Create an API account in Apple Business
Overview
With the Apple Business API, you can edit the devices’ management assignments, view device information, automate device assignment workflows, integrate device inventory data into third-party platforms or build custom dashboards – tasks that would otherwise require manual web portal navigation. The API supports OAuth 2 so apps authenticate with a set of credentials in exchange for an access token to make authenticated requests to the API.
Before you can use these APIs, you need to create an API account in Apple Business. Only users with the role of Organisation Administrator can create an API account.
Note: You can have up to 50 API accounts.
Data access
When the API account is properly configured, that account can allow an app to access the following information:
Category | Permission name | Description |
|---|---|---|
Devices | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get a list of devices in an organisation that enrol using Automated Device Enrolment. |
Devices | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get information about a device in an organisation, such as the device model order number and part number. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get a list of device management services in an organisation. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get a list of device serial numbers assigned to a device management service. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get the assigned device management service ID information for a device. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get the assigned device management service information for a device. |
Device management services | View device management services, manage default platform assignment, and add devices with Apple Configurator. | Get information for an organisation device activity that a device management action creates, such as assign or unassign. |
Device management services | Assign devices to device management services | Assign or unassign devices to a device management service. |
User management services | Get a list of users in an organisation. | |
User management services | Get information about a specific user in an organisation. | |
User group management services | Get a list of user groups in an organisation. | |
User group management services | Get information about a specific user group in an organisation. | |
User group management services | Get a list of users assigned to a user group in an organisation. | |
Blueprints | View Blueprints | Get a list of Blueprints in an organisation. |
Blueprints | Manage Blueprints | Create a Blueprint in an organisation. |
Blueprints | Manage Blueprints | Get information about a Blueprint in an organisation. |
Blueprints | Manage Blueprints | Update a Blueprint in an organisation. |
Blueprints | Manage Blueprints | Delete a Blueprint in an organisation. |
Blueprints | Manage Blueprints | Get or modify the members of a given type within a Blueprint in an organisation. |
Configurations | View device configurations | Get the list of Configurations in an organisation. |
Configurations | View device configurations | Get the details of a Configuration in an organisation. |
Configurations | Create, edit and delete device configurations | Create a Configuration in an organisation (of type CUSTOM_SETTING). |
Configurations | Create, edit and delete device configurations | Update a Configuration in an organisation (of type CUSTOM_SETTING). |
Configurations | Create, edit and delete device configurations | Delete a Configuration in an organisation. |
Packages | View and manage devices using built-in device management | Get packages in an organisation. |
Apps | View Apps. | Get the licensed apps in an organisation. |
Audit events | Access audit events using the Admin API. | Retrieve a list of audit events for an organisation, filtered by various criteria. An audit event represents an activity within the organisation, for example adding or removing a device. |
Generate a private key
To maintain a secure connection to Apple Business, you need to generate a private key. The key’s filename ends in .pem, and you generate it only once.
Create a new API account and download the private key
In Apple Business, sign in with a user who has the role of Organisation Administrator.
Select Add API Account, enter the name of the user and select their role, then select Next.
Choose one of the following:
Select Generate & Download to generate and download the key.
The file automatically downloads to the file download location in your browser preferences or, if there isn’t a location, the system asks where to save the file.
Select Not Now to generate the private key later.
Select Manage to view the information you need to create the connection.
Review the Apple Developer documentation on how to create the connection.
Edit an existing API account migrated from Apple Business Manager or Apple Business Essentials
If your organisation migrated from Apple Business Manager or Apple Business Essentials to Apple Business and you had any existing API accounts, those accounts now have a default role. You can review and edit any API account information.
In Apple Business, sign in with a user who has the role of Organisation Administrator.
Select Edit next to an existing API account.
If necessary, do any of the following:
Change the account name
Change the role
The custom role is Device API Manager. To edit the role’s permissions, see Intro to roles and permissions.
Copy the Client ID to your Clipboard.
Copy the Key ID to your Clipboard.
Revoke the private key.
Select Save.
Review the Apple Developer documentation on how to create the connection.