Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

[Guide update] Which API endpoints to expose (#35061)

Browse source 
- iOS/iPadOS and Android hosts

---------

Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
This commit is contained in:
Noah Talerman 2025-11-12 15:39:47 -05:00 committed by GitHub
parent 188a91cf4d
commit ad3f9f32c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
articles/what-api-endpoints-to-expose-to-the-public-internet.md
View file

@ -9,9 +9,9 @@ If you would like to manage hosts that can travel outside your VPN or intranet,
- `/api/osquery/*`
- `/api/v1/osquery/*`
## Using Fleet Desktop on remote devices
## Fleet Desktop
If you're using Fleet Desktop `/api/*/fleet/device/*/desktop` must be exposed in the API, and for the end user **Fleet Desktop > My device** page `/device/*` and `/assets/*` must be exposed.
If you're using Fleet Desktop, `/api/*/fleet/device/*/desktop` must be exposed in the API, and for the end user **Fleet Desktop > My device** page `/device/*` and `/assets/*` must be exposed.
For full Fleet Desktop and scripts functionality, `/api/fleet/orbit/*` and`/api/fleet/device/ping` must also be exposed.
@ -23,7 +23,7 @@ If you would like to use the fleetctl CLI from outside of your network, the foll
- `/api/*/setup`
- `/api/*/fleet/*`
## Using Fleet's MDM features
## MDM features
### macOS
@ -56,8 +56,20 @@ If you would like to use Fleet's Windows MDM features, the following endpoints n
- `/api/mdm/microsoft/tos`: Presents end users with the Terms of Service agreement during out-of-the-box Windows setup. Required for automatic enrollment.
- `/api/mdm/microsoft/auth`: If you use automatic enrollment, authenticates end users during out-of-the-box Windows setup.
- See the [section 3.2 on the MS-MDE2 specification](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mde2/27ed8c2c-0140-41ce-b2fa-c3d1a793ab4a) for more details.
### iOS and iPadOS
### SCEP proxy
If you would like to use Fleet's iOS/iPadOS MDM features, the following endpoints need to be exposed:
- `/enroll`: Allows end users to access the enrollment page on which they download an enrollment profile to enroll their iOS/iPadOS host.
- `/api/*/fleet/enrollment_profiles/ota`: Allows hosts to download an enrollment profile.
### Android
- `/enroll`: Allows end users to access the enrollment page where they select a link to enroll their Android host.
- `/api/*/fleet/android_enterprise/pubsub`: Allows Fleet to receive enrollment and status report [notifications from the Android Management API](https://developers.google.com/android/management/reference/rest/v1/enterprises).
## SCEP proxy
If you would like to use Fleet as a SCEP proxy, the following endpoint needs to be exposed: