Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/server/mdm/nanodep/docs/openapi.yaml
Martin Angers 2dfb260850
Move nanodep dependency in monorepo (#16984)
2024-02-26 10:26:00 -05:00

287 lines
No EOL
9.8 KiB
YAML
Raw Blame History

openapi: 3.0.0
info:
version: 0.1.0
title: NanoDEP depserver API
servers:
- url: http://[::1]:9001/
paths:
/version:
get:
description: Returns the running NanoDEP depserver version
responses:
'200':
description: Successful response
content:
application/json:
schema:
type: object
properties:
version:
type: string
example: "v0.1.0"
/v1/assigner/{name}:
get:
description: Return the assigner profile UUID for the given DEP name.
security:
- basicAuth: []
responses:
'200':
description: Assigner profile UUID corresponding to the DEP name.
content:
application/json:
schema:
$ref: '#/components/schemas/AssignerProfileUUID'
'401':
$ref: '#/components/responses/UnauthorizedError'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/JSONAPIError'
put:
description: Assign a profile UUID for assignment for the given DEP name.
security:
- basicAuth: []
responses:
'200':
description: The store assigner profile UUID corresponding to the DEP name.
content:
application/json:
schema:
$ref: '#/components/schemas/AssignerProfileUUID'
'401':
$ref: '#/components/responses/UnauthorizedError'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/JSONAPIError'
parameters:
- $ref: '#/components/parameters/depName'
- in: query
name: profile_uuid
required: true
schema:
type: string
example: "48E4F9B0DB9B76F1"
/v1/config/{name}:
get:
description: Return the config for the given DEP name.
security:
- basicAuth: []
responses:
'200':
description: Config corresponding to the DEP name.
content:
application/json:
schema:
$ref: '#/components/schemas/Config'
'401':
$ref: '#/components/responses/UnauthorizedError'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/JSONAPIError'
put:
description: Set the config for the given DEP name.
security:
- basicAuth: []
requestBody:
description: Config for the given DEP name.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Config'
responses:
'200':
description: Config corresponding to the DEP name.
content:
application/json:
schema:
$ref: '#/components/schemas/Config'
'401':
$ref: '#/components/responses/UnauthorizedError'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/JSONAPIError'
parameters:
- $ref: '#/components/parameters/depName'
/v1/tokens/{name}:
get:
description: Return the DEP OAuth1 tokens for the given DEP name.
security:
- basicAuth: []
responses:
'200':
description: The DEP OAuth1 tokens for the given DEP name.
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth1Tokens'
'401':
$ref: '#/components/responses/UnauthorizedError'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/JSONAPIError'
put:
description: Upload and store DEP OAuth1 tokens for the given DEP Name.
security:
- basicAuth: []
externalDocs:
description: Apple documentation describing the decrypted DEP server OAuth1 tokens.
url: https://developer.apple.com/documentation/devicemanagement/device_assignment/authenticating_with_a_device_enrollment_program_dep_server/examining_server_tokens
requestBody:
description: OAuth1 tokens.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth1Tokens'
responses:
'200':
description: The parsed and stored OAuth1 tokens are returned.
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth1Tokens'
'401':
$ref: '#/components/responses/UnauthorizedError'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/JSONAPIError'
parameters:
- $ref: '#/components/parameters/depName'
/v1/tokenpki/{name}:
get:
description: Generate and store a new X.509 certificate and RSA private key (keypair) for exchanging the encrypted DEP OAuth1 tokens via the Apple ABM/ASM/BE portal. Each request generates a new (and overwrites the existing) keypair. The certificate is returned.
security:
- basicAuth: []
responses:
'200':
description: X.509 certificate of the keypair used to encrypted the OAuth1 tokens.
headers:
Content-Disposition:
schema:
type: string
description: Suggested filename of (attachment) of certificate.
content:
application/x-pem-file:
schema:
type: string
example: |-
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIIZ7SjAeWsGIwwDQYJKoZIhvcNAQELBQAwgYwxQDA+BgNV
[..snip..]
lL5jy74l8Za59w==
-----END CERTIFICATE-----
'401':
$ref: '#/components/responses/UnauthorizedError'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/JSONAPIError'
put:
description: Decrypt the OAuth1 tokens from the Apple ABM/ASM/BE portal and store them.
security:
- basicAuth: []
requestBody:
description: The contents of the .p7m file that Apple provides on the ABM/ASM/BE portal after you've uploaded the public key certificate.
required: true
content:
application/pkcs7-mime:
schema:
type: string
example: |-
Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Content-Description: S/MIME Encrypted Message
MIAGCSqGSIb3DQEHA6CAMIACAQAxggE1MIIBMQIBADAZMBQxEjAQBgNVBAMTCWRlcHNlcnZlcgIB
[..snip..]
ZZ4DvF5PZOQGA9R6pW0/L29ixfg8H8hPkXoJ7AkYI09sf4DMTzaesQAAAAAAAAAAAAA=
responses:
'200':
description: Newly decrypted OAuth1 tokens corresponding to the DEP name.
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth1Tokens'
'401':
$ref: '#/components/responses/UnauthorizedError'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/JSONAPIError'
parameters:
- $ref: '#/components/parameters/depName'
components:
parameters:
depName:
name: name
in: path
description: Name of DEP server instance
required: true
style: simple
schema:
type: string
example: 'mymdmserver'
securitySchemes:
basicAuth:
type: http
scheme: basic
responses:
UnauthorizedError:
description: API key is missing or invalid.
headers:
WWW-Authenticate:
schema:
type: string
BadRequest:
description: There was a problem with the supplied request. The request was in an incorrect format or other request data error.
JSONAPIError:
description: An error occured on this endpoint.
content:
application/json:
schema:
type: object
properties:
error:
type: string
example: "it was sunny outside"
schemas:
AssignerProfileUUID:
type: object
properties:
profile_uuid:
type: string
example: "48E4F9B0DB9B76F1"
Config:
type: object
properties:
base_url:
type: string
format: url
example: "http://127.0.0.1:8080/"
description: The base URL of the Apple Device Assignment Services server to call out to. Typically only overridden when talking to another DEP server such as the `depsim` simulator.
OAuth1Tokens:
type: object
properties:
consumer_key:
type: string
example: "CK_48dd68d198350f51258e885ce9a5c37ab7f98543c4a697323d75682a6c10a32501cb247e3db08105db868f73f2c972bdb6ae77112aea803b9219eb52689d42e6"
consumer_secret:
type: string
example: "CS_34c7b2b531a600d99a0e4edcf4a78ded79b86ef318118c2f5bcfee1b011108c32d5302df801adbe29d446eb78f02b13144e323eb9aad51c79f01e50cb45c3a68"
access_token:
type: string
example: "AT_927696831c59ba510cfe4ec1a69e5267c19881257d4bca2906a99d0785b785a6f6fdeb09774954fdd5e2d0ad952e3af52c6d8d2f21c924ba0caf4a031c158b89"
access_secret:
type: string
example: "AS_c31afd7a09691d83548489336e8ff1cb11b82b6bca13f793344496a556b1f4972eaff4dde6deb5ac9cf076fdfa97ec97699c34d515947b9cf9ed31c99dded6ba"
access_token_expiry:
type: string
format: date-time
example: "2023-06-01T05:59:16Z"
Reference in a new issue View git blame Copy permalink