Create an API account in Apple Business
Overview
With the Apple Business API, you can edit the devices’ management assignments, view device information, automate device assignment workflows, integrate device inventory data into third-party platforms, or build custom dashboards—tasks that would otherwise require manual web portal navigation. The API supports OAuth 2 so apps authenticate with a set of credentials in exchange for an access token to make authenticated requests to the API.
Before you can use these APIs, you need to create an API account in Apple Business. Only users with the role of Organization Administrator can create an API account.
Note: You can have up to 50 API accounts.
Data access
When the API account is properly configured, that account can allow an app to access the following information:
Category | Permission name | Description |
|---|---|---|
Devices | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get a list of devices in an organization that enroll using Automated Device Enrollment. |
Devices | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get information about a device in an organization, such as the device model, order number, and part number. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get a list of device management services in an organization. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get a list of device serial numbers assigned to a device management service. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get the assigned device management service ID information for a device. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get the assigned device management service information for a device. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get information for an organization device activity that a device management action creates, such as assign or unassign. |
Device management services | Assign devices to device management services. | Assign or unassign devices to a device management service. |
User management services | Get a list of users in an organization. | |
User management services | Get information about a specific user in an organization. | |
User group management services | Get a list of user groups in an organization. | |
User group management services | Get information about a specific user group in an organization. | |
User group management services | Get a list of users assigned to a user group in an organization. | |
Blueprints | View Blueprints. | Get a list of Blueprints in an organization. |
Blueprints | Manage Blueprints. | Create a Blueprint in an organization. |
Blueprints | Manage Blueprints. | Get information about a Blueprint in an organization. |
Blueprints | Manage Blueprints. | Update a Blueprint in an organization. |
Blueprints | Manage Blueprints. | Delete a Blueprint in an organization. |
Blueprints | Manage Blueprints. | Get or modify the members of a given type within a Blueprint in an organization. |
Configurations | View device configurations. | Get the list of Configurations in an organization. |
Configurations | View device configurations. | Get the details of a Configuration in an organization. |
Configurations | Create, edit, and delete device configurations. | Create a Configuration in an organization (of type CUSTOM_SETTING). |
Configurations | Create, edit, and delete device configurations. | Update a Configuration in an organization (of type CUSTOM_SETTING). |
Configurations | Create, edit, and delete device configurations. | Delete a Configuration in an organization. |
Packages | View and manage devices using built-in device management. | Get packages in an organization. |
Apps | View Apps. | Get the licensed apps in an organization. |
Audit events | Access audit events using the Admin API. | Retrieve a list of audit events for an organization, filtered by various criteria. An audit event represents an activity within the organization, for example adding or removing a device. |
Generate a private key
To maintain a secure connection to Apple Business, you need to generate a private key. The key’s filename ends in .pem, and you generate it only once.
Create a new API account and download the private key
In Apple Business, sign in with a user who has the role of Organization Administrator.
Select Add API Account, enter the name of the user and select their role, then select Next.
Choose one of the following:
Select Generate & Download to generate and download the key.
The file automatically downloads to the file download location in your browser preferences or, if there isn’t a location, the system asks where to save the file.
Select Not Now to generate the private key later.
Select Edit to view the information you need to create the connection.
Review the Apple Developer documentation on how to create the connection.
Edit an existing API account that moved from Apple Business Manager or Apple Business Essentials
If your organization moved from Apple Business Manager or Apple Business Essentials to Apple Business and you had any existing API accounts, those accounts now have a custom role. You can review and edit any API account information.
In Apple Business, sign in with a user who has the role of Organization Administrator.
Select Edit next to an existing API account.
If necessary, choose any of the following:
Change the account name
Change the role
The custom role is Device API Manager. To edit the role’s permissions, see Intro to roles and permissions.
Copy the Client ID to your Clipboard.
Copy the Key ID to your Clipboard.
Revoke the private key.
Select Save.
Review the Apple Developer documentation on how to manage the connection.