Jamf API Setup Guide¶

This guide walks you through setting up API access for JamfMCP with the appropriate privileges following the principle of least privilege.

Authentication Methods¶

JamfMCP only suports OAuth client credentials for authentication. OAuth client credentials provide token-based authentication using the OAuth 2.0 standard.

Create an API Role¶

  1. Navigate to Settings → System → API roles and clients in Jamf Pro

  2. Select the API Roles tab, then click New in the upper right hand corner to create a new API role

  3. Name it something descriptive like “JamfMCP Read-Only”

  4. Grant the following privileges:

Required Privileges Checklist

Computers

  • Read Computers

  • Read Computer Inventory Collection

  • Read Computer Groups

  • Read Computer Extension Attributes

  • Read Computer Check-In

  • Read Computer MDM Command Information

Policies & Profiles

  • Read Policies

  • Read macOS Configuration Profiles

  • Read Scripts

  • Read Packages

  • Read Patch Management Software Titles

  • Read Patch Policies

Organization

  • Read Buildings

  • Read Departments

  • Read Network Segments

  • Read Sites

  • Read Categories

Users & Groups

  • Read Users

  • Read User Groups

  • Read LDAP Servers

  • Read Directory Bindings

Security & Compliance

  • Read Restricted Software

  • Read Licensed Software

  • Read Advanced Computer Searches

  • Read Webhooks

  • Read Extension Attributes

Create an API Client¶

  1. Navigate to Settings → System → API roles and clients

  2. Select the API Clients tab, then click New to create a new API client

  3. Configure the client:

    • Display Name: “JamfMCP Client”

    • API Role: Select the role created in Step 1

    • Client ID: Auto-generated (save this!)

    • Client Secret: Click “Generate” (save this securely!)

Warning

The client secret is only shown once! Save it immediately in a secure location.

Server URL Format¶

The JAMF_URL can be specified in several formats:

  • FQDN only: your-server.jamfcloud.com

  • With protocol: https://your-server.jamfcloud.com

  • With port: https://your-server.com:8443

  • With path: https://your-server.com/jamf

JamfMCP will automatically handle the URL formatting.

API Rate Limits and Best Practices¶

Jamf Pro implements API rate limiting to protect server performance. JamfMCP respects these limits and implements automatic retry logic with exponential backoff.

Best Practices:

  • Avoid excessive concurrent requests

  • Use targeted queries rather than full inventory pulls when possible

  • Consult the Jamf Pro API documentation for endpoint-specific guidance

Danger

JamfMCP’s read-only operations are meant to be low-impact, but sustained high-volume API usage on any platform can affect server responsiveness. Although rare it is technically possible with automated or repeated large-scale queries.

See also