Home
A macOS app to simplify the creation of admin API scripts
The application has two components:
-
A macOS GUI app where you'll enter connection information for your Jamf servers.
-
A command-line binary used to access the connection information and simplify API calls.
Say we're writing a script to pull down information about all the computers enrolled in Jamf Pro. The script would need to:
- Obtain a bearer token using the API's auth endpoint
- A method to refresh the token prior to expiration
- Invalidate the token when we're done with it
- Looping structure with logic to fetch all pages from the
/api/v1/computers-inventoryAPI path, concatenating or processing the pages as we go.
The Jamf API Utility app simplifies all of that. Once we've saved our credentials, instead of writing the 50-line script described above, now it's just a one-liner...
apiutil --path "/api/v1/computers-inventory"
The apiutil binary handles the rest.
Note: This project is intended for use by Jamf admins writing scripts to run on their own computers, not for scripts that run on the Macs they manage. Secrets sent to client devices, no matter the delivery mechanism or obfuscation used, are discoverable by users or malware. Secrets for cloud applications and functions should be handled using a secret manager supported by your cloud platform.
- macOS 14.6 or greater
- API access to one or more Jamf Products
Note: Please download the API Utility app only from GitHub Releases. The app is signed by Jamf Software (483DWKW443).
Install the .app file in your Applications folder.
Open the app and click the Add button to enter an API user for a Jamf server. Don't add more than one for now.
If you're using Jamf Pro, you'll have the option to use either a username and password, or a client ID and secret for authentication. API Utility defaults to "API Client" but if you're not already familiar with setting those up, switch that setting to "Username and password" and use that for now.
Don't check the box to require local user authentication down at the bottom. We'll cover that topic a little later.
Open Terminal and enter a command:
Jamf Pro example:
/Applications/API\ Utility.app/Contents/MacOS/apiutil --path "/JSSResource/categories"
Jamf School example:
/Applications/API\ Utility.app/Contents/MacOS/apiutil --path "/api/locations"
The app will connect to your server and return the results.
The command-line binary we'll be calling from Terminal or our shell scripts is buried inside the API Utility app. It's inside the bundle's Contents/MacOS/ folder.
If the API Utility app is in your Applications folder, you could call the command line utility like this:
/Applications/API\ Utility.app/Contents/MacOS/apiutil ...
But that's a lot to type. We can create a shortcut so we can simply say apiutil .... (Note that the examples in this documentation assume you've made an alias called "apiutil" but you can call it whatever you want.)
Instead of using the full path to the utility, you can create a function to shorten the path and just call that to make an API call.
#!/usr/bin/env bash
API_TARGET_NAME="Manage API Clients"
apiutil() {
"/Applications/API Utility.app/Contents/MacOS/apiutil" --target "${API_TARGET_NAME}" "$@"
}
# Make an API call
apiutil --path "/JSSResource/categories"We can create a shortcut to API Utility path in our command line shell too.
If you only need the shortcut for your own account, you can add an alias in your user's shell configuration file. You do that by editing your ~/.zshrc file, either by hand, or with this command line:
sh -c "echo '\nalias apiutil=\"/Applications/API\ Utility.app/Contents/MacOS/apiutil\"' >> ~/.zshrc"Now, any newly-created terminal session will have the "apiutil" alias available. If you want to make the shortcut available in your current Terminal window, just reload the shell configuration file:
source ~/.zshrcNow, we can do the exact same Terminal API call we did during the Quick Start, but this time with a much shorter path to the utility:
apiutil --path "/JSSResource/categories"That's all that's needed for most users but some coverage of special situations follows.
If you use bash rather than z-shell, please use these commands instead of the ones above. If you don't know the difference between bash and z-shell, you're almost definitely using z-shell and can ignore this section.
sh -c "echo '\nalias apiutil=\"/Applications/API\ Utility.app/Contents/MacOS/apiutil\"' >> ~/.bash_profile"
source ~/.bash_profileAfter updating your shell configuration file, you'll be able to use the apiutil alias instead of the full path to the command line executable.
As an alternative to all of the above, if you want to make a simplified command path available to all users, all shells, and all editors, we can add a wrapper script to a directory that's already in macOS's default search path. /usr/local/bin is a commonly-used location.
sudo tee /usr/local/bin/apiutil > /dev/null <<'EOF'
#!/bin/sh
"/Applications/API Utility.app/Contents/MacOS/apiutil" "$@"
EOF
sudo chown root:wheel /usr/local/bin/apiutil
sudo chmod +x /usr/local/bin/apiutilIn the remainder of this document, we'll be calling the command line utility as apiutil rather than with the full path.
Targets are named combinations of Server URLs and login information. At least one API target must be created before using the command line portion of the utility. We did not include a target specification in the Quick Start test we did earlier because at that point we only had one target configured so API Utility uses it as the default.
To manage your targets, open the app and you'll see a list of any items that have been saved.
Add API targets using the "Add" button. To update a target, highlight it and click the "Modify" button. As a security precaution, you will need to re-enter the authentication secret any time you modify a target.
A data entry window will open when you click the "Add" or "Modify" buttons.
Start by selecting the product for your target. The authentication fields will change depending on your selection.
A target name is used to refer to the saved target when making API calls from the command line so they should be unique and descriptive.
Note: If you include a space in a name, you'll need to remember to double-quote it any time you reference it from the command line so it might be easiest to avoid using spaces.
In the example below, a target has previously been saved with the name "pro".
Enter a server URL and the login information for your product instance. Don't include a "/" at the end of the URL.
The "Require local authentication" option may be used to protect your saved credentials. When enabled, attempts to access the associated target information via the command line will require a macOS user authentication. Touch ID makes it easy. For more information on approaches to securing script secrets, please see "How to Keep a Secret". For information on how to authenticate a target on scripts that make repeated API calls, please see the Using Cached Credentials section of the Jamf Pro Examples page.
The padlock icon in the saved targets list screen indicates if user authentication is required to access the target.
Configuration details for Jamf's APIs appears below.
For Jamf Pro credentials, you may use either a Client ID and Secret, or a Username and Password.
You can and should create different API targets for different applications to limit the API authorization to only those operations that are required by an app. For example, if you are writing a reporting script, you can limit the scripts's user or client to read-only access when creating the login in Jamf Pro. To learn about the permissions required for the Jamf Pro API paths you use in your applications, please see the documentation for the Jamf Pro and Classic APIs.
Jamf Protect's graphQL API utilizes an API Client and Secret:
The Jamf School API uses a Network ID and API key for authentication:
This project is offered under the terms of the Jamf Concepts Use Agreement. The application and this documentation are Copyright 2025, Jamf Software LLC.
Your interactions with Jamf and its products are governed by our Privacy Policy.
We'd love to hear about your experience using the utility and suggestions for improvements. Please use GitHub Issues to contact us.
