The automatic recovery key rotation feature is available only for macOS devices. This feature was introduced to maintain the security of the FileVault Personal Recovery Key (PRK). Due to server performance reasons, the automatic rotation from APIs which returns the recovery key is removed. The automatic rotation functionality is available when the PRK is viewed in Device Details or SSP.

Note: It is recommended to follow up with a second API call to rotate the key as the automatic rotation will not occur.

Following GET APIs are used in retrieving the recovery key:

  • /devices/security - Retrieves the security information of the device identified by device ID

  • /devices/<id>/security - Retrieves the security information of the device identified by device ID

  • /devices/<uuid>/security/recovery-key - Retrieves the recovery key by the device UUID

Rotate Key Via API

To rotate the recovery key, use the following API:

POST /devices/{deviceId}/commands?command=RotateFileVaultKey

Note: Use this API after calling one of the above GET calls.