- Home
- Resources
- Users
Provides user management functions.
GET /{tenantGuid}/api/v1/users
- Available Since:
- 12.7.0
Search for users.
Samples
Sample 1 request
Get the first 100 users sorted by display name in ascending order.
GET /SRP00000/api/v1/users
Sample 1 response body
{
"users": [ {
"links" : [ {
"rel" : "groups",
"href" : "https://server01:18084/SRP00000/api/v1/users/2d2d3a7f-076d-46f9-8c25-56cb8eba2800/groups"
}, {
"rel" : "profiles",
"href" : "https://server01:18084/SRP00000/api/v1/users/2d2d3a7f-076d-46f9-8c25-56cb8eba2800/profiles"
} ],
"guid" : "2d2d3a7f-076d-46f9-8c25-56cb8eba2800",
"username" : "jromphf",
"displayName" : "Jake Romphf",
"firstName" : "Jake",
"lastName" : "Romphf",
"emailAddress" : "jromphf@example.com",
"company" : "BlackBerry Limited",
"title" : "Associate",
"department" : "Sales",
"officePhoneNumber" : "(519) 555-0100",
"homePhoneNumber" : "(519) 555-0101",
"mobilePhoneNumber" : "(519) 555-0102",
"streetAddress" : "2240 University Avenue",
"poBox" : "555",
"city" : "Waterloo",
"state" : "Ontario",
"postalCode" : "N2K 0A9",
"country" : "Canada"
}, {
"links" : [ {
"rel" : "groups",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/groups"
}, {
"rel" : "profiles",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/profiles"
} ],
"guid" : "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"username" : "pmorley",
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com",
"directoryId" : "e7aad64542784faeab305304abea36fa"
} ]
}
Sample 2 request
Get the first 50 users that have a last name that starts with "M", sorted by username in descending order. If 50 users are
returned, there may be more matches that weren't returned. You can get the next "page" of users by sending the same request
but also specifying offset=50. If 50 users are returned again, you can get the third "page" of users by
modifying the request again and specifying offset=100, and so on.
GET /SRP00000/api/v1/users?query=lastName=m*&max=50&sortBy=username%20DESC
Sample 2 response body
{
"users": [ {
"links" : [ {
"rel" : "groups",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/groups"
}, {
"rel" : "profiles",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/profiles"
} ],
"guid" : "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"username" : "pmorley",
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com",
"directoryId" : "e7aad64542784faeab305304abea36fa"
} ]
}
Request Parameters
| Name |
Location |
Description |
Type |
| includeTotal |
query |
If you want the total number of users matching the search included in the response (which may be different from
the number of users returned) set this to true; otherwise set to false. By default the total will not be
included in the response. |
boolean |
| max |
query |
The maximum number of user results to get, between 1 and 1000 inclusive. If not specified, a value of 100 will
be used. |
int |
| offset |
query |
The number of matching users to exclude from the beginning of the list of users in the response; greater than or
equal to 0. If not specified, a value of 0 will be used to indicate that no matches should be excluded. Used in
order to get "pages" of results. For example, to get the first 50 matching users, specify max=50
(and optionally offset=0); and to get the next 50 matching users specify max=50 and
offset=50, and so on. |
int |
| query |
query |
Query parameter for filtering the results. The format is <field name>=<query value>,
for example emailAddress=pmorley@example.com. Multiple field-value pairs can be provided in the
query with each pair separated with a comma, in which case only users matching all of the criteria provided will
be included in the response. Querying for empty/null values is not supported.
By default, a case-insensitive exact match will be performed for each field in the query. For fields that
support prefix (i.e. starts with) matching, append an asterisk ("*") to the end of the value. For example, to
find users that have a last name that start with "M", specify lastName=m*.
Special characters (comma, backslash, asterisk) in query values must be escaped with a backslash.
The following table describes the fields that can be used in the query.
| Field |
Type |
Description |
Supports prefix matching |
| displayName |
string |
Display name of the user. |
Yes |
| emailAddress |
string |
Email address of the user. |
Yes |
| username |
string |
Username of the user. |
Yes |
| guid |
string |
GUID of the user. |
No |
| directoryId |
string |
Unique identifier of the user in a company directory. |
No |
| groupGuid |
string |
GUID of a directly-assigned group. |
No |
| profileGuid |
string |
GUID of a directly-assigned profile. |
No |
| dynamicsContainerId |
string |
GUID of a Dynamics container. If field is specified then any other query fields are ignored. |
No |
|
|
| sortBy |
query |
The field to sort the user results by. The format is <field name> ASC|DESC, where
ASC means to sort the results in ascending order and DESC means descending order. For
example, to sort the results by emailAddress in descending order, specify emailAddress DESC. If not
specified, a value of displayName ASC will be used. The following fields are allowed: username,
displayName, firstName, lastName, emailAddress. |
|
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK (even if no users are found). |
|
| 400 |
Invalid search query. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.users-v1+json |
Users
(JSON) |
POST /{tenantGuid}/api/v1/users
- Available Since:
- 12.6.0
Create a directory-linked user (identified by the "directoryId" property). See the "Company directories" resource for
searching for directory users. The user will be assigned the highest ranking self-service user role, the All users group,
and any default policies and profiles. The user will be enabled for MDM, unless the "mdm" property is set to false.
The fields that are allowed when creating a directory-linked user are: directoryId, mdm. Other fields will be ignored if
they are provided, and directory-linked user information (ex. displayName, emailAddress) will be synced from the directory
when the user is created.
Sample request body
Create directory user with MDM service
{
"directoryId" : "e7aad64542784faeab305304abea36fa"
}
Sample response body
{
"links" : [ {
"rel" : "groups",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/groups"
}, {
"rel" : "profiles",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/profiles"
} ],
"guid" : "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"username" : "pmorley",
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com",
"directoryId" : "e7aad64542784faeab305304abea36fa",
"company" : "BlackBerry Limited",
"title" : "Associate",
"department" : "Sales",
"officePhoneNumber" : "(519) 555-0100",
"homePhoneNumber" : "(519) 555-0101",
"mobilePhoneNumber" : "(519) 555-0102",
"streetAddress" : "2240 University Avenue",
"poBox" : "555",
"city" : "Waterloo",
"state" : "Ontario",
"postalCode" : "N2K 0A9",
"country" : "Canada"
}
Request Body
| Media type |
Data type |
| application/vnd.blackberry.directoryuser-v1+json |
Directory user
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 201 |
User created. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 409 |
User already exists. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.user-v1+json |
User
(JSON) |
Response Headers
| Name |
Description |
|
|
POST /{tenantGuid}/api/v1/users
- Available Since:
- 12.6.0
Create a local user. The user will be assigned the highest ranking self-service user role, the All users group, and any
default policies and profiles. The user will be enabled for MDM, unless the "mdm" property is set to false.
The fields that are allowed when creating a local user are: displayName, firstName, lastName, username, emailAddress,
password, emailPassword, mdm, company, title, department, officePhoneNumber, homePhoneNumber, mobilePhoneNumber,
streetAddress, poBox, city, state, postalCode, country. Other fields will be ignored if they are provided.
If 'emailPassword' is true, the user must have an email address and the SMTP server must be configured in the UEM
management console.
Samples
Sample request body
Create local user with password (base64-encoded value of "p@55w0rd", and having it emailed to the user) and MDM service
{
"username" : "pmorley",
"password" : "cEA1NXcwcmQ=",
"emailPassword" : true,
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com",
"company" : "BlackBerry Limited",
"title" : "Associate",
"department" : "Sales",
"officePhoneNumber" : "(519) 555-0100",
"homePhoneNumber" : "(519) 555-0101",
"mobilePhoneNumber" : "(519) 555-0102",
"streetAddress" : "2240 University Avenue",
"poBox" : "555",
"city" : "Waterloo",
"state" : "Ontario",
"postalCode" : "N2K 0A9",
"country" : "Canada"
}
Sample response body
{
"links" : [ {
"rel" : "groups",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/groups"
}, {
"rel" : "profiles",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/profiles"
} ],
"guid" : "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"username" : "pmorley",
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com",
"company" : "BlackBerry Limited",
"title" : "Associate",
"department" : "Sales",
"officePhoneNumber" : "(519) 555-0100",
"homePhoneNumber" : "(519) 555-0101",
"mobilePhoneNumber" : "(519) 555-0102",
"streetAddress" : "2240 University Avenue",
"poBox" : "555",
"city" : "Waterloo",
"state" : "Ontario",
"postalCode" : "N2K 0A9",
"country" : "Canada"
}
Sample request body
Create local user without password or MDM service
{
"username" : "pmorley",
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com",
"mdm": false
}
Sample response body
{
"links" : [ {
"rel" : "groups",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/groups"
}, {
"rel" : "profiles",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/profiles"
} ],
"guid" : "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"username" : "pmorley",
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com"
}
Request Body
| Media type |
Data type |
| application/vnd.blackberry.user-v1+json |
User
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 201 |
User created. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 409 |
User already exists. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.user-v1+json |
User
(JSON) |
Response Headers
| Name |
Description |
|
|
DELETE /{tenantGuid}/api/v1/users/{userGuid}
- Available Since:
- 12.7.0
Remove the user specified in the URL.
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to remove. |
Response Codes
| Code |
Condition |
Data type |
| 204 |
User removed. |
|
| 404 |
User not found. |
|
| 409 |
User has associated services or enrolled devices. |
|
GET /{tenantGuid}/api/v1/users/{userGuid}
- Available Since:
- 12.7.0
Get details of a user by GUID.
Sample response body
{
"links" : [ {
"rel" : "groups",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/groups"
}, {
"rel" : "profiles",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/profiles"
} ],
"guid" : "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"username" : "pmorley",
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com",
"domain" : "example.com",
"administrator": true,
"directoryId" : "e7aad64542784faeab305304abea36fa",
"customVariables" : [{
"name" : "%custom1%",
"label" : "Region",
"value" : "QW1lcmljYXM=",
"encrypted" : false
}, {
"name" : "%custom_pswd1%",
"label" : "VPN password",
"value" : "KioqKioq",
"encrypted" : true
}
],
"company" : "BlackBerry Limited",
"title" : "Associate",
"department" : "Sales",
"officePhoneNumber" : "(519) 555-0100",
"homePhoneNumber" : "(519) 555-0101",
"mobilePhoneNumber" : "(519) 555-0102",
"streetAddress" : "2240 University Avenue",
"poBox" : "555",
"city" : "Waterloo",
"state" : "Ontario",
"postalCode" : "N2K 0A9",
"country" : "Canada"
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to get |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.userdetail-v1+json |
User detail
(JSON) |
PATCH /{tenantGuid}/api/v1/users/{userGuid}
- Available Since:
- 12.7.0
Update a local user. The following fields are allowed when updating a local user: password, emailPassword, username,
displayName, firstName, lastName, emailAddress, company, title, department, officePhoneNumber, homePhoneNumber,
mobilePhoneNumber, streetAddress, poBox, city, state, postalCode, country. Other fields will be ignored if they are
provided. Removing username or displayName is not allowed.
To update a local user's login password, set the 'password' field (base64-encoded). Removing a password is not allowed. The
password does not have to meet the password restrictions that have been configured in the UEM management console. To email
a new password to the user, set 'emailPassword' to true. By default, the password is not sent to the user. If
'emailPassword' is true, the user must have an email address and the SMTP server must be configured in the management
console. The user will be forced to change their password the next time they log in to the management console or UEM
Self-Service console.
Directory-linked users use their directory-configured attributes and password, so only local users are supported. If a
directory-linked user is provided, the request will fail.
To unset a field, set it to null. Fields that are not provided, or that are provided but unchanged will be ignored. If no
changes are detected in the request, the response will indicate success without having made any changes to the user.
Sample request body
Update local user's password ("cEA1NXcwcmQ=" is the base64-encoded value of "p@55w0rd"), and email it to the user, and
unset the "company" field.
{
"password" : "cEA1NXcwcmQ=",
"emailPassword" : true,
"company" : null
}
Sample response body
{
"links" : [ {
"rel" : "groups",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/groups"
}, {
"rel" : "profiles",
"href" : "https://server01:18084/SRP00000/api/v1/users/6dd3a8e2-3f24-48c6-961a-949794f4b554/profiles"
} ],
"guid" : "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"username" : "pmorley",
"displayName" : "Paul Morley",
"firstName" : "Paul",
"lastName" : "Morley",
"emailAddress" : "pmorley@example.com"
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to update |
Request Body
| Media type |
Data type |
| application/vnd.blackberry.user-v1+json |
User
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 404 |
User not found. |
|
| 409 |
Duplicate username or email address. |
|
| 503 |
SMTP server temporarily unavailable to send emails. Retry the request again later. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.user-v1+json |
User
(JSON) |
DELETE /{tenantGuid}/api/v1/users/{userGuid}/accessPasswords
- Available Since:
- 12.8.0
Remove all access passwords for a user.
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user. |
Response Codes
| Code |
Condition |
Data type |
| 204 |
Access passwords removed. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.accesspasswords-v1+json |
Access passwords
(JSON) |
GET /{tenantGuid}/api/v1/users/{userGuid}/accessPasswords
- Available Since:
- 12.8.0
Get all access passwords for a user.
Sample response body
{
"accessPasswords" : [ {
"type" : "ACCESS_KEY",
"properties" : {
"accessKey" : "jh5a4-Lo4fn-7sowf",
"accessKeyExpiry" : "2017-07-12T14:54:02.947-04:00"
}
}, {
"type" : "ACCESS_KEY",
"properties" : {
"accessKey" : "o76s8-xrcv4-xeck9",
"accessKeyExpiry" : "2017-07-12T14:54:02.947-04:00"
}
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.accesspasswords-v1+json |
Access passwords
(JSON) |
POST /{tenantGuid}/api/v1/users/{userGuid}/accessPasswords
- Available Since:
- 12.8.0
Update access passwords for a user
| Access password type |
Description |
Properties |
| DELETE_UNLOCK_ACCESS_KEY |
Delete an unlock access key. |
| Name |
Type |
Description |
| appGuid |
String |
GUID of the app |
| userDeviceGuid |
String |
GUID of the userDevice |
|
| GENERATE_ACCESS_KEYS |
Generate access keys. |
| Name |
Type |
Description |
| accessKeyExpiry |
String |
The date and time the access key will expire in ISO-8601 format. |
| emailTemplateGuid |
String |
GUID of the email template (Optional. If set an email will be sent to the user.) |
| numberOfKeys |
Integer |
The number of keys to generate (Optional. Default is one key.) |
|
| GENERATE_UNLOCK_ACCESS_KEY |
Generate an access key to unlock an app. |
| Name |
Type |
Description |
| accessKeyExpiry |
String |
The date and time the access key will expire in ISO-8601 format. (Optional. Default is one day.) |
| appGuid |
String |
GUID of the app |
| emailTemplateGuid |
String |
GUID of the email template (Optional. If set an email will be sent to the user.) |
| userDeviceGuid |
String |
GUID of the userDevice |
|
Samples
Sample request body
Generate one or many access keys to activate a BlackBerry Dynamics app.
{
"type" : "GENERATE_ACCESS_KEYS",
"properties" : {
"accessKeyExpiry" : "2017-07-12T14:54:02.947-04:00",
"emailTemplateGuid" : "932cc0b4-8ff2-469d-9589-a5e1734bdda8",
"numberOfKeys" : 2
}
}
Sample response body
{
"accessPasswords" : [ {
"type" : "ACCESS_KEY",
"properties" : {
"accessKey" : "jh5a4-Lo4fn-7sowf",
"accessKeyExpiry" : "2017-07-12T14:54:02.947-04:00"
}
}, {
"type" : "ACCESS_KEY",
"properties" : {
"accessKey" : "o76s8-xrcv4-xeck9",
"accessKeyExpiry" : "2017-07-12T14:54:02.947-04:00"
}
} ]
}
Sample 2 request body
Generate an access key to unlock a BlackBerry Dynamics app.
{
"type" : "GENERATE_UNLOCK_ACCESS_KEY",
"properties" : {
"accessKeyExpiry" : "2017-07-12T14:54:02.947-04:00",
"appGuid" : "07ce5bb9-59a5-4095-ae84-079e6b3f2dcf",
"emailTemplateGuid" : "932cc0b4-8ff2-469d-9589-a5e1734bdda8",
"userDeviceGuid" : "b9cc63c1-ae0c-4cd0-bc6b-a3a11a921b38"
}
}
Sample 2 response body
{
"accessPasswords" : [ {
"type" : "UNLOCK_ACCESS_KEY",
"properties" : {
"accessKey" : "1owag-juodq-h93k1",
"accessKeyExpiry" : "2017-07-12T14:54:02.947-04:00"
}
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user |
Request Body
| Media type |
Data type |
| application/vnd.blackberry.accesspassword-v1+json |
Access password
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 201 |
Access password(s) created. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.accesspasswords-v1+json |
Access passwords
(JSON) |
DELETE /{tenantGuid}/api/v1/users/{userGuid}/activationPasswords
- Available Since:
- 12.6.0
Expire all activation passwords for a user. An expired activation password is no longer valid to be used for device
activation. 204 return status is still returned if the user has no activation passwords.
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
The GUID of the user |
Response Codes
| Code |
Condition |
Data type |
| 204 |
Activation password(s) expired. |
|
| 404 |
User not found. |
|
GET /{tenantGuid}/api/v1/users/{userGuid}/activationPasswords
- Available Since:
- 12.6.0
Get all non-expired activation passwords for a user.
Sample response body
The passwords are "******" in base64 encoding.
{
"activationPasswords" : [ {
"guid" : "ee970507-b08f-43ad-853b-27a4d3e41129",
"password" : "KioqKioq",
"expiry" : "2016-07-16T19:20:30.45+01:00",
"expireAfterUse" : true,
"emailTemplate" : {
"guid" : "b82021dc-8020-41c9-a756-4318c968e95e",
"name" : "Basic Activation Template"
}
}, {
"guid" : "173a989c-c67e-446d-9a94-ba7db854fd5c",
"password" : "KioqKioq",
"expiry" : "2016-08-01T12:41:38.41-05:00",
"expireAfterUse" : false,
"activationProfile" : {
"guid" : "07b54042-b375-47e9-a50d-3d6f94654689",
"name" : "BYOD Activation Profile"
}
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
The GUID of the user |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.activationpasswords-v1+json |
Activation passwords
(JSON) |
POST /{tenantGuid}/api/v1/users/{userGuid}/activationPasswords
- Available Since:
- 12.6.0
Set one or more activation passwords for a user. If emailing an activation password to the user, the user must have an
email address. To send activation email messages to users, the SMTP server must be configured.
Sample request body
Auto-generate and email a default device activation password and manually set an activation password (base64-encoded value
of "abc123") with a specified activation profile without sending an email
{
"activationPasswords" : [ {
"password" : null,
"expiry" : "2016-07-16T19:20:30.45+01:00",
"expireAfterUse" : true,
"activationProfile" : null,
"emailTemplate" : {
"guid" : "eb14fc60-c6f7-4e67-b312-6612518fa0a5"
}
}, {
"password" : "YWJjMTIz",
"expiry" : "2016-08-01T12:41:38.41-05:00",
"expireAfterUse" : null
"activationProfile" : {
"name" : "BYOD Activation Profile"
},
"emailTemplate" : null
} ]
}
Sample response body
The passwords are "******" in base64 encoding.
{
"activationPasswords" : [ {
"guid" : "ee970507-b08f-43ad-853b-27a4d3e41129",
"password" : "KioqKioq",
"expiry" : "2016-07-16T19:20:30.45+01:00",
"expireAfterUse" : true,
"emailTemplate" : {
"guid" : "eb14fc60-c6f7-4e67-b312-6612518fa0a5",
"name" : "Corporate Activation Email"
}
}, {
"guid" : "173a989c-c67e-446d-9a94-ba7db854fd5c",
"password" : "KioqKioq",
"expiry" : "2016-08-01T12:41:38.41-05:00",
"expireAfterUse" : false,
"activationProfile" : {
"guid" : "07b54042-b375-47e9-a50d-3d6f94654689",
"name" : "BYOD Activation Profile"
}
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
The GUID of the user |
Request Body
| Media type |
Data type |
| application/vnd.blackberry.activationpasswords-v1+json |
Activation passwords
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 201 |
Activation password(s) created. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 404 |
User not found. |
|
| 409 |
Non-unique activation password or too many activation passwords specified. |
|
| 503 |
SMTP server temporarily unavailable to send emails. Retry the request again later. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.activationpasswords-v1+json |
Activation passwords
(JSON) |
PUT /{tenantGuid}/api/v1/users/{userGuid}/activationPasswords
- Available Since:
- 12.6.0
Replace all activation passwords for a user. All existing passwords are expired and replaced by the list provided.
Providing an empty list will expire all existing activation passwords for the user.
If emailing an activation password to the user, the user must have an email address. To send activation email messages to
users, the SMTP server must be configured.
See POST request with the same path for sample request and response.
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
The GUID of the user |
Request Body
| Media type |
Data type |
Description |
| application/vnd.blackberry.activationpasswords-v1+json |
Activation passwords
(JSON) |
The collection of activation passwords to set |
Response Codes
| Code |
Condition |
Data type |
| 201 |
Activation password(s) created. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 404 |
User not found. |
|
| 409 |
Non-unique activation password or too many activation passwords specified. |
|
| 503 |
SMTP server temporarily unavailable to send emails. Retry the request again later. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.activationpasswords-v1+json |
Activation passwords
(JSON) |
DELETE /{tenantGuid}/api/v1/users/{userGuid}/activationPasswords/{activationPasswordGuid}
- Available Since:
- 12.6.0
Expire a specific activation password for a user. An expired activation password is no longer valid to be used for device
activation.
Request Parameters
| Name |
Location |
Description |
| activationPasswordGuid |
path |
The GUID of the activation password to expire |
| userGuid |
path |
The GUID of the user |
Response Codes
| Code |
Condition |
Data type |
| 204 |
Activation password expired. |
|
| 404 |
User or activation password not found. |
|
GET /{tenantGuid}/api/v1/users/{userGuid}/applications
- Available Since:
- 12.7.0
Get all applications directly assigned to a user.
Sample response body
{
"applicationAssignments" : [ {
"application" : {
"guid" : "aa291d31-3b51-4424-a09c-7b127ee398a8",
"name":"BBM"
"os": "ios",
"sourceName": "In Store",
"storeName": "iTunes",
"vendorName": "BlackBerry Limited",
"version": "1.2.34"
},
"disposition" : "OPTIONAL"
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to get assigned applications for |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.applicationassignments-v1+json |
Application assignments
(JSON) |
GET /{tenantGuid}/api/v1/users/{userGuid}/groups
- Available Since:
- 12.7.0
Get all user groups directly assigned to a user. Every user belongs to at least the "All users" group by default.
Sample response body
{
"groups" : [ {
"guid" : "6d0c4ddb-10ae-471d-948d-df27868dcf8a",
"name" : "Sales",
"description" : "Group for sales associates.",
"directoryLinked" : false
},
{
"guid" : "6c5b41f6-20ff-4cb2-8ee0-37cd8756320e",
"name" : "All users",
"directoryLinked" : false
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to get groups for |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.groups-v1+json |
Groups
(JSON) |
GET /{tenantGuid}/api/v1/users/{userGuid}/profiles
- Available Since:
- 12.6.0
Get all profiles directly assigned to a user. Profiles that are assigned by default (opposed to being directly assigned)
will not be returned.
Sample response body
{
"profiles" : [ {
"guid" : "3d55abd2-c00e-4f5f-abcf-01c92ac777b1",
"name" : "Strict IT Policy",
"categoryName" : "IT_CONFIG",
"default": false
}, {
"guid" : "6106fce8-83f5-44b3-8288-e8e4e0966561",
"name" : "Sales Email Profile",
"categoryName" : "EMAIL",
"default": false
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to get assigned profiles for |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.profiles-v1+json |
Profiles
(JSON) |
POST /{tenantGuid}/api/v1/users/{userGuid}/profiles
- Available Since:
- 12.6.0
Assign one or more profiles, by GUID, to a user. Only the GUID field of each profile is required.
Sample request body
{
"profiles" : [ {
"guid" : "3d55abd2-c00e-4f5f-abcf-01c92ac777b1"
}, {
"guid" : "6106fce8-83f5-44b3-8288-e8e4e0966561"
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to assign profiles to. |
Request Body
| Media type |
Data type |
| application/vnd.blackberry.profiles-v1+json |
Profiles
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 204 |
Profile(s) assigned. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 404 |
User not found. |
|
PUT /{tenantGuid}/api/v1/users/{userGuid}/profiles
- Available Since:
- 12.6.0
Replace all profiles assigned to a user. All existing profiles are removed and replaced by the list of profiles (by GUID)
provided. Only the GUID field of each profile is required.
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to replace profiles for. |
Request Body
| Media type |
Data type |
| application/vnd.blackberry.profiles-v1+json |
Profiles
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 204 |
Profile(s) assigned. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 404 |
User not found. |
|
DELETE /{tenantGuid}/api/v1/users/{userGuid}/profiles/{profileGuid}/certificate
- Available Since:
- 12.7.0
Remove the certificate from a manual user credential profile.
Request Parameters
| Name |
Location |
Description |
| profileGuid |
path |
GUID of the user credential profile assigned to the user. |
| userGuid |
path |
GUID of the user to update. |
Response Codes
| Code |
Condition |
Data type |
| 204 |
Certificate removed. |
|
| 404 |
Profile not found. |
|
| 404 |
User not found. |
|
PUT /{tenantGuid}/api/v1/users/{userGuid}/profiles/{profileGuid}/certificate
- Available Since:
- 12.8.0
Add or update a certificate for a manual user credential profile
A certificate must be assigned for a manual certification authority connection. If a certificate is already assigned to
this user, the added certificate will override it
Sample request body
The user credential certificate password is required if it has been set. ("cEA1NXcwcmQ=" is the base64-encoded value of
"p@55w0rd").
{
"name" : "Certificate name",
"password" : "cEA1NXcwcmQ=",
"certificateContent" : "VGhpcyBpcyBjZXJ0aWZpY2F0ZSBmaWxlIGNvbnRlbnQgYmFzZSA2NCBlbmNvZGVk"
}
Request Parameters
| Name |
Location |
Description |
| profileGuid |
path |
GUID of the user credential profile assigned to the user |
| userGuid |
path |
GUID of the user to update |
Request Body
| Media type |
Data type |
| application/vnd.blackberry.certificate-v1+json |
Certificate
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 204 |
User updated. |
|
| 400 |
Invalid request. For example, invalid field semantics or missing required field. |
|
| 404 |
Profile not found. |
|
| 404 |
User not found. |
|
GET /{tenantGuid}/api/v1/users/{userGuid}/services
- Available Since:
- 12.7.0
Get services assigned to a user.
Sample response body
{
"serviceAssignments" : [ {
"service" : {
"guid" : "7f463414-5266-4a41-ae5b-159d27bb8107",
"name" : "mdm",
},
"status": "ASSOCIATED"
} ]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to get services for |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.serviceassignments-v1+json |
Service assignments
(JSON) |
GET /{tenantGuid}/api/v1/users/{userGuid}/userDevices
- Available Since:
- 12.7.0
Get the user devices assigned to a user.
Sample response body
{
"userDevices": [
{
"links" : [ {
"rel" : "user",
"href" : "https://server01:18084/SRP00000/api/v1/users/59dc743d-f325-4a6c-97ac-44dcb9ef8a0e"
} ],
"guid": "2d2d3a7f-076d-46f9-8c25-56cb8eba2800",
"checkedOut": false,
"clientVersion": "5.50.1",
"enrollmentType": [
"WORK_SPACE_ONLY_AFW"
],
"language": "en_US",
"lastContactTime": "2017-01-20T11:01:52.400Z",
"loggingExpiryDate": "2017-01-18T18:18:43.000Z",
"loggingStatus": "Expired",
"device": {
"guid": "4659aa7f-0a7d-9f69-258c-2800ebaa2800",
"activationDate": "2017-01-16T14:47:03.662Z",
"activeSyncId": "K6CKULJTID3SDEAIV0ELHBBTTO",
"batteryLevel": 95.0,
"compromised": false,
"externalStorageFree": 12021.0,
"externalStorageSize": 16386.0,
"hardwareModel": "Desire",
"hardwareName": "bravo",
"hardwareVendorCompanyName": "HTC Corporation",
"homeCarrier": "Rogers",
"internalStorageFree": 2112.0,
"internalStorageSize": 32768.0,
"imei": "990000862471854",
"meid": "01234567890123456",
"os": "Android 5.0",
"osFamilyName": "android",
"osVersion": "5.0",
"ownership": "PERSONAL",
"phoneNumber": "4045551234",
"serialNumber": "c08088415436112",
"udid": "d88496fdf7115ac9f3ab69966cbaf91d960b95036fa68f66489c8ad78f136b5c",
"wifiMacAddress": "62:9a:7e:bc:fe:01"
}
"service" : {
"guid" : "c90ca7e8-f219-42a2-9a33-97e77f784acf",
"name" : "mdm",
}
},
{
"links" : [ {
"rel" : "user",
"href" : "https://server01:18084/SRP00000/api/v1/users/59dc743d-f325-4a6c-97ac-44dcb9ef8a0e"
} ],
"guid": "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"checkedOut": false,
"clientVersion": "6.30.12",
"enrollmentType": [
"USER_PRIVACY_AFW"
],
"language": "en_US",
"lastContactTime": "2017-01-23T10:02:12.340Z",
"loggingExpiryDate": "2017-12-31T12:00:00.000Z",
"loggingStatus": "Logging",
"device": {
"guid": "8002ebaa-c258-96f9-d7a0a-0082aa7f4659",
"activationDate": "2017-01-16T14:47:03.662Z",
"activeSyncId": "Q633AGG6QP3FJF6QBNAA81UHB0",
"batteryLevel": 64.0,
"compromised": false,
"externalStorageFree": 12021.0,
"externalStorageSize": 16386.0,
"hardwareModel": "Desire",
"hardwareName": "bravo",
"hardwareVendorCompanyName": "HTC Corporation",
"homeCarrier": "Rogers",
"internalStorageFree": 2112.0,
"internalStorageSize": 32768.0,
"imei": "351756051523999",
"meid": "56789012345678901",
"ownership": "CORPORATE",
"os": "Android 6.0",
"osFamilyName": "android",
"osVersion": "6.0",
"phoneNumber": "2125557890",
"securityPatchLevel": "6.0.1.1345",
"serialNumber": "c03618841215084",
"udid": "82f2aaa813c5a4bc2748b078ca844bdbd6a8fb8eaaa173a389467646cf04d00c",
"wifiMacAddress": "b4:52:7e:62:a5:9a"
}
"service" : {
"guid" : "c90ca7e8-f219-42a2-9a33-97e77f784acf",
"name" : "mdm",
}
}
]
}
Request Parameters
| Name |
Location |
Description |
| userGuid |
path |
GUID of the user to get all user devices for |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.userdevices-v1+json |
User devices
(JSON) |
GET /{tenantGuid}/api/v1/users/{userGuid}/userDevices/{userDeviceGuid}
- Available Since:
- 12.7.0
Get the specified user device assigned to a user.
Sample response body
{
"links" : [ {
"rel" : "user",
"href" : "https://server01:18084/SRP00000/api/v1/users/59dc743d-f325-4a6c-97ac-44dcb9ef8a0e"
} ],
"guid": "6dd3a8e2-3f24-48c6-961a-949794f4b554",
"checkedOut": false,
"clientVersion": "6.30.12",
"enrollmentType": [
"USER_PRIVACY_AFW"
],
"language": "en_US",
"lastContactTime": "2017-01-23T10:02:12.340Z",
"loggingExpiryDate": "2017-12-31T12:00:00.000Z",
"loggingStatus": "Logging",
"device": {
"guid": "8002ebaa-c258-96f9-d7a0a-0082aa7f4659",
"activeSyncId": "K6CKULJTID3SDEAIV0ELHBBTTO",
"activationDate": "2017-01-16T14:47:03.662Z",
"batteryLevel": 64.0,
"compromised": false,
"externalStorageFree": 12021.0,
"externalStorageSize": 16386.0,
"hardwareModel": "Desire",
"hardwareName": "bravo",
"hardwareVendorCompanyName": "HTC Corporation",
"internalStorageFree": 2112.0,
"internalStorageSize": 32768.0,
"imei": "351756051523999",
"meid": "56789012345678901",
"phoneNumber": "2125557890",
"os": "Android 6.0",
"osFamilyName": "android",
"osVersion": "6.0",
"ownership": "CORPORATE",
"securityPatchLevel": "6.0.1.1345",
"serialNumber": "c03618841215084",
"udid": "d88496fdf7115ac9f3ab69966cbaf91d960b95036fa68f66489c8ad78f136b5c",
"wifiMacAddress": "b4:52:7e:62:a5:9a"
}
"service" : {
"guid" : "c90ca7e8-f219-42a2-9a33-97e77f784acf",
"name" : "mdm",
}
}
Request Parameters
| Name |
Location |
Description |
| userDeviceGuid |
path |
GUID of the user device to get |
| userGuid |
path |
GUID of the user to get user device for |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
| 404 |
UserDevice not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.userdevice-v1+json |
User device
(JSON) |
GET /{tenantGuid}/api/v1/users/{userGuid}/userDevices/{userDeviceGuid}/applications
- Available Since:
- 12.7.2
Get the assigned and installed applications for a specified user device.
Sample response body
{
"deviceApplications": [
{
"guid": "3304ab07-e595-494e-a08a-63eedb9a62e5",
"bundleId": "com.blackberry.gd.tasks",
"disposition": "OPTIONAL",
"dynamicsContainerId": "25A64379-25A1-42AB-8104-3B41F98B260A",
"status": "ACTIVATED",
"name": "BlackBerry Tasks",
"personal": false
},
{
"guid": "3980996d-6741-44c8-9703-a4ed2930fcc5",
"bundleId": "com.good.gcs",
"disposition": "REQUIRED",
"dynamicsContainerId": "C85ECFF5-A3DB-4FDC-887F-8712220EBD92",
"status": "ACTIVATED",
"name": "BlackBerry Work",
"personal": false
},
{
"guid": "80cf4d96-b230-45a7-ad21-77bb5cfba35c",
"bundleId": "com.blackberry.gd.notes",
"disposition": "OPTIONAL",
"status": "NOT_ACTIVATED",
"name": "BlackBerry Notes",
"personal": false
}
]
}
Request Parameters
| Name |
Location |
Description |
| userDeviceGuid |
path |
GUID of the user device |
| userGuid |
path |
GUID of the user |
Response Codes
| Code |
Condition |
Data type |
| 200 |
OK. |
|
| 404 |
User not found. |
|
| 404 |
UserDevice not found. |
|
Response Body
| Media type |
Data type |
| application/vnd.blackberry.userdevice.applications-v1+json |
User device applications
(JSON) |
POST /{tenantGuid}/api/v1/users/{userGuid}/userDevices/{userDeviceGuid}/applications/{appGuid}/commands
- Available Since:
- 12.8.0
Send a command to a BlackBerry Dynamics app.
| Command type |
Description |
Properties |
| BLOCK_APPLICATION |
Blocks the application. The app must be unblocked with an Unblock API call (below). |
| Name |
Type |
Description |
| title |
string |
Title of the message that indicates that the device is in a blocked state (optional). |
| body |
string |
Detailed message that displays on the same screen as the title. For example, the message can provide steps to follow to
get the device back in compliance (optional). |
| actionId |
string |
A unique identifier for any Block action. Can be any value as long as it is unique. When sending a corresponding
UNBLOCK_APPLICATION command later on, the same value must be used to correlate the commands. |
|
| DELETE_APPLICATION |
Delete app. |
No properties. |
| LOCK_APPLICATION |
Lock app. The app may be unlocked with an unlock key. |
No properties. |
| UNBLOCK_APPLICATION |
Unblocks a previous Block action (above). |
| Name |
Type |
Description |
| actionId |
string |
This must be the same value that was used in the preceding and related BLOCK_APPLICATION action(s). No format or value
restrictions apply. If more than one actionIds were sent in more than one BLOCK_APPLICATION calls, all actionIDs used must
be sent in separate calls to unblock the application (order of calls is not important for this). |
|
Samples
Sample 1 request body
Send a command to lock an app.
{
"type" : "LOCK_APPLICATION"
}
Sample 2 request body
Send a command to block an app.
{
"type" : "BLOCK_APPLICATION",
"properties" : {
"actionId" : "Random string - same value used for both block and unblock actions",
"title" : "Summary message for display on the device",
"body" : "Description of compliance failure with steps to get back in compliance for display on the device"
}
}
Request Parameters
| Name |
Location |
Description |
| appGuid |
path |
GUID of the app |
| userDeviceGuid |
path |
GUID of the user device |
| userGuid |
path |
GUID of the user |
Request Body
| Media type |
Data type |
| application/vnd.blackberry.command-v1+json |
Command
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 202 |
Command accepted for processing. |
|
| 400 |
Invalid request. For example, command not supported or invalid field semantics. |
|
| 404 |
Application not found. |
|
| 404 |
User not found. |
|
| 404 |
UserDevice not found. |
|
POST /{tenantGuid}/api/v1/users/{userGuid}/userDevices/{userDeviceGuid}/commands
- Available Since:
- 12.8.0
Send a command to a user device. The following table describes the command types and corresponding properties that can be
sent to a user device. Properties that are not supported for a specific user device may be ignored.
For more information about sending commands to devices, read the BlackBerry UEM Administration Guide.
| Command type |
Description |
Properties |
| BLOCK_APPLICATIONS |
Blocks the applications on a device. The apps must be unblocked with an Unblock API call (below). |
| Name |
Type |
Description |
| title |
string |
Title of the message that indicates that the device is in a blocked state (optional). |
| body |
string |
Detailed message that displays on the same screen as the title. For example, the message can provide steps to follow to
get the device back in compliance (optional). |
| actionId |
string |
A unique identifier for any Block action. Can be any value as long as it is unique. When sending a corresponding
UNBLOCK_APPLICATIONS command later on, the same value must be used to correlate the commands. |
|
| DELETE_DEVICE_DATA |
Delete all data on the device, and return the device to factory default settings. |
| Name |
Type |
Description |
| password |
Base64-encoded string |
New device password to set after restoring to factory default settings (optional, must be 6 digits). |
|
| DELETE_WORK_SPACE_DATA |
Delete only work data on the device. |
No properties. |
| DISABLE_WORK_SPACE |
Disable access to the work space. |
No properties. |
| ENABLE_WORK_SPACE |
Enable access to the work space. |
No properties. |
| LOCK_DEVICE |
Lock device. |
| Name |
Type |
Description |
| password |
Base64-encoded string |
New device password (optional). |
| message |
string |
Message to display on device lock screen (optional). |
|
| LOCK_WORK_SPACE |
Set work space password and lock work space. |
| Name |
Type |
Description |
| password |
Base64-encoded string |
New work space password (required). |
|
| RESET_WORK_SPACE_PASSWORD |
Reset work space password. The work space password will be deleted and the user will be prompted to set a new work
space password when the work space is opened. |
No properties. |
| UNBLOCK_APPLICATIONS |
Unblocks a previous Block action (above). |
| Name |
Type |
Description |
| actionId |
string |
This must be the same value that was used in the preceding and related BLOCK_APPLICATIONS action(s). No format or value
restrictions apply. If more than one actionIds were sent in more than one BLOCK_APPLICATIONS calls, all actionIDs used must
be sent in separate calls to unblock the application (order of calls is not important for this). |
|
| UNLOCK_DEVICE |
Unlock device. The existing device password will be deleted and the user will be prompted to set a new device password.
|
No properties. |
| WIPE_APPLICATIONS |
Resets applications on the device to their pre-enrollment state. All management and user data related to the
application(s) is deleted on the device. |
No properties. |
Samples
Sample 1 request body
Send command to lock device, change password, and set a display message. "cEA1NXcwcmQ=" is the base64-encoded value of
"p@55w0rd".
{
"type" : "LOCK_DEVICE",
"properties" : {
"password" : "cEA1NXcwcmQ=",
"message" : "Paul Morley"
}
}
Sample 2 request body
Send command to reset work space password.
{
"type" : "RESET_WORK_SPACE_PASSWORD"
}
Sample 3 request body
Send a command to block device applications.
{
"type" : "BLOCK_APPLICATIONS",
"properties" : {
"actionId" : "Random string - same value used for both block and unblock actions",
"title" : "Summary message for display on the device",
"body" : "Description of compliance failure with steps to get back in compliance for display on the device"
}
}
Request Parameters
| Name |
Location |
Description |
| userDeviceGuid |
path |
GUID of the user device to send a command to |
| userGuid |
path |
GUID of the user |
Request Body
| Media type |
Data type |
| application/vnd.blackberry.command-v1+json |
Command
(JSON) |
Response Codes
| Code |
Condition |
Data type |
| 202 |
Command accepted for processing. |
|
| 400 |
Invalid request. For example, command not supported or invalid field semantics. |
|
| 404 |
User not found. |
|
| 404 |
UserDevice not found. |
|