalidate-token \
	--header 'Accept: application/json' \
	--header "Authorization: Bearer ${token}"
}

# Initialize the CSA token exchange
createCSA(){
	curl --request POST \
	--url ${jamfProURL}/api/v1/csa/token \
	--header 'Accept: application/json' \
	--header 'Content-Type: application/json' \
	--header "Authorization: Bearer ${token}" \
	--data '
{
	"emailAddress": "'"${JNEmail}"'",
	"password": "'"${JNPassword}"'"
}
'
}

#
##################################################
# Script Work
#

getBearerToken
createCSA
invalidateToken

exit 0

https://github.com/robjschroeder/Jamf-API-Scripts/blob/main/api-InitializeCSAToken.sh

Thanks for checking it out!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: