Docs

Getting Started with REST APIs

Using simplified REST software architecture, Workspace ONE UEM REST APIs currently support multiple functionalities, including organization group, console administration, mobile application, mobile device, email, enrollment user, profile, smart group, and user group management.

Using REST-based APIs provide several benefits to enterprises, including eliminated cost and time spent developing applications in-house. Workspace ONE UEM REST APIs are fully able and ready to integrate with enterprise servers, programs, and processes. Additionally, Workspace ONE UEM REST APIs are more efficient, can run smoothly and can be easily branded with enterprises. These APIs are intended for application developers, and this guide provides an understanding of design and architecture of the API library to facilitate custom development and integration with Workspace ONE UEM.

Access API Documentation

Access detailed API documentation by navigating to the Workspace ONE UEM API Help page.

Do this in SaaS environments by replacing the "cn" in your URL with "as" and then append /api/help after .com.

https://cn4855.awmdm.com

https://as4855.awmdm.com/api/help

Datacenter and Token URLs for OAuth 2.0 Support

Workspace ONE UEM supports the OAuth 2.0 industry standard protocol for secure authentication and authorization for REST API calls.

Workspace ONE Token Service is the Token Issuer for OAuth authentication and is currently supported only in SaaS environments. The Token URLs are region-specific.

Create an OAuth Client to Use for API Commands (SaaS)

You can create an OAuth client to use for API commands, supported in SaaS environments only. Create an OAuth client for your SaaS environment by taking the following steps.

1. Navigate to Groups & Settings > Configurations.
2. Enter OAuth in the search text box labeled 'Enter a name or category'.
3. Select OAuth Client Management that appears in the results. The OAuth Client Management screen displays.
4. Select the Add button.
5. Enter the Name, Description, Organization Group, and Role.
   Note: For more information about specific REST API permissions for the role you select, see the section in this topic entitled Create a Role That Can Use REST APIs.
6. Ensure that the Status is Enabled.
7. Select Save.
8. IMPORTANT: Copy the Client ID and Client Secret to clipboard and save them before you close this screen. Select the clipboard icon () to send the Client Secret to the clipboard.

   You cannot return here to retrieve these pieces of information after you select Close.

9. Use the client ID, Client Secret, and Token URL to generate the access token in the following format:

   API call: POST {Region-Specific Token URL from section above}

   Key	Value
   grant_type	client_credentials
   client_id	{CLIENT ID generated on UEM console}
   client_secret	{CLIENT SECRET generated on UEM console}

10. Use the access token returned to authorize future API requests to Workspace ONE UEM API servers. The access token must be provided in the request headers in the following format.

    API call: {UEM API}

    Key	Value
    Authorization	[Access Token}

Create a Role That Can Use REST APIs

Each API call you intend to make has a corresponding resource (or permission) that you must include in the role you assign to the OAuth Client. So the permissions to include in the role you assign line up with the kinds of API calls you are making.