API Authentication

You may optionally generate an API token that will be required for all requests made to the following /api/v1/title* endpoints to prevent unauthenticated requests to create, update, or delete software titles.

Note

The /jamf/v1 and /api/v1/backup endpoints remain open and will not use the API token for authentication.

Warning

THe UI does not yet support API authentication. You will receive a “Unauthorized: Authentication required” message if you attempt to use the New Title + or X (delete) options.

See the Patch Server API documentation for how to create an API token.

Authenticating Requests

If you have created an API token, you must include it with your requests in the Authorization header and the Bearer type:

Authorization: Bearer 94631ec5c65e4dd19fb81479abdd2929

Requests without this header will be rejected with a 401 status.

Retrieve/Reset the API Token

In the event you lose your API token, you can use a command line utillity such as sqlite3 to retrieve the existing token:

$ sqlite3 patch_server.db "SELECT * FROM api_token;"

If you wish to reset the token, write a stub file into the patchserver application directory named reset_api_token and restart the server. The API token will be deleted from the database and the stub file cleared. You will then be allowed to create a new API token using /api/v1/token.