Apple Business Manager (ABM) and Apple School Manager (ASM) have evolved significantly in recent years, but one critical piece has been missing: programmatic access. That changed with the introduction of the ABM/ASM API, opening new possibilities for automation, integration, and workflow enhancement.
At PSU Mac Admins, Iru's Weldon Dodd and Arek Dreyer walked through this new capability, demonstrating how it works, and discussing its implications for administrators who manage Mac computers. Let’s dive into the details.
Before exploring the API itself, it’s worth highlighting the significant improvements Apple has made to the ABM/ASM web portal. These changes provide valuable context for what’s now accessible programmatically.
Key additions include:
These enhancements make many previously inaccessible features available through the web portal and provide a foundation for programmatic access via the new API.
The ABM/ASM API transforms these web portal capabilities into programmatically accessible functions, creating numerous opportunities for automation and integration.
Some key use cases include:
The AppleCare information integration is particularly significant for organizations outside the U.S. where access to GSX (Apple’s Global Service Exchange) is often limited. Moving AppleCare data into ABM broadens accessibility for companies seeking warranty and support details.
While the API unlocks exciting new capabilities, it also has notable limitations administrators should understand:
The inability to programmatically release devices is a particularly noticeable gap, as this functionality would streamline workflows for many administrators managing device lifecycles.
The ABM/ASM API uses OAuth2 for authentication, following a secure multi-step process. Here’s the workflow for setting up access:
1. Create an API account in ABM/ASM:The process, while detailed, ensures secure programmatic access. This flow can be implemented in Python using libraries like <code>requests</code>, <code>authlib, and <code>pycryptodome. </code> However, any language with support for elliptic curve cryptography can be used to create client assertions and interact with the API.
The API currently provides eight endpoints, enabling the following operations:
These endpoints enable workflows like filtering active versus released devices, organizing devices by MDM assignment, retrieving detailed device information for asset management, and automating device assignments based on criteria.
For testing and debugging, administrators can use tools like Postman to experiment with the endpoints before integrating them into production workflows.
The ABM/ASM API marks a significant milestone in Apple’s evolving approach to device management. While the current version has limitations, it lays the groundwork for more comprehensive programmatic control in the future.
Administrators are already considering innovative ways to leverage this new capability, from building custom integrations to automating complex workflows. For organizations seeking efficiency, streamlined tasks, and enhanced integration, the API is a welcome addition—offering practical use cases even in its initial form.
Over time, Apple’s commitment to expanding API functionality should enable deeper control and new possibilities for managing Mac and iOS devices at scale.
Whether you’re in education, enterprise, or specialized environments, the ABM/ASM API is a valuable tool for taking device management to the next level.
Kandji is now Iru. This article was originally published under the Kandji brand.