AirWatch Hands-on Labs

VMware AirWatch REST API

In this section we will go through several REST APIs using both GET and POST commands. We will wrap up the module by un-enrolling the device using a DELETE API request.

1. Get the REST API Key from console

In this section, we will get the REST API Key.

1.1. Click on All Settings

Return to the AirWatch console.

Click Groups & Settings.
Click All Settings.

1.2. Navigate to REST API Settings

Click on System.
Expand the Advanced section.
Expand the API section.
Click REST API.

1.3. Note the REST API Key

Select Override for Current Setting.
Select Enabled for Enable API Access.
Using your mouse, highlight the API Key that is in API Key text box for the AirWatchAPI service. Right click on the text and select Copy.

1.4. Save the REST API Key

You may need to scroll down to find the Save button.
Click Save.
Click the Close button in the top right corner.

1.5. Open Notepad on the Main Console Server

Click the Windows Start Button.
Type "Notepad" in the search field.
Click on Notepad in the Programs list.

1.6. Paste the API Key Into Notepad

In Notepad, click on Edit.
Click on Paste. This will paste the API key into notepad.

2. REST Client Setup

In this section, you will configure a REST Client application on the Main Console server. This application will allow you to easily send REST API calls to AirWatch without having to go through the process of actually creating an application. For this module we will be using an application called Postman.

2.1. Launch the Postman App

Double-click the Postman shortcut from the Desktop to launch Postman.

NOTE - The Postman application may take a second to launch after double-clicking, please wait while the application loads.

2.2. Configure Authorization Type as Basic Auth

Enter Username and Password for POSTMAN REST API client

In this section, we will prepare the Postman REST client to test AirWatch REST APIs.

Notice the History tab, which tracks the history of the REST APIs that you have used. You can reuse the entries from this section if you want to use the same API with any modifications.
Click the Hide Sidebar button to hide the History and Collections tabs, as we will not be utilizing them during the lab.
Select the Authorization tab.
Click the Type dropdown.
Select Basic Auth.

2.3. Enter The User Credentials

NOTE - If there are any existing values in the Username or Password field, remove them and use the details below:

Enter the AirWatch Administrator account name. This will be your email address that you used to sign into the Lab.
Enter the password as "VMware1!"
Click on Show Password to ensure that you have entered the correct password.

2.4. Bring Up Notepad

Select Notepad from the tray.

2.5. Select the API Key From Notepad

In Notepad, click on Edit.
Click on Select All.

2.6. Copy the API Key From Notepad

Click on Edit.
Click on Copy.

2.7. Select the Postman App.

Select Postman from the tray.

2.8. Add the API Key to the Header

Click on the Headers tab.
Enter "aw-tenant-code" in the Key field.
Click the Value field next to the aw-tenant-code Key you just entered to select it.
Click Edit.
Click Paste.

Now, we have our REST Client setup with Basic Authentication and another header with the AirWatch REST API key. In the following section, we will use this setup to make REST API calls.

NOTE - The AirWatch APIs also require the Authorization header, which is built from the username and password provided in the Basic Authorization section. Postman will automation add this Authorization header when we send our first request.

3. GET Commands - Enrolled Devices for a User

GET commands are usually used to get some information from the server. The GET commands are primarily targeted towards 'get'ting information from the database without making any change to the data.

The following API command requests information on the enrolled devices for a user.

3.1. Search Device API request

Confirm that GET is selected..
Enter the URL https://hol.awmdm.com/api/mdm/devices/search?user=testuser in the URL field.
NOTE - Please refer the section on how to copy and paste text in VLP in case you want to use that feature to enter URL.
Click the Send button.

3.2. Validate Search Device API response

NOTE - You may need to scroll down to find the Body section to view the full response.

Ensure that you get a status as 200 OK. That indicates that your query is successful.
Click on the response format to Pretty.
Note the value of key Id under Devices. We will be using this in one of the POST API queries. You may use notepad to note down this value as you did with the REST API key.
Note the value of key UserId under Devices. We will be using this in the following REST APIs. You may use notepad to note down this value as you did with the REST API key.

4. GET Commands - Enrollment User Details

This API command retrieves details about an enrollment user. For this lab, since we used 'testuser' to enroll the device, we going to use the user id of 'testuser' to retrieve the enrollment user details.

4.1. Enrollment User Details API request

Confirm that GET is selected.
Enter the URL https://hol.awmdm.com/api/system/users/{UserId} in the URL field. Replace {UserId} with the UserId obtained from from the Validate Search Device API Response step.
Click on the Send button.

4.2. Validate Enrollment User API response

NOTE - You may need to scroll down to find the Body section to view the full response.

Ensure that you get a status as 200 OK. That indicates that your query is successful.
Confirm the information about the enrollment user.

5. GET Commands - Device Applications

In this step you will use the API to search for all Applications that are in the AirWatch App Catalog for Apple devices.

5.1. Application Search API request

Confirm that GET is selected.
Enter the URL https://hol.awmdm.com/api/mam/apps/search?platform=Apple in the URL field.
Click on the Send button.

5.2. Validate Application Search API response

In this step, you will use the API to search for all Applications that are in the AirWatch App Catalog for Apple devices.

Ensure that you get a status as 200 OK. That indicates that your query is successful.
If you have multiple entries of Application entities, scroll down through the response until you find the entry with ApplicationName as AW REST API

6. POST Commands - Lock Device

POST REST API commands are usually intended to perform some action. In this section, we will 'post' some data to the database to make changes and we will verify those changes on the enrolled device.

6.1. POST Lock Device

This API command can remotely lock a device. Prior to performing this step, please confirm that your enrolled device is on and unlocked.

Change the command type to POST.
Enter the URL https://hol.awmdm.com/api/mdm/devices/{deviceID}/lockdevice. Replace {DeviceID} with the DeviceId returned in the Validate Search Device API Response.
Click on the button Send.

6.2. Confirm Device Lock

Confirm that the API Response status is a 202 Accepted.

Confirm that the enrolled device is now locked.

7. POST Commands - Send a Message

This API command sends a push message to the enrolled device. In real world scenario, this API can be used to automate notifying managed devices about a certain event/action without requiring to login to the AirWatch UEM console and send push messages manually.

7.1. Send Push Message to the enrolled device - Add Header for JSON

In this section, we will explore how to make a JSON REST API request. We will add a header to the POST request so that API uses JSON format instead of XML that we have used so far.

Confirm that POST is selected.
Enter the URL https://hol.awmdm.com/api/mdm/devices/{DeviceId}/sendmessage in the URL field. Replace {DeviceId} with the DeviceId returned in the Validate Search Device API Response step.
Add a new header as "Content-Type".
Enter the value of the header as "application/json".

7.2. Send Push Message to the enrolled device - Add Body

Click the Body tab.
Click on the Raw radio button to change the format.
Select JSON (application/json) from the dropdown.
Enter the following text in the body section. Please refer to the section How to Copy and Paste in VLP if you prefer copy and paste the following text:
{ "MessageBody" : "AirWatch Test Push Message", "Application" : "AirWatch Agent", "MessageType" : "Push Notification" }
Ensure that you are not seeing X marks. If you do then double check quotes and commas in the text body to correct those errors.
Click on Send.

7.3. Confirm Message Delivery

Ensure that you get the API response status as 202 Accepted is returned. You should now see a push notification with the text AirWatch Test Push Message on your device.

8. DELETE Request

In this section, you will see how to use a HTTP DELETE command. You will issue a single command to AirWatch to delete the device. Deleting a device will initiate an Enterprise Wipe (or un-enrollment) and will remove the device from the AirWatch database. This will NOT perform a factory reset on the device and will not in any way delete any data from the device that was there prior to enrolling the device into AirWatch.

8.1. Creating the DELETE Request

Ensure that you are selecting REST Query type as DELETE.
Use the following API to Delete the device from AirWatch UEM: https://hol.awmdm.com/API/mdm/devices/{DeviceId}. Replace {DeviceId} with the deviceId returned in the Validate Search Device API Response step.

8.2. Device Delete Confirmation

Select form-data to clear the API request body.
Click on Send.
Ensure that you get the API response status as 200 OK.

The device will no longer be enrolled in AirWatch and the AW REST API app has been removed from the device along with any other applications that were present.

9. Conclusion and Wrap Up

This concludes the AirWatch REST API Module. There are many more API's available which can be leveraged to automate many of the AirWatch UEM console actions without logging in to the console. REST APIs are powerful tools to perform bulk actions at the trigger of certain events to enhance the existing functionality of the AirWatch UEM solution.