Policy Functions via the Console

This section provides the details of the REST APIs used to carry out functions related to policies via the EMM console:

Adding a policy via the console

Description

Add a policy using this REST API command. When adding a policy you will have the option of saving the policy or saving and publishing the policy. Using the REST API command given below you are able to save a created Policy and this policy will be in the inactive state.

For a better understanding on how this works via the EMM console, see Adding a Policy.
For more information on adding an active policy via the REST API, see Adding an Active Policy.

Resource Path /inactive-policy

URL /mdm-admin/policies/inactive-policy

HTTP Method POST

Request/Response Format application/json

cURL command

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactive-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to add a policy as the as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactive-policy

Sample output

> POST /mdm-admin/policies/inactive-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 420
< HTTP/1.1 201 Created
< Date: Thu, 25 Feb 2016 06:30:18 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}

Sample JSON Definition

{  
   "policyName":"Camera",
   "description":"Optional",
   "compliance":"enforce",
   "ownershipType":"ANY",
   "profile":{  
      "profileName":"Camera",
      "deviceType":{  
         "id":1
      },
      "profileFeaturesList":[  
         {  
            "featureCode":"CAMERA",
            "deviceTypeId":1,
            "content":{  
               "enabled":true
            }
         }
      ]
   },
   "users":[],
   "roles":[]
}

Property value	Description
`policyName`	The name of the policy.
`Description`	Provide a description on what the policy is based on.
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`ownershipType`	Define the define ownership type using the values given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`profile`	Provide the policy profile details.
`profileName`	The name of the policy that is being added.
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.
`profileFeaturesList`	Lists the features that belong to the profile.
`featureCode`	Provide the code that defines the policy you wish to add. Example: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`deviceTypeId`	The ID used to define the type of the device platform.
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.
`enabled`	In the context of adding a policy for cameras. The filed is used to define if the camera on the device is permitted to be used or not. `true` - The camera is enabled. `false` - the camera is disabled.
`users`	Define the users the policy needs to be applied on. The policy will be applied on the respective users devices.
`roles`	Define the roles the policy needs to be applied on. The policy will be applied on the respective user roles devices.

If you wish to add a new policy criteria than what is already supported (users and roles) you can do so by defining a new policy criteria within the "policyCriterias":[] field.

Adding an active policy

Description

Add a policy that is in the active state using the REST API command. When adding a policy you will have the option of saving the policy or saving and publishing the policy. Using the REST API command given below you are able to save and publish a created policy and this policy will be in the active state.

For a better understanding on how this works via the EMM consoles, see Adding a Policy.
For more information on adding an inactive policy via the REST API, see Adding a Policy via the Console.

Resource Path /active-policy

URL /mdm-admin/policies/active-policy

HTTP Method POST

Request/Response Format application/json

cURL command

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/active-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to add an active policy as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/active-policy

Sample output

> POST /mdm-admin/policies/active-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 326a1824316a122152570d2dfd137ee7
> Content-Length: 420
< HTTP/1.1 201 OK
< Date: Thu, 25 Feb 2016 08:26:09 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}

Sample JSON Definition

{  
   "policyName":"Camera",
   "description":"Optional",
   "compliance":"enforce",
   "ownershipType":"ANY",
   "profile":{  
      "profileName":"Camera",
      "deviceType":{  
         "id":1
      },
      "profileFeaturesList":[  
         {  
            "featureCode":"CAMERA",
            "deviceTypeId":1,
            "content":{  
               "enabled":true
            }
         }
      ]
   },
   "users":[],
   "roles":[]
}

Property value	Description
`policyName`	The name of the policy.
`Description`	Provide a description on what the policy is based on.
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`ownershipType`	Define the ownership type using the values given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`profile`	Provide the policy profile details.
`profileName`	The name of the policy that is being added.
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID of the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.
`profileFeaturesList`	Lists the features that belong to the profile.
`featureCode`	Provide the code that defines the policy you wish to add. Example: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`deviceTypeId`	The ID used to define the type of the device platform.
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.
`enabled`	In the context of adding a policy for cameras this filed is used to define if the camera on the device is permitted to be used or not. `true` - The camera is enabled. `false` - the camera is disabled.
`users`	Define the users the policy needs to be applied on. The policy will be applied on the respective user's devices.
`roles`	Define the roles the policy needs to be applied on. The policy will be applied on the respective user role's devices.

If you wish to add a new policy criteria than what is already supported (users and roles) you can do so by defining a new policy criteria within the "policyCriterias":[] field.

Getting details of policies

Description

Retrieve the details of all the policies that you have created in WSO2 EMM.

Resource Path /

URL /mdm-admin/policies/

HTTP Method GET

Request/Response Format application/json

cURL command

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/

Sample output

> GET /mdm-admin/policies/ HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 25 Feb 2016 08:29:09 GMT
< Content-Type: application/json
< Content-Length: 1205
< Server: WSO2 Carbon Server
{"id":1,"priorityId":1,"profile":{"profileId":1,"profileName":"Camera","tenantId":-1234,"deviceType":{"id":1,"name":"android"},"createdDate":"Feb 25, 2016 12:00:18 PM","updatedDate":"Feb 25, 2016 12:00:18 PM","profileFeaturesList":[{"id":1,"featureCode":"CAMERA","profileId":1,"deviceTypeId":1,"content":"{\"enabled\":true}"}]},"policyName":"Camera","generic":false,"roles":[],"ownershipType":"ANY","devices":[],"users":[],"active":false,"updated":false,"description":"Optional","compliance":"enforce","policyCriterias":[],"tenantId":-1234,"profileId":1}

Sample JSON Definition

{  
   "id":1,
   "priorityId":1,
   "profile":{  
      "profileId":1,
      "profileName":"Camera",
      "tenantId":-1234,
      "deviceType":{  
         "id":1,
         "name":"android"
      },
      "createdDate":"Feb 25, 2016 12:00:18 PM",
      "updatedDate":"Feb 25, 2016 12:00:18 PM",
      "profileFeaturesList":[  
         {  
            "id":1,
            "featureCode":"CAMERA",
            "profileId":1,
            "deviceTypeId":1,
            "content":"{\"enabled\":true}"
         }
      ]
   },
   "policyName":"Camera",
   "generic":false,
   "roles":[],
   "ownershipType":"ANY",
   "devices":[],
   "users":[],
   "active":true,
   "updated":true,
   "description":"Optional",
   "compliance":"enforce",
   "policyCriterias":[],
   "tenantId":-1234,
   "profileId":1
}

Property value	Description
`id`	The policy ID.
`priorityId`	The priority order of the policy. 1 indicates the highest priority.
`profile`	Contains the details of the profile that is included in the policy. Example: The policy will contain a profile of disabling a camera on a device and encrypting the storage.
`profileId`	The ID of each profile that is in the selected policy.
`profileName`	The name of the profile.
`tenantId`	The ID of the tenant that added the policy.
`deviceType`	Contains the device type details the policy was created for.
`id`	The ID of the device type.
`name`	The device platform type.
`createdDate`	The date the policy was created.
`updatedDate`	The date the changes made to the policy was published to the devices registered with the EMM.
`profileFeaturesList`	Contains the features specific to each profile in the policy.
`id`	The ID of the feature list.
`featurecode`	The code specific for the feature of the profile. The code that defines the profile. Example for feature codes: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`profileId`	The ID of the profile the features belong to.
`deviceTypeId`	The Id of the device type.
`content`	Contains the details of the features and the values assigned when adding the policy.
`policyName`	The name of the policy.
`roles`	The roles to whom the policy is applied on.
`ownershipType`	The policy ownership type. It can be any of the following values: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`devices`	Lists out the devices the policy is enforced on. This field will be empty if you have not defined the devices the policy needs to be applied on. If a policy is enforced on a device when the device registers with EMM, those device details will not be shown here.
`users`	Lists out the users on whose devices the policy is enforced.
`activate`	If the value is true it indicates that the policy is active. If the value is false it indicates that the policy is inactive.
`updated`	If you have made changes to the policy but have not applied these changes to the devices that are registered with EMM, then the value is defined as true. But if you have already applied any changes made to the policy then the value is defined as false.
`description`	Gives a description on the policy.
`compliance`	Provides the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`policyCriteria`	When adding a policy if you have added a policy criteria other than the ones given via WSO2 EMM those additional details will be given here.
`tenantId`	The ID of the tenant that created the policy.
`profileId`	The ID of the profile.

Getting details of a policy

Description

Retrieve the details of a selected policy in WSO2 EMM.

Resource Path /{id}

URL /mdm-admin/policies/{id}

HTTP Method GET

Request/Response Format application/json

cURL command

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/{id}

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
Provide the policy ID as the value for {id}. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details.

Example: Retrieve the policy details of the policy having the ID 1.

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/1

Sample output

> GET /mdm-admin/policies/1 HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 25 Feb 2016 09:53:45 GMT
< Content-Type: application/json
< Content-Length: 652
< Server: WSO2 Carbon Server
{"id":1,"priorityId":1,"profile":{"profileId":1,"profileName":"Camera","tenantId":-1234,"deviceType":{"id":1,"name":"android"},"createdDate":"Feb 25, 2016 12:00:18 PM","updatedDate":"Feb 25, 2016 12:00:18 PM","profileFeaturesList":[{"id":1,"featureCode":"CAMERA","profileId":1,"deviceTypeId":1,"content":"{\"enabled\":true}"}]},"policyName":"Camera","generic":false,"roles":[],"ownershipType":"ANY","devices":[],"users":[],"active":false,"updated":false,"description":"Optional","compliance":"enforce","policyCriterias":[],"tenantId":-1234,"profileId":1}

Sample JSON Definition

{  
   "id":1,
   "priorityId":1,
   "profile":{  
      "profileId":1,
      "profileName":"Camera",
      "tenantId":-1234,
      "deviceType":{  
         "id":1,
         "name":"android"
      },
      "createdDate":"Feb 25, 2016 12:00:18 PM",
      "updatedDate":"Feb 25, 2016 12:00:18 PM",
      "profileFeaturesList":[  
         {  
            "id":1,
            "featureCode":"CAMERA",
            "profileId":1,
            "deviceTypeId":1,
            "content":"{\"enabled\":true}"
         }
      ]
   },
   "policyName":"Camera",
   "generic":false,
   "roles":[  

   ],
   "ownershipType":"ANY",
   "devices":[],
   "users":[],
   "active":false,
   "updated":false,
   "description":"Optional",
   "compliance":"enforce",
   "policyCriterias":[],
   "tenantId":-1234,
   "profileId":1
}

Property value	Description
`id`	The policy ID.
`priorityId`	The priority order of the policy. 1 indicates the highest priority
`profile`	Contains the details of the profile that is included in the policy. Example: The policy will contain a profile of disabling a camera on a device and encrypting the storage.
`profileId`	The ID of each profile that is in the selected policy.
`profileName`	The name of the profile.
`tenantId`	The ID of the tenant that added the policy.
`deviceType`	Contains the device type details the policy was created for.
`id`	The ID of the device type.
`name`	The device platform type.
`createdDate`	The date the policy was created.
`updatedDate`	The date the changes made to the policy was published to the devices registered with the EMM.
`profileFeaturesList`	Contains the features specific to each profile in the policy.
`id`	The ID of the feature list.
`featurecode`	The code specific for the feature of the profile. The code that defines the profile. Example for feature codes: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`profileId`	The ID of the profile the features belong to.
`deviceTypeId`	The Id of the device type.
`content`	Contains the details of the features and the values assigned when adding the policy.
`policyName`	The name of the policy.
`roles`	The roles to whom the policy is applied on.
`ownershipType`	The policy ownership type. It can be any of the following values: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`devices`	Lists out the devices the policy is enforced on. This field will be empty if you have not defined to what devices the policy needs to be applied on. If a policy is enforced on a device when the device registers with EMM, those device details will not be shown here.
`users`	Lists out the users on whose devices the policy is enforced.
`activate`	If the value is true it indicates that the policy is active. If the value is false it indicates that the policy is inactive.
`updated`	If you have made changes to the policy but have not applied these changes to the devices that are registered with EMM, then the value is defined as true. But if you have already applied any changes made to the policy then the value is defined as false.
`description`	Gives a description on the policy.
`compliance`	Provides the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`policyCriteria`	When adding a policy if you have added a policy criteria other than the ones given via WSO2 EMM those additional details will be given here.
`tenantId`	The ID of the tenant that created the policy.
`profileId`	The ID of the profile.

Updating a policy

Description If you wish to make changes to an existing policy, you can do so by updating the policy using the REST API command given below.

Resource Path /{id}

URL /mdm-admin/policies/{id}

HTTP Method PUT

Request/Response Format application/json

cURL command

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/{id}

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to update the policy as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
Provide the policy ID as the value for {id}. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.

Example: Update the policy having the policy ID 1, with the changes defined in the policy.json file.

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/1

Sample output

> PUT /mdm-admin/policies/1 HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 571
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 25 Feb 2016 11:29:30 GMT
< Content-Type: application/json
< Content-Length: 78
< Server: WSO2 Carbon Server
{"messageFromServer":"Policy has been updated successfully."}

Sample JSON
Definition

{  
   "policyName":"Camera",
   "description":"Optional",
   "compliance":"enforce",
   "ownershipType":"ANY",
   "profile":{  
      "profileName":"Camera",
      "deviceType":{  
         "id":1
      },
      "profileFeaturesList":[  
         {  
            "featureCode":"CAMERA",
            "deviceTypeId":1,
            "content":{  
               "enabled":true
            }
         },
         {  
            "featureCode":"ENCRYPT_STORAGE",
            "deviceTypeId":1,
            "content":{  
               "encrypted":true
            }
         }
      ]
   },
   "roles":["ANY"]
}

Property value	Description
`policyName`	The name of the policy.
`Description`	Provide a description on what the policy is based on.
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforce the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`ownershipType`	Define the define ownership type. It will be one of the options given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
`profile`	Provide the policy profile details.
`profileName`	The name of the policy that is being added.
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.
`profileFeaturesList`	Lists the features that belong to the profile.
`featureCode`	Provide the code that defines the policy you wish to add. Example: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`deviceTypeId`	The ID used to define the type of the device platform.
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.
`enabled`	In the context of adding a policy for cameras this filed is used to define if the camera is allowed to be used or not. `true` - The camera is enabled. `false` - the camera is disabled.
`users`	Define the users the policy needs to be applied on. The policy will then be applied on the respective user's devices.
`roles`	Define the roles the policy needs to be applied on. The policy will then be applied on the respective user role's devices.

Updating the policy priority

Description If you wish to make changes to the existing policy priority order, you can do so by updating the priority order using the REST API command given below.

Resource Path /priorities

URL /mdm-admin/policies/priorities

HTTP Method PUT

Request/Response Format application/json

cURL command

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/priorities

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to update the policy priority as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/priorities

Sample output

> PUT /mdm-admin/policies/priorities HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 23
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 25 Feb 2016 13:01:57 GMT
< Content-Type: application/json
< Content-Length: 80
< Server: WSO2 Carbon Server
{"statusCode":200",messageFromServer":"Policy Priorities successfully updated."}

Sample JSON
Definition

[  
   {  
      "id":2,
      "priority":1
   }
]

Property	Description
`id`	Define the ID of the policy. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.
`priority`	Define the priority of the order, where `1` indicates the highest priority.

Removing multiple policies

Description	In situations where you need to delete more than one policy you can do so using the REST API command given below.
Resource Path	`/bulk-remove`
URL	`/mdm-admin/policies/bulk-remove`
HTTP Method	`POST`
Request/Response Format	`application/json`
cURL command	curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/bulk-remove For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. Define the path to the JSON file, which includes the required properties to remove multiple policies as the `<JSON_PAYLOAD>` value. For more information, see the Sample JSON Definition. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/bulk-remove
Sample output	> POST /mdm-admin/policies/bulk-remove HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a > Content-Length: 23 < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 06:35:00 IST < Date: Thu, 25 Feb 2016 14:06:57 GMT < Content-Type: application/json < Content-Length: 80 < Server: WSO2 Carbon Server {"statusCode":200",messageFromServer":"Policies have been successfully deleted."}
Sample JSON Definition	[1,2] Define the IDs of the policies you wish to delete. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.

Activating policies

Description	Using the REST API command you are able to publish a policy in order to bring a policy that is in the inactive state to the active state.
Resource Path	`/activate`
URL	`/mdm-admin/policies/activate`
HTTP Method	`PUT`
Request/Response Format	`application/json`
cURL command	curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/activate For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. Define the path to the JSON file, which includes the required properties to activate a policy as the `<JSON_PAYLOAD>` value. For more information, see the Sample JSON Definition. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/activate
Sample output	> PUT /mdm-admin/policies/activate HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a > Content-Length: 23 < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 06:35:00 IST < Date: Thu, 25 Feb 2016 14:06:57 GMT < Content-Type: application/json < Content-Length: 80 < Server: WSO2 Carbon Server {"statusCode":200","messageFromServer": "Selected policies have been successfully activated."}
Sample JSON Definition	[{1,2}] Define the ID/IDs of the policies you wish to publish. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.

Deactivating policies

Description	Using the REST API command you are able to unpublish a policy in order to bring a policy that is in the active state to the inactive state.
Resource Path	`/inactivate`
URL	`/mdm-admin/policies/inactivate`
HTTP Method	`PUT`
Request/Response Format	`application/json`
cURL command	curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>'-k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactivate For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. Define the path to the JSON file, which includes the required properties to inactivate a policy as the `<JSON_PAYLOAD>` value. For more information, see the Sample JSON Definition. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactivate
Sample output	> PUT /mdm-admin/policies/inactivate HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a > Content-Length: 23 < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 06:35:00 IST < Date: Thu, 25 Feb 2016 14:06:57 GMT < Content-Type: application/json < Content-Length: 80 < Server: WSO2 Carbon Server {"statusCode":200","messageFromServer": "Selected policies have been successfully inactivated."}
Sample JSON Definition	[{1,2}] Define the ID/IDs of the policies you wish to unpublish. If you are unsure of the policy IDs run the REST API command to retrieve all the policy details in WSO2 EMM.

Applying changes on policies

Description	Policies in the active state will be applied to new device that register with WSO2 EMM based on the policy enforcement criteria . In a situation where you need to make changes to existing policies (removing, activating, deactivating and updating) or add new policies, the existing devices will not receive these changes immediately. Once all the required changes are made you need to apply the changes to push the policy changes to the existing devices.
Resource Path	`/apply-changes`
URL	`/mdm-admin/policies/apply-changes`
HTTP Method	`PUT`
Request/Response Format	`application/json`
cURL command	curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/apply-changes For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/apply-changes
Sample output	> PUT /mdm-admin/policies/apply-changes HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Fri, 26 Feb 2016 11:35:02 GMT < Content-Type: application/json < Content-Length: 80 < Server: WSO2 Carbon Server {"statusCode":200,"messageFromServer":"Changes have been successfully updated."}

Starting policy monitoring

Description	WSO2 EMM monitors the devices to identify any devices that have not complied to an enforced policy. The policy monitoring task begins at the point WSO2 EMM has a a published policy. It will monitor the device based on the policy monitoring frequency that you define in milliseconds. Using this REST API to start the policy monitoring task is optional as WSO2 EMM uses an OSGI call to start the monitoring task.
Resource Path	`/start-task/{milliseconds}`
URL	`/mdm-admin/policies/start-task/{milliseconds}`
HTTP Method	`GET`
Request/Response Format	`application/json`
cURL command	curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/start-task/{milliseconds} For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/start-task/6000
Sample output	> GET /mdm-admin/policies/start-task/600 HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Fri, 26 Feb 2016 11:50:37 GMT < Content-Type: application/json < Content-Length: 88 < Server: WSO2 Carbon Server {"statusCode":200,"messageFromServer":"Policy monitoring service started successfully."}

Updating policy monitoring

Description	WSO2 EMM monitors the devices to identify any devices that have not complied to an enforced policy. If you wish to update the policy monitoring frequency you can do so using the following REST API command.
Resource Path	`/update-task/{milliseconds}`
URL	`/mdm-admin/policies/update-task/{milliseconds}`
HTTP Method	`GET`
Request/Response Format	`application/json`
cURL command	curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/update-task/{milliseconds} For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/update-task/6500
Sample output	> GET /mdm-admin/policies/update-task/6500 HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Sat, 27 Feb 2016 07:23:15 GMT < Content-Type: application/json < Content-Length: 88 < Server: WSO2 Carbon Server {"statusCode":200,"messageFromServer":"Policy monitoring service updated successfully."}

Stopping policy monitoring

Description	WSO2 EMM monitors the devices to identify any devices that have not complied to an enforced policy. The policy monitoring task begins at the point WSO2 EMM has a a published policy. If you wish to stop the policy monitoring task you can do so by using the REST API command given below.
Resource Path	`/stop-task`
URL	`/mdm-admin/policies/stop-task`
HTTP Method	`GET`
Request/Response Format	`application/json`
cURL command	curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/stop-task For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/stop-task
Sample output	> GET /mdm-admin/policies/stop-task HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Sat, 27 Feb 2016 07:31:50 GMT < Content-Type: application/json < Content-Length: 88 < Server: WSO2 Carbon Server {"statusCode":200,"messageFromServer":"Policy monitoring service stopped successfully."}

Getting policy enforced details of a device

Description

When a device registers with WSO2 EMM a policy is enforced on the device. Initially, the EMM filters the policies based on the Platform (device type), filters based on the device ownership type , filters based on the user role or name and finally the policy is enforced on the device.

For more information, see Managing Policies.

Resource Path /{type}/{id}/active-policy

URL /mdm-admin/policies/{type}/{id}/active-policy

HTTP Method GET

Request/Response Format application/json

cURL command

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/{type}/{id}/active-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
Define the device type as the value for {type}. Example: ios, android, windows.
Define the device ID as the value for {id}.

Example:

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/iso/ee07b9c45904ef3af3tt5r4t13d0d6cd58a4567y/active-policy

Sample output

> GET /mdm-admin/policies/ios/ee07b9c45904ef3af3tt5r4t13d0d6cd58a4567y/active-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Sat, 27 Feb 2016 08:04:28 GMT
< Content-Type: application/json
< Content-Length: 797
< Server: WSO2 Carbon Server
{"id":38,"priorityId":3,"profile":{"profileId":38,"profileName":"iOS Policies","tenantId":-1234,"deviceType":{"id":33,"name":"ios"},"createdDate":"Feb 27, 2016 1:33:13 PM","updatedDate":"Feb 27, 2016 1:33:13 PM","profileFeaturesList":[{"id":39,"featureCode":"PASSCODE_POLICY","profileId":38,"deviceTypeId":33,"content":"{\"forcePIN\":true,\"allowSimple\":true,\"requireAlphanumeric\":true,\"minLength\":\"10\",
\"minComplexChars\":\"3\",\"maxPINAgeInDays\":\"50\",\"pinHistory\":\"25\",\"maxInactivity\":\"3\",
\"maxGracePeriod\":\"1\",\"maxFailedAttempts\":\"6\"}"}]},"policyName":"iOS Policies","generic":false,
"roles":["ANY"],"ownershipType":"BYOD","devices":[],"users":[],"active":true,"updated":false,"description":"","compliance":"enforce","policyCriterias":[],"tenantId":-1234,"profileId":38}

Sample JSON output

{  
   "id":38,
   "priorityId":3,
   "profile":{  
      "profileId":38,
      "profileName":"iOS Policies",
      "tenantId":-1234,
      "deviceType":{  
         "id":33,
         "name":"ios"
      },
      "createdDate":"Feb 27, 2016 1:33:13 PM",
      "updatedDate":"Feb 27, 2016 1:33:13 PM",
      "profileFeaturesList":[  
         {  
            "id":39,
            "featureCode":"PASSCODE_POLICY",
            "profileId":38,
            "deviceTypeId":33,
            "content":"{\"forcePIN\":true,\"allowSimple\":true,\"requireAlphanumeric\":true,\"minLength\":\"10\",
\"minComplexChars\":\"3\",\"maxPINAgeInDays\":\"50\",\"pinHistory\":\"25\",\"maxInactivity\":\"3\",
\"maxGracePeriod\":\"1\",\"maxFailedAttempts\":\"6\"}"
         }
      ]
   },
   "policyName":"iOS Policies",
   "generic":false,
   "roles":["ANY"],
   "ownershipType":"BYOD",
   "devices":[],
   "users":[],
   "active":true,
   "updated":false,
   "description":"",
   "compliance":"enforce",
   "policyCriterias":[],
   "tenantId":-1234,
   "profileId":38
}

Property value	Description
`id`	The policy ID.
`priorityId`	The priority order of the policy. 1 is defined as the highest priority policy.
`profile`	Contains the details of the profile that is included in the policy. Example: The policy will contain a profile of disabling a camera on a device and encrypting the storage.
`profileId`	The ID of each profile that is in the selected policy.
`profileName`	The name of the profile.
`tenantId`	The ID of the tenant that added the policy.
`deviceType`	Contains the device type details the policy was created for.
`id`	The ID of the device type.
`name`	The device platform type.
`createdDate`	The date the policy was created.
`updatedDate`	The date the changes made to the policy was published to the devices registered with the EMM.
`profileFeaturesList`	Contains the features specific to each profile in the policy.
`id`	The ID of the feature list.
`featurecode`	The code specific for the feature of the profile. The code that defines the profile. Example for feature codes: `PASSCODE_POLICY, CAMERA and ENCRYPT_STORAGE.`
`profileId`	The ID of the profile the features belong to.
`deviceTypeId`	The Id of the device type.
`content`	Contains the details of the features and the values assigned when adding the policy.
`policyName`	The name of the policy.
`roles`	The roles to whom the policy is applied on.
`ownershipType`	The policy ownership type. It can be any of the following values: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied to the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied to the COPE device type.
`devices`	Lists the devices that the policy is enforced on. This field will be empty if you have not defined to what devices the policy needs to be applied on. If a policy is enforced on a device when the device registers with EMM, those device details will not be shown here.
`users`	Lists the users on whose devices the policy is enforced.
`activate`	If the value is true it indicates that the policy is active. If the value is false it indicates that the policy is inactive.
`updated`	If you have made changes to the policy but have not applied these changes to the devices that are registered with EMM, then the value is defined as true. But if you have already applied any changes made to the policy then the value is defined as false.
`description`	Gives a description of the policy.
`compliance`	Provides the non-compliance rules. WSO2 EMM provides the following non-compliance rules: Enforce - Forcefully enforces the policies on the devices. Warning - If the device does not adhere to the given policies a warning message will be sent. Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
`policyCriteria`	When adding a policy if you have added the policy criteria other than the ones given via WSO2 EMM those additional details will be given here.
`tenantId`	The ID of the tenant that created the policy.
`profileId`	The ID of the profile.

Getting the policy count

Description	Get the number of policies that are created in WSO2 EMM.
Resource Path	`/count`
URL	`/mdm-admin/policies/count`
HTTP Method	`GET`
Request/Response Format	`application/json`
cURL command	curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/count For more information on how to generate the `<EMM_API_TOKEN>`, see Generating the EMM API Token. By default, `<EMM_HOST>` is `localhost.` However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, `<EMM_HTTPS_PORT>` has been set to 9443. However, if the port offset has been incremented by `n`, the default port value needs to be incremented by `n`. Example: curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -k -v https://localhost:9443/mdm-admin/policies/count
Sample output	> GET /mdm-admin/policies/count HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: / > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a < HTTP/1.1 200 OK < Cache-Control: private < Expires: Thu, 01 Jan 1970 05:30:00 IST < Date: Thu, 25 Feb 2016 10:58:30 GMT < Content-Type: application/json < Content-Length: 1 < Server: WSO2 Carbon Server 10
Sample JSON Output Definition	Provides the number of policies in WSO2 EMM at the time of running the REST API command as an integer value. Example: As per the above sample output there are 10 policies in the EMM.

Adding a user restriction policy

Description

Restrict different functions on the user's device using this REST API. When adding a policy you will have the option of saving the user restriction policy or saving and publishing the user restriction policy.

For a better understanding on how this works via the EMM console, see Adding a Policy.

Resource Path

Adding a policy that is in the inactive state /inactive-policy.
Adding a policy that is in the active state /active-policy.

URL /mdm-admin/policies/inactive-policy or /mdm-admin/policies/active-policy

HTTP Method POST

Request/Response Format application/json

cURL command

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/active-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to add a policy as the as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/active-policy

Sample output

> POST /mdm-admin/policies/inactive-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 420
< HTTP/1.1 201 Created
< Date: Thu, 25 Feb 2016 06:30:18 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}

Sample JSON Definition

{
  "policyName": "restriction_policy",
  "description": "Add restriction on the devices that have the settings application installed.",
  "compliance": "enforce",
  "ownershipType": "ANY",
  "profile": {
    "profileName": "restriction_policy",
    "deviceType": {
      "id": 1
    },
    "profileFeaturesList": [
      {
        "featureCode": "CAMERA",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_ADJUST_VOLUME",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_BLUETOOTH",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_CELL_BROADCASTS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_CREDENTIALS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_MOBILE_NETWORKS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_TETHERING",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_VPN",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_WIFI",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_APPS_CONTROL",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CREATE_WINDOWS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CROSS_PROFILE_COPY_PASTE",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_DEBUGGING_FEATURES",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_FACTORY_RESET",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_ADD_USER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_INSTALL_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_INSTALL_UNKNOWN_SOURCES",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_MODIFY_ACCOUNTS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_MOUNT_PHYSICAL_MEDIA",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_NETWORK_RESET",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_OUTGOING_BEAM",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_OUTGOING_CALLS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_REMOVE_USER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SAFE_BOOT",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SHARE_LOCATION",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SMS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_UNINSTALL_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_UNMUTE_MICROPHONE",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_USB_FILE_TRANSFER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "ALLOW_PARENT_PROFILE_APP_LINKING",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "ENSURE_VERIFY_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "AUTO_TIME",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "SET_SCREEN_CAPTURE_DISABLED",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "SET_STATUS_BAR_DISABLED",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      }
    ]
  },
  "roles": [
    "ANY"
  ]
}

Property	Description	Data Type
`policyName`	The name of the policy.	String
`Description`	Provide a description on what the policy is based on.	String
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: `Enforce` - Forcefully enforce the policies on the devices. `Warning` - If the device does not adhere to the given policies a warning message will be sent. `Monitor` - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.	String
`ownershipType`	Define the define ownership type using the values given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.	String
`profile`	Provide the policy profile details.	-
`profileName`	The name of the policy that is being added.	String
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.	Integer
`profileFeaturesList`	Lists the features that belong to the profile.	-
`featureCode`	Provide the code that defines the policy you wish to add. WSO2 EMM provides the following features for user restrictions: For more information, see the featurecode table below.	String
`deviceTypeId`	The ID used to define the type of the device platform.	Integer
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.	String
`enabled`	In the context of adding a policy for cameras. The filed is used to define if the camera on the device is permitted to be used or not. `true` - The camera is enabled. `false` - the camera is disabled.	Boolean
`users`	Define the users the policy needs to be applied on. The policy will be applied on the respective users devices.	String array
`roles`	Define the roles the policy needs to be applied on. The policy will be applied on the respective user roles devices.	String array

If you wish to add a new policy criteria than what is already supported (users and roles) you can do so by defining a new policy criteria within the "policyCriterias" :[] field.

featurecode

The available OS column gives the information on what OS a given feature is available. The features will be available in the proceeding OS versions after it too. For example if its mentioned that the feature is available on the Android 4.1.0 OS version, the feature will be available on the OS version starting from Android 4.1.0 to the latest Android version.

Property	Description	Available OS	Data Type
`CAMERA`	Define if the user is allowed to use the camera by assigning `true` as the value.	4.1.x	Boolean
`DISALLOW_ADJUST_VOLUME`:	Define if a user is disallowed from adjusting the master volume by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CONFIG_BLUETOOTH`	Define if a user is disallowed from configuring bluetooth by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CONFIG_CELL_BROADCASTS`	Define if a user is disallowed from configuring cell broadcasts by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CONFIG_CREDENTIALS`	Define if a user is disallowed from configuring user credentials by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CONFIG_MOBILE_NETWORKS`	Define if a user is disallowed from configuring mobile networks by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CONFIG_TETHERING`:	Define if a user is disallowed from configuring Tethering & portable hotspots by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CONFIG_VPN`	Define if a user is disallowed from configuring VPN by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CONFIG_WIFI`	Define if a user is disallowed from changing Wi-Fi access points by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CREATE_WINDOWS`	Define that windows besides app windows should not be created by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_CROSS_PROFILE_COPY_PASTE`:	Define if what is copied in the clipboard can be pasted in related profiles by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_DEBUGGING_FEATURES`	Define if a user is disallowed from enabling or accessing debugging features by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_FACTORY_RESET`	Define if a user is disallowed to factory reset the device from Settings by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_ADD_USER`	Define if a user is disallowed from adding new users and profiles by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_INSTALL_APPS`	Define if a user is disallowed from installing applications by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_INSTALL_UNKNOWN_SOURCES`	Define if a user is disallowed from enabling the "Unknown Sources" setting, that allows installation of apps from unknown sources by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_MODIFY_ACCOUNTS`	Define if a user is disallowed from adding and removing accounts, unless they are programmatically added by Authenticator. For more information, see the details on adding an account directly.	5.0.0	Boolean
`DISALLOW_MOUNT_PHYSICAL_MEDIA`	Define if a user is disallowed from mounting physical external media by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_NETWORK_RESET`	Define if a user is disallowed from resetting network settings from Settings by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_OUTGOING_BEAM`	Define if the user is not allowed to use NFC to beam out data from apps by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_OUTGOING_CALLS`	Define that the user is not allowed to make outgoing phone calls by assigning `true` as the value.	5.0.0	Boolean
`DISALLOW_REMOVE_USER`	If the value assigned is true, it defines that the user can not remove other users, When set on the primary user this specifies	5.0.0	Boolean
`DISALLOW_SAFE_BOOT`	Define if the user is not allowed to reboot the device into safe boot mode.	5.0.0	Boolean
`DISALLOW_SHARE_LOCATION`	Define if a user is disallowed from turning on location sharing.	5.0.0	Boolean
`DISALLOW_SMS`	Define that the user is not allowed to send or receive SMS messages.	5.0.0	Boolean
`DISALLOW_UNINSTALL_APPS`	Define if a user is disallowed from uninstalling applications.	5.0.0	Boolean
`DISALLOW_UNMUTE_MICROPHONE`	Define if a user is disallowed from adjusting microphone volume.	5.0.0	Boolean
`DISALLOW_USB_FILE_TRANSFER`	Define if a user is disallowed from transferring files over USB.	5.0.0	Boolean
`ALLOW_PARENT_PROFILE_APP_LINKING`	Allows apps in the parent profile to handle web links from the managed profile if the value is set to true.	5.0.0	Boolean
`ENSURE_VERIFY_APPS`	Define if a user is disallowed from disabling application verification.	5.0.0	Boolean
`AUTO_TIME`	Defines that the auto time feature in the device that is in Settings > Date & Time is enabled if the value is set to true.	5.0.0	Boolean
`SET_SCREEN_CAPTURE_DISABLED`	The screen shot option on the device will be disabled if the value is set to true.	5.0.0	Boolean
`SET_STATUS_BAR_DISABLED`	The status bar on the device will not be shown if the value is set to true.	6.0.0	Boolean

Whitelisting or blacklisting applications

Description

Whitelist or blacklist applications using this API. In whitelisting you define the applications that a user is allowed to use on the device and in blacklisting you define the applications that a user is not allowed to use on a device.

Resource Path

Adding a policy that is in the inactive state /inactive-policy.
Adding a policy that is in the active state /active-policy.

URL /mdm-admin/policies/inactive-policy or /mdm-admin/policies/active-policy

HTTP Method POST

Request/Response Format application/json

cURL command

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/active-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to add a policy as the as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/active-policy

Sample output

> POST /mdm-admin/policies/active-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 420
< HTTP/1.1 201 Created
< Date: Thu, 25 Feb 2016 06:30:18 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}

Sample JSON Definition

Property	Description	Data Type
`policyName`	The name of the policy.	String
`Description`	Provide a description on what the policy is based on.	String
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: `Enforce` - Forcefully enforce the policies on the devices. `Warning` - If the device does not adhere to the given policies a warning message will be sent. `Monitor` - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.	String
`ownershipType`	Define the define ownership type using the values given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.	String
`profile`	Provide the policy profile details.	-
`profileName`	The name of the policy that is being added.	String
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.	Integer
`profileFeaturesList`	Lists the features that belong to the profile.	-
`featureCode`	Provide the code that defines the policy you wish to add.	String
`deviceTypeId`	The ID used to define the type of the device platform.	Integer
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.	String
`restriction-type`	Define the application restriction type using the values given below: `black-list`: Define the applications that needs to be restricted in a device. `white-list`: Define the applications that are only allowed to be used in a device and restrict the other applications from being used.	String
`restricted-applications`	Provides the details of the applications that are restricted.	-
`appName`	The name of the application.	String
packageName	Define the exact name of the application package. You can use one of the following methods to get the package name. Go to the respective application in the play store and copy the ID or package name from the URL. Example: The play store application URL for the Viber app is `https://play.google.com/store/apps/details?id=com.viber.voip&hl=en`. Therefore, the package name or the application ID is: `id=com.viber.voip` Download the System Info for Android to your device from the play store. Once the application is successfully installed go to the Tasks tab and you will see the package name under the respective application.	String
`roles`	Define the roles the policy needs to be applied on. The policy will be applied on the respective user roles devices.	String array

If you wish to add a new policy criteria than what is already supported (roles) you can do so by defining a new policy criteria within the "policyCriterias" :[] field

Setting up a VPN on Android devices

Description Set up a VPN on your Android devices remotely. It allows the device to access secured resources on the intranet of an Organization.

Resource Path

Adding a policy that is in the inactive state /inactive-policy.
Adding a policy that is in the active state /active-policy.

URL /mdm-admin/policies/inactive-policy or /mdm-admin/policies/active-policy

HTTP Method POST

Request/Response Format application/json

cURL command

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/active-policy

For more information on how to generate the EMM API token, see Generating the OAuth 2.0 Access Token.
Define the path to the JSON file, which lists the devices that this operation is applied on, as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/active-policy

Sample output

> POST /mdm-admin/policies/active-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 420
< HTTP/1.1 201 Created
< Date: Thu, 25 Feb 2016 06:30:18 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}

Sample JSON Definition

 {  
   "policyName":"VPN",
   "description":"",
   "compliance":"enforce",
   "ownershipType":"ANY",
   "profile":{  
      "profileName":"vpn",
      "deviceType":{  
         "id":1
      },
      "profileFeaturesList":[  
         {  
            "featureCode":"VPN",
            "deviceTypeId":1,
            "content":{  
               "serverAddress":"abc.com",
               "serverPort":"1234",
               "sharedSecret":"wso2",
               "dnsServer":"1.1.1.1"
            }
         }
      ]
   },
   "roles":[  
      "ANY"
   ]
}

Property	Description	Data Type
`policyName`	The name of the policy.	String
`Description`	Provide a description on what the policy is based on.	String
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: `Enforce` - Forcefully enforce the policies on the devices. `Warning` - If the device does not adhere to the given policies a warning message will be sent. `Monitor` - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.	String
`ownershipType`	Define the define ownership type using the values given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.	String
`profile`	Provide the policy profile details.	-
`profileName`	The name of the policy that is being added.	String
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.	Integer
`profileFeaturesList`	Lists the features that belong to the profile.	-
`featureCode`	Provide the code that defines the policy you wish to add.	String
`deviceTypeId`	The ID used to define the type of the device platform.	Integer
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.	String
`serverAddress`	Define the server address of the VPN.	String
`serverPort`	Define the server port of the VPN.	String
`sharedSecret`	Define the shared secret for the VPN connection. This is used for secure communication between the device and the WSO2 EMM server.	String
`dnsServer`	Define the DNS server URL. This field is optional.	String
`roles`	Define the roles the policy needs to be applied on. The policy will be applied on the respective user roles devices.	String array