Jamf Protect API

The Jamf Protect API is the primary resource for programmatically interacting with Jamf Protect. The Jamf Protect API uses GraphQL, an advanced query service and language that allows you to search and access your data from a single endpoint.

To learn more about GraphQL, see the Introduction to GraphQL page on the GraphQL Foundation website.

Jamf Protect API Endpoint

Your Jamf Protect endpoint is your Jamf Protect tenant URL succeeded by /graphql:

Example:

https://your-organization.protect.jamfcloud.com/graphql

Creating an API Client in Jamf Protect

Before you can interact with the Jamf Protect API, you must create an API client in Jamf Protect. Creating an API Client generates configuration and endpoint information, such as a client ID and API client password, which can be used for the following:

  • To obtain an access token

  • Register your Jamf Protect tenant with Jamf Pro.

Note:

You can have up to five API clients in Jamf Protect.

  1. In Jamf Protect, click Administrative > API Clients
  2. Click Create API Client.
  3. Enter a name for your API client.
  4. Copy the API client password for later use.
    Important:

    This value will not be displayed again by Jamf Protect.

Your API client configuration and endpoint information displays.

If you plan to use an API client to integrate with Jamf Pro or test with the Altair GraphQL Client application, make sure to copy the client ID in the API Client Configuration pane and the Jamf Protect API URL in the Token and API Endpoints pane.

Authorization

To complete Jamf Protect API requests, each GraphQL query must include an authorization header with an access token.

To obtain an access token to include in an authorization header for Jamf Protect API requests, you can execute the following command using information from your API client configuration:

curl --request POST \
--header 'content-type: application/json' \
--url "https://your-tenant.protect.jamfcloud.com/token" \
--data '{"client_id": "<CLIENT-ID>",
"password": "<API-CLIENT-PASSWORD>"}'

The access token can then be included in API requests similar to the following curl command:

curl -H "Content-Type: application/json" \
-H "Authorization: YOUR-ACCESS-TOKEN" \
-X POST "https://your-tenant.protect.jamfcloud.com/graphql" \
-d '{"query": "query {listComputers {items {hostName, uuid, checkin}}}"}'