Policy Management via the Console

This section provides the details of the REST APIs used manage policies via the EMM console:

Adding a policy via the console

Description

Add a policy using this REST API command. When adding a policy you will have the option of saving the policy or saving and publishing the policy. Using the REST API command given below you are able to save a created Policy and this policy will be in the inactive state.

For a better understanding on how this works via the EMM console, see Adding a Policy.
For more information on adding an active policy via the REST API, see Adding an Active Policy.

Resource Path /inactive-policy

URL /mdm-admin/policies/inactive-policy

HTTP Method POST

Request/Response Format application/json

cURL command

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactive-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to add a policy as the as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactive-policy

Sample output

> POST /mdm-admin/policies/inactive-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 420
< HTTP/1.1 201 Created
< Date: Thu, 25 Feb 2016 06:30:18 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}

Sample JSON Definition

{  
   "policyName":"Camera",
   "description":"Optional",
   "compliance":"enforce",
   "ownershipType":"ANY",
   "profile":{  
      "profileName":"Camera",
      "deviceType":{  
         "id":1
      },
      "profileFeaturesList":[  
         {  
            "featureCode":"CAMERA",
            "deviceTypeId":1,
            "content":{  
               "enabled":true
            }
         }
      ]
   },
   "users":[],
   "roles":[]
}

Property value	Description
`policyName`	The name of the policy.
`Description`	Provide a description on what the policy is based on.
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`ownershipType`	Define the define ownership type using the values given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`profile`	Provide the policy profile details.
`profileName`	The name of the policy that is being added.
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.
`profileFeaturesList`	Lists the features that belong to the profile.
`featureCode`	Provide the code that defines the policy you wish to add. Example: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`deviceTypeId`	The ID used to define the type of the device platform.
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.
`enabled`	In the context of adding a policy for cameras. The filed is used to define if the camera on the device is permitted to be used or not. `true` - The camera is enabled. `false` - the camera is disabled.
`users`	Define the users the policy needs to be applied on. The policy will be applied on the respective users devices.
`roles`	Define the roles the policy needs to be applied on. The policy will be applied on the respective user roles devices.

If you wish to add a new policy criteria than what is already supported (users and roles) you can do so by defining a new policy criteria within the "policyCriterias":[] field.

Adding an active policy

Description

Add a policy that is in the active state using the REST API command. When adding a policy you will have the option of saving the policy or saving and publishing the policy. Using the REST API command given below you are able to save and publish a created policy and this policy will be in the active state.

For a better understanding on how this works via the EMM consoles, see Adding a Policy.
For more information on adding an inactive policy via the REST API, see Adding a Policy via the Console.

Resource Path /active-policy

URL /mdm-admin/policies/active-policy

HTTP Method POST

Request/Response Format application/json

cURL command

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/active-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to add an active policy as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/active-policy

Sample output

> POST /mdm-admin/policies/active-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 326a1824316a122152570d2dfd137ee7
> Content-Length: 420
< HTTP/1.1 201 OK
< Date: Thu, 25 Feb 2016 08:26:09 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}

Sample JSON Definition

{  
   "policyName":"Camera",
   "description":"Optional",
   "compliance":"enforce",
   "ownershipType":"ANY",
   "profile":{  
      "profileName":"Camera",
      "deviceType":{  
         "id":1
      },
      "profileFeaturesList":[  
         {  
            "featureCode":"CAMERA",
            "deviceTypeId":1,
            "content":{  
               "enabled":true
            }
         }
      ]
   },
   "users":[],
   "roles":[]
}

Property value	Description
`policyName`	The name of the policy.
`Description`	Provide a description on what the policy is based on.
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`ownershipType`	Define the ownership type using the values given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`profile`	Provide the policy profile details.
`profileName`	The name of the policy that is being added.
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID of the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.
`profileFeaturesList`	Lists the features that belong to the profile.
`featureCode`	Provide the code that defines the policy you wish to add. Example: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`deviceTypeId`	The ID used to define the type of the device platform.
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.
`enabled`	In the context of adding a policy for cameras this filed is used to define if the camera on the device is permitted to be used or not. `true` - The camera is enabled. `false` - the camera is disabled.
`users`	Define the users the policy needs to be applied on. The policy will be applied on the respective user's devices.
`roles`	Define the roles the policy needs to be applied on. The policy will be applied on the respective user role's devices.

If you wish to add a new policy criteria than what is already supported (users and roles) you can do so by defining a new policy criteria within the "policyCriterias":[] field.

Getting details of policies

Description

Retrieve the details of all the policies that you have created in WSO2 EMM.

Resource Path /

URL /mdm-admin/policies/

HTTP Method GET

Request/Response Format application/json

cURL command

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/

Sample output

> GET /mdm-admin/policies/ HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 25 Feb 2016 08:29:09 GMT
< Content-Type: application/json
< Content-Length: 1205
< Server: WSO2 Carbon Server
{"id":1,"priorityId":1,"profile":{"profileId":1,"profileName":"Camera","tenantId":-1234,"deviceType":{"id":1,"name":"android"},"createdDate":"Feb 25, 2016 12:00:18 PM","updatedDate":"Feb 25, 2016 12:00:18 PM","profileFeaturesList":[{"id":1,"featureCode":"CAMERA","profileId":1,"deviceTypeId":1,"content":"{\"enabled\":true}"}]},"policyName":"Camera","generic":false,"roles":[],"ownershipType":"ANY","devices":[],"users":[],"active":false,"updated":false,"description":"Optional","compliance":"enforce","policyCriterias":[],"tenantId":-1234,"profileId":1}

Sample JSON Definition

{  
   "id":1,
   "priorityId":1,
   "profile":{  
      "profileId":1,
      "profileName":"Camera",
      "tenantId":-1234,
      "deviceType":{  
         "id":1,
         "name":"android"
      },
      "createdDate":"Feb 25, 2016 12:00:18 PM",
      "updatedDate":"Feb 25, 2016 12:00:18 PM",
      "profileFeaturesList":[  
         {  
            "id":1,
            "featureCode":"CAMERA",
            "profileId":1,
            "deviceTypeId":1,
            "content":"{\"enabled\":true}"
         }
      ]
   },
   "policyName":"Camera",
   "generic":false,
   "roles":[],
   "ownershipType":"ANY",
   "devices":[],
   "users":[],
   "active":true,
   "updated":true,
   "description":"Optional",
   "compliance":"enforce",
   "policyCriterias":[],
   "tenantId":-1234,
   "profileId":1
}

Property value	Description
`id`	The policy ID.
`priorityId`	The priority order of the policy. 1 indicates the highest priority.
`profile`	Contains the details of the profile that is included in the policy. Example: The policy will contain a profile of disabling a camera on a device and encrypting the storage.
`profileId`	The ID of each profile that is in the selected policy.
`profileName`	The name of the profile.
`tenantId`	The ID of the tenant that added the policy.
`deviceType`	Contains the device type details the policy was created for.
`id`	The ID of the device type.
`name`	The device platform type.
`createdDate`	The date the policy was created.
`updatedDate`	The date the changes made to the policy was published to the devices registered with the EMM.
`profileFeaturesList`	Contains the features specific to each profile in the policy.
`id`	The ID of the feature list.
`featurecode`	The code specific for the feature of the profile. The code that defines the profile. Example for feature codes: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`profileId`	The ID of the profile the features belong to.
`deviceTypeId`	The Id of the device type.
`content`	Contains the details of the features and the values assigned when adding the policy.
`policyName`	The name of the policy.
`roles`	The roles to whom the policy is applied on.
`ownershipType`	The policy ownership type. It can be any of the following values: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`devices`	Lists out the devices the policy is enforced on. This field will be empty if you have not defined the devices the policy needs to be applied on. If a policy is enforced on a device when the device registers with EMM, those device details will not be shown here.
`users`	Lists out the users on whose devices the policy is enforced.
`activate`	If the value is true it indicates that the policy is active. If the value is false it indicates that the policy is inactive.
`updated`	If you have made changes to the policy but have not applied these changes to the devices that are registered with EMM, then the value is defined as true. But if you have already applied any changes made to the policy then the value is defined as false.
`description`	Gives a description on the policy.
`compliance`	Provides the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`policyCriteria`	When adding a policy if you have added a policy criteria other than the ones given via WSO2 EMM those additional details will be given here.
`tenantId`	The ID of the tenant that created the policy.
`profileId`	The ID of the profile.

Getting details of a policy

Description

Retrieve the details of a selected policy in WSO2 EMM.

Resource Path /{id}

URL /mdm-admin/policies/{id}

HTTP Method GET

Request/Response Format application/json

cURL command

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/{id}

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
Provide the policy ID as the value for {id}. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details.

Example: Retrieve the policy details of the policy having the ID 1.

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/1

Sample output

> GET /mdm-admin/policies/1 HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 25 Feb 2016 09:53:45 GMT
< Content-Type: application/json
< Content-Length: 652
< Server: WSO2 Carbon Server
{"id":1,"priorityId":1,"profile":{"profileId":1,"profileName":"Camera","tenantId":-1234,"deviceType":{"id":1,"name":"android"},"createdDate":"Feb 25, 2016 12:00:18 PM","updatedDate":"Feb 25, 2016 12:00:18 PM","profileFeaturesList":[{"id":1,"featureCode":"CAMERA","profileId":1,"deviceTypeId":1,"content":"{\"enabled\":true}"}]},"policyName":"Camera","generic":false,"roles":[],"ownershipType":"ANY","devices":[],"users":[],"active":false,"updated":false,"description":"Optional","compliance":"enforce","policyCriterias":[],"tenantId":-1234,"profileId":1}

Sample JSON Definition

{  
   "id":1,
   "priorityId":1,
   "profile":{  
      "profileId":1,
      "profileName":"Camera",
      "tenantId":-1234,
      "deviceType":{  
         "id":1,
         "name":"android"
      },
      "createdDate":"Feb 25, 2016 12:00:18 PM",
      "updatedDate":"Feb 25, 2016 12:00:18 PM",
      "profileFeaturesList":[  
         {  
            "id":1,
            "featureCode":"CAMERA",
            "profileId":1,
            "deviceTypeId":1,
            "content":"{\"enabled\":true}"
         }
      ]
   },
   "policyName":"Camera",
   "generic":false,
   "roles":[  

   ],
   "ownershipType":"ANY",
   "devices":[],
   "users":[],
   "active":false,
   "updated":false,
   "description":"Optional",
   "compliance":"enforce",
   "policyCriterias":[],
   "tenantId":-1234,
   "profileId":1
}

Property value	Description
`id`	The policy ID.
`priorityId`	The priority order of the policy. 1 indicates the highest priority
`profile`	Contains the details of the profile that is included in the policy. Example: The policy will contain a profile of disabling a camera on a device and encrypting the storage.
`profileId`	The ID of each profile that is in the selected policy.
`profileName`	The name of the profile.
`tenantId`	The ID of the tenant that added the policy.
`deviceType`	Contains the device type details the policy was created for.
`id`	The ID of the device type.
`name`	The device platform type.
`createdDate`	The date the policy was created.
`updatedDate`	The date the changes made to the policy was published to the devices registered with the EMM.
`profileFeaturesList`	Contains the features specific to each profile in the policy.
`id`	The ID of the feature list.
`featurecode`	The code specific for the feature of the profile. The code that defines the profile. Example for feature codes: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`profileId`	The ID of the profile the features belong to.
`deviceTypeId`	The Id of the device type.
`content`	Contains the details of the features and the values assigned when adding the policy.
`policyName`	The name of the policy.
`roles`	The roles to whom the policy is applied on.
`ownershipType`	The policy ownership type. It can be any of the following values: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`devices`	Lists out the devices the policy is enforced on. This field will be empty if you have not defined to what devices the policy needs to be applied on. If a policy is enforced on a device when the device registers with EMM, those device details will not be shown here.
`users`	Lists out the users on whose devices the policy is enforced.
`activate`	If the value is true it indicates that the policy is active. If the value is false it indicates that the policy is inactive.
`updated`	If you have made changes to the policy but have not applied these changes to the devices that are registered with EMM, then the value is defined as true. But if you have already applied any changes made to the policy then the value is defined as false.
`description`	Gives a description on the policy.
`compliance`	Provides the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`policyCriteria`	When adding a policy if you have added a policy criteria other than the ones given via WSO2 EMM those additional details will be given here.
`tenantId`	The ID of the tenant that created the policy.
`profileId`	The ID of the profile.

Updating a policy

Description If you wish to make changes to an existing policy, you can do so by updating the policy using the REST API command given below.

Resource Path /{id}

URL /mdm-admin/policies/{id}

HTTP Method PUT

Request/Response Format application/json

cURL command

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/{id}

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to update the policy as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
Provide the policy ID as the value for {id}. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.

Example: Update the policy having the policy ID 1, with the changes defined in the policy.json file.

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/1

Sample output

> PUT /mdm-admin/policies/1 HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 571
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 25 Feb 2016 11:29:30 GMT
< Content-Type: application/json
< Content-Length: 78
< Server: WSO2 Carbon Server
{"messageFromServer":"Policy has been updated successfully."}

Sample JSON
Definition

{  
   "policyName":"Camera",
   "description":"Optional",
   "compliance":"enforce",
   "ownershipType":"ANY",
   "profile":{  
      "profileName":"Camera",
      "deviceType":{  
         "id":1
      },
      "profileFeaturesList":[  
         {  
            "featureCode":"CAMERA",
            "deviceTypeId":1,
            "content":{  
               "enabled":true
            }
         },
         {  
            "featureCode":"ENCRYPT_STORAGE",
            "deviceTypeId":1,
            "content":{  
               "encrypted":true
            }
         }
      ]
   },
   "roles":["ANY"]
}

Property value	Description
`policyName`	The name of the policy.
`Description`	Provide a description on what the policy is based on.
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`ownershipType`	Define the define ownership type. It will be one of the options given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`profile`	Provide the policy profile details.
`profileName`	The name of the policy that is being added.
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.
`profileFeaturesList`	Lists the features that belong to the profile.
`featureCode`	Provide the code that defines the policy you wish to add. Example: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`deviceTypeId`	The ID used to define the type of the device platform.
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.
`enabled`	In the context of adding a policy for cameras this filed is used to define if the camera is allowed to be used or not. `true` - The camera is enabled. `false` - the camera is disabled.
`users`	Define the users the policy needs to be applied on. The policy will then be applied on the respective user's devices.
`roles`	Define the roles the policy needs to be applied on. The policy will then be applied on the respective user role's devices.

Updating the policy priority

Description If you wish to make changes to the existing policy priority order, you can do so by updating the priority order using the REST API command given below.

Resource Path /priorities

URL /mdm-admin/policies/priorities

HTTP Method PUT

Request/Response Format application/json

cURL command

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/priorities

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to update the policy priority as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/priorities

Sample output

> PUT /mdm-admin/policies/priorities HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 23
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 25 Feb 2016 13:01:57 GMT
< Content-Type: application/json
< Content-Length: 80
< Server: WSO2 Carbon Server
{"statusCode":200",messageFromServer":"Policy Priorities successfully updated."}

Sample JSON
Definition

[  
   {  
      "id":2,
      "priority":1
   }
]

Property	Description
`id`	Define the ID of the policy. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.
`priority`	Define the priority of the order, where `1` indicates the highest priority.

Removing multiple policies

Description	In situations where you need to delete more than one policy you can do so using the REST API command given below.
Resource Path	`/bulk-remove`
URL	`/mdm-admin/policies/bulk-remove`
HTTP Method	`POST`
Request/Response Format	`application/json`
cURL command	curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/bulk-remove For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. Define the path to the JSON file, which includes the required properties to remove multiple policies as the `<JSON_PAYLOAD>` value. For more information, see the Sample JSON Definition. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/bulk-remove
Sample output	> POST /mdm-admin/policies/bulk-remove HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a > Content-Length: 23 < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 06:35:00 IST < Date: Thu, 25 Feb 2016 14:06:57 GMT < Content-Type: application/json < Content-Length: 80 < Server: WSO2 Carbon Server {"statusCode":200",messageFromServer":"Policies have been successfully deleted."}
Sample JSON Definition	[1,2] Define the IDs of the policies you wish to delete. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.

Activating policies

Description	Using the REST API command you are able to publish a policy in order to bring a policy that is in the inactive state to the active state.
Resource Path	`/activate`
URL	`/mdm-admin/policies/activate`
HTTP Method	`PUT`
Request/Response Format	`application/json`
cURL command	curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/activate For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. Define the path to the JSON file, which includes the required properties to activate a policy as the `<JSON_PAYLOAD>` value. For more information, see the Sample JSON Definition. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/activate
Sample output	> PUT /mdm-admin/policies/activate HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a > Content-Length: 23 < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 06:35:00 IST < Date: Thu, 25 Feb 2016 14:06:57 GMT < Content-Type: application/json < Content-Length: 80 < Server: WSO2 Carbon Server {"statusCode":200","messageFromServer": "Selected policies have been successfully activated."}
Sample JSON Definition	[{1,2}] Define the ID/IDs of the policies you wish to publish. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.

Deactivating policies

Description	Using the REST API command you are able to unpublish a policy in order to bring a policy that is in the active state to the inactive state.
Resource Path	`/inactivate`
URL	`/mdm-admin/policies/inactivate`
HTTP Method	`PUT`
Request/Response Format	`application/json`
cURL command	curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactivate For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. Define the path to the JSON file, which includes the required properties to inactivate a policy as the `<JSON_PAYLOAD>` value. For more information, see the Sample JSON Definition. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactivate
Sample output	> PUT /mdm-admin/policies/inactivate HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a > Content-Length: 23 < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 06:35:00 IST < Date: Thu, 25 Feb 2016 14:06:57 GMT < Content-Type: application/json < Content-Length: 80 < Server: WSO2 Carbon Server {"statusCode":200","messageFromServer": "Selected policies have been successfully inactivated."}
Sample JSON Definition	[{1,2}] Define the ID/IDs of the policies you wish to unpublish. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.

Applying changes on policies

Description	Policies in the active state will be applied to new device that register with WSO2 EMM based on the policy enforcement criteria . In a situation where you need to make changes to existing policies (removing, activating, deactivating and updating) or add new policies, the existing devices will not receive these changes immediately. Once all the required changes are made you need to apply the changes to push the policy changes to the existing devices.
Resource Path	`/apply-changes`
URL	`/mdm-admin/policies/apply-changes`
HTTP Method	`PUT`
Request/Response Format	`application/json`
cURL command	curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/apply-changes For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/apply-changes
Sample output	> PUT /mdm-admin/policies/apply-changes HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Fri, 26 Feb 2016 11:35:02 GMT < Content-Type: application/json < Content-Length: 80 < Server: WSO2 Carbon Server {"statusCode":200,"messageFromServer":"Changes have been successfully updated."}

Starting policy monitoring

Description	WSO2 EMM monitors the devices to identify any devices that have not complied to an enforced policy. The policy monitoring task begins at the point WSO2 EMM has a a published policy. It will monitor the device based on the policy monitoring frequency that you define in milliseconds. Using this REST API to start the policy monitoring task is optional as WSO2 EMM uses an OSGI call to start the monitoring task.
Resource Path	`/start-task/{milliseconds}`
URL	`/mdm-admin/policies/start-task/{milliseconds}`
HTTP Method	`GET`
Request/Response Format	`application/json`
cURL command	curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/start-task/{milliseconds} For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/start-task/6000
Sample output	> GET /mdm-admin/policies/start-task/600 HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Fri, 26 Feb 2016 11:50:37 GMT < Content-Type: application/json < Content-Length: 88 < Server: WSO2 Carbon Server {"statusCode":200,"messageFromServer":"Policy monitoring service started successfully."}

Updating policy monitoring

Description	WSO2 EMM monitors the devices to identify any devices that have not complied to an enforced policy. If you wish to update the policy monitoring frequency you can do so using the following REST API command.
Resource Path	`/update-task/{milliseconds}`
URL	`/mdm-admin/policies/update-task/{milliseconds}`
HTTP Method	`GET`
Request/Response Format	`application/json`
cURL command	curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/update-task/{milliseconds} For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/update-task/6500
Sample output	> GET /mdm-admin/policies/update-task/6500 HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Sat, 27 Feb 2016 07:23:15 GMT < Content-Type: application/json < Content-Length: 88 < Server: WSO2 Carbon Server {"statusCode":200,"messageFromServer":"Policy monitoring service updated successfully."}

Stopping policy monitoring

Description	WSO2 EMM monitors the devices to identify any devices that have not complied to an enforced policy. The policy monitoring task begins at the point WSO2 EMM has a a published policy. If you wish to stop the policy monitoring task you can do so by using the REST API command given below.
Resource Path	`/stop-task`
URL	`/mdm-admin/policies/stop-task`
HTTP Method	`GET`
Request/Response Format	`application/json`
cURL command	curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/stop-task For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/stop-task
Sample output	> GET /mdm-admin/policies/stop-task HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Sat, 27 Feb 2016 07:31:50 GMT < Content-Type: application/json < Content-Length: 88 < Server: WSO2 Carbon Server {"statusCode":200,"messageFromServer":"Policy monitoring service stopped successfully."}

Getting policy enforced details of a device

Description

When a device registers with WSO2 EMM a policy is enforced on the device. Initially, the EMM filters the policies based on the Platform (device type), filters based on the device ownership type , filters based on the user role or name and finally the policy is enforced on the device.

For more information, see Working with Policies.

Resource Path /{type}/{id}/active-policy

URL /mdm-admin/policies/{type}/{id}/active-policy

HTTP Method GET

Request/Response Format application/json

cURL command

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/{type}/{id}/active-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
Define the device type as the value for {type}. Example: ios, android, windows.
Define the device ID as the value for {id}.

Example:

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/iso/ee07b9c45904ef3af3tt5r4t13d0d6cd58a4567y/active-policy

Sample output

> GET /mdm-admin/policies/ios/ee07b9c45904ef3af3tt5r4t13d0d6cd58a4567y/active-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Sat, 27 Feb 2016 08:04:28 GMT
< Content-Type: application/json
< Content-Length: 797
< Server: WSO2 Carbon Server
{"id":38,"priorityId":3,"profile":{"profileId":38,"profileName":"iOS Policies","tenantId":-1234,"deviceType":{"id":33,"name":"ios"},"createdDate":"Feb 27, 2016 1:33:13 PM","updatedDate":"Feb 27, 2016 1:33:13 PM","profileFeaturesList":[{"id":39,"featureCode":"PASSCODE_POLICY","profileId":38,"deviceTypeId":33,"content":"{\"forcePIN\":true,\"allowSimple\":true,\"requireAlphanumeric\":true,\"minLength\":\"10\",
\"minComplexChars\":\"3\",\"maxPINAgeInDays\":\"50\",\"pinHistory\":\"25\",\"maxInactivity\":\"3\",
\"maxGracePeriod\":\"1\",\"maxFailedAttempts\":\"6\"}"}]},"policyName":"iOS Policies","generic":false,
"roles":["ANY"],"ownershipType":"BYOD","devices":[],"users":[],"active":true,"updated":false,"description":"","compliance":"enforce","policyCriterias":[],"tenantId":-1234,"profileId":38}

Sample JSON output

{  
   "id":38,
   "priorityId":3,
   "profile":{  
      "profileId":38,
      "profileName":"iOS Policies",
      "tenantId":-1234,
      "deviceType":{  
         "id":33,
         "name":"ios"
      },
      "createdDate":"Feb 27, 2016 1:33:13 PM",
      "updatedDate":"Feb 27, 2016 1:33:13 PM",
      "profileFeaturesList":[  
         {  
            "id":39,
            "featureCode":"PASSCODE_POLICY",
            "profileId":38,
            "deviceTypeId":33,
            "content":"{\"forcePIN\":true,\"allowSimple\":true,\"requireAlphanumeric\":true,\"minLength\":\"10\",
\"minComplexChars\":\"3\",\"maxPINAgeInDays\":\"50\",\"pinHistory\":\"25\",\"maxInactivity\":\"3\",
\"maxGracePeriod\":\"1\",\"maxFailedAttempts\":\"6\"}"
         }
      ]
   },
   "policyName":"iOS Policies",
   "generic":false,
   "roles":["ANY"],
   "ownershipType":"BYOD",
   "devices":[],
   "users":[],
   "active":true,
   "updated":false,
   "description":"",
   "compliance":"enforce",
   "policyCriterias":[],
   "tenantId":-1234,
   "profileId":38
}

Property value	Description
`id`	The policy ID.
`priorityId`	The priority order of the policy. 1 is defined as the highest priority policy.
`profile`	Contains the details of the profile that is included in the policy. Example: The policy will contain a profile of disabling a camera on a device and encrypting the storage.
`profileId`	The ID of each profile that is in the selected policy.
`profileName`	The name of the profile.
`tenantId`	The ID of the tenant that added the policy.
`deviceType`	Contains the device type details the policy was created for.
`id`	The ID of the device type.
`name`	The device platform type.
`createdDate`	The date the policy was created.
`updatedDate`	The date the changes made to the policy was published to the devices registered with the EMM.
`profileFeaturesList`	Contains the features specific to each profile in the policy.
`id`	The ID of the feature list.
`featurecode`	The code specific for the feature of the profile. The code that defines the profile. Example for feature codes: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`profileId`	The ID of the profile the features belong to.
`deviceTypeId`	The Id of the device type.
`content`	Contains the details of the features and the values assigned when adding the policy.
`policyName`	The name of the policy.
`roles`	The roles to whom the policy is applied on.
`ownershipType`	The policy ownership type. It can be any of the following values: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`devices`	Lists out the devices the policy is enforced on. This field will be empty if you have not defined to what devices the policy needs to be applied on. If a policy is enforced on a device when the device registers with EMM, those device details will not be shown here.
`users`	Lists out the users on whose devices the policy is enforced.
`activate`	If the value is true it indicates that the policy is active. If the value is false it indicates that the policy is inactive.
`updated`	If you have made changes to the policy but have not applied these changes to the devices that are registered with EMM, then the value is defined as true. But if you have already applied any changes made to the policy then the value is defined as false.
`description`	Gives a description on the policy.
`compliance`	Provides the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`policyCriteria`	When adding a policy if you have added a policy criteria other than the ones given via WSO2 EMM those additional details will be given here.
`tenantId`	The ID of the tenant that created the policy.
`profileId`	The ID of the profile.

Getting the policy count

Description	Get the number of policies that are created in WSO2 EMM.
Resource Path	`/count`
URL	`/mdm-admin/policies/count`
HTTP Method	`GET`
Request/Response Format	`application/json`
cURL command	curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/count For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/count
Sample output	> GET /mdm-admin/policies/count HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Thu, 25 Feb 2016 10:58:30 GMT < Content-Type: application/json < Content-Length: 1 < Server: WSO2 Carbon Server 10
Sample JSON Output Definition	Provides the number of policies in WSO2 EMM at the time of running the REST API command as an integer value. Example: As per the above sample output there are 10 policies in the EMM.