Resources represent the high-level entities of the service. They contain the methods and business logic to interact with the service.

Data types

The data types represent the payloads (both request and response) of the resource methods. Note that fields that are not assigned a value are not returned in the response and the client should be programmed to check for null values.

NOTE: The API utilizes custom media types to differentiate requests and responses. See each resource method for the applicable media type to use when requesting/receiving content from the server.


The API is secured by both user authentication as well as user authorization. This two-layer security guarantees that only authenticated user have access to the system and that only properly authorized users have access to certain parts of the system.

NOTE: All authenticated REST requests are authenticated using the HTTP Authorization header. If authentication fails a 401 error is returned.

See the Request Authentication Header example below to learn how to request and utilize the authentication header required to make requests.


Many 400 and 500 level responses from the server will provide the following Error payload to help you better understand the error condition, when possible. In those cases the Content-Type response header will be application/vnd.blackberry.error-v1+json.

Sample error response body:

  "subStatusCode" : 113,
  "message" : "Application not found."
NOTE: Every API may return 403 Forbidden if the authenticated user is not authorized to perform the action.

Sample not authorized response body:

  "id" : "NOT_AUTHORIZED",
  "subStatusCode" : 403,
  "message" : "Not authorized to complete the request."


The following examples outline how to execute initial use cases to exercise the API.

NOTE: All routes include tenantGuid which is the same as the initial SRPID entered when BlackBerry UEM is installed.
Verify Server is Running

The following request verifies that the server is up and running. This API is not authenticated.

curl -s -k https://server01:18084/SRP00000/api/v1/util/ping
Request Authentication Header

The following request generates the authentication header used in subsequent requests. This API is not authenticated.

NOTE: The password in the request must be base64-encoded.
curl -s -k https://server01:18084/SRP00000/api/v1/util/authorization \
-H "Content-Type: application/vnd.blackberry.authorizationrequest-v1+json" \
-d '{
  "provider" : "LOCAL",
  "username" : "pmorley",
  "password" : "cGFzc3dvcmQ="
Set a custom correlation-id

The following example shows how to set a custom correlation-id in the request header

curl -s -k https://server01:18084/SRP00000/api/v1/groups \
-H "Authorization: {insert value from /SRP00000/api/v1/util/authorization call}" \
-H "Accept: application/vnd.blackberry.groups-v1+json" \
-H "Correlation-Id: customCorrelationId"
Request a Profile by Name

The following example shows how to request a specific Profile by name.

curl -s -k https://server01:18084/SRP00000/api/v1/profiles?query=name=test \
-H "Authorization: {insert value from /SRP00000/api/v1/util/authorization call}" \
-H "Accept: application/vnd.blackberry.profiles-v1+json"
Request all Groups

The following example shows how to request all the groups

curl -s -k https://server01:18084/SRP00000/api/v1/groups \
-H "Authorization: {insert value from /SRP00000/api/v1/util/authorization call}" \
-H "Accept: application/vnd.blackberry.groups-v1+json"
Assign a Profile to a Group

Using the responses from the previous two calls the Profile can be assigned to a specific Group

curl -s -k https://server01:18084/SRP00000/api/v1/profiles/{profileGuid}/groups \
-H "Authorization: {insert value from /SRP00000/api/v1/util/authorization call}" \
-H "Content-Type: application/vnd.blackberry.groups-v1+json" \
-d '{
  "groups" : [ {
    "guid" : "{Group GUID to assign from previous call}"
  } ]


The following PowerShell examples show how to execute basic use cases and exercise the API.

PowerShell Examples