Citrix Endpoint Management Reporting API
Getting started
To make an API call, you need a bearer token. To generate a bearer token, refer to the steps provided in the Get started with Citrix Cloud APIs section. Once you generate the token you can perform API calls.
Supported content types
The API supports the following content types:
- text/csv
- application/json
Structure
POST Endpoint (Search API)
POST API Perform a search in the report as follows.
POST /api/endpoint-management/report/$search
<!--NeedCopy-->
Where the POST body schema:
{
"segment": "applications",
"joins": ["devices"],
"filter" : {
"applications.name": {
"$eq": "Secure Browse"
},
"devices.platform": {
"$eq": "iOS"
}
},
"order": {
"name": "$asc",
"totalSuccess": "$desc"
}
"exclude": ["devices.platform" , "applications.version"],
"limit": 10
}
<!--NeedCopy-->
GET Endpoint
GET /api/endpoint-management/report/{SEGMENT}?s=`{JOINS}`&i={`INCLUSIONS`}&x={`EXCLUSIONS`}&l={`LIMIT`}
<!--NeedCopy-->
Note
We recommend the POST endpoint to create more complex and complete queries. The GET endpoint is useful for simple cases. The following are the attributes that can be used to make a query.
- ROOT_SEGMENT: `String`
Main segment to query for. One of: devices,applications,users,enrollments,delivery-groups
- JOINS: `JsonArray`
These are additional segments to join into the main segment. At least, one of: devices,applications,users,enrollments,delivery-groups (not equal to SEGMENT).
- FILTER: `JsonValue`
JSON formatted specification of filters. In multi-segment queries, these fields need to be properly qualified using the recommended dot-separated (U+002E FULL-STOP, “.”) field syntax (e.g. applications.name)
Name | Alias
---- | -------------
$ne | Not equal
$eq | Equal
$lt | Less than
$le | Less than or equal
$gt | Greater than
$ge | Greater than or equal
$in | Performs a logical OR
$nin | Not In - Excludes data that is specified from results.
$sw | Starts with - Query data that start with the specified String
$nsw | Not Starts with - Query data that not start with the specified String
- ORDER: `JsonValue`
JSON formatted list of hints of field/direction. In multi-segment queries, these fields need to be properly qualified using the recommended dot-separated (U+002E FULL-STOP, “.”) field syntax (e.g. applications.name)
Name | Alias
------------ | -------------
$asc | Ascending
$desc | Descending
- AGGREGATES: `JsonValue`
JSON formatted list of aggregate operations. Each operator entry will dynamically create a new column in the report `<operator`Of`<fieldName>`. Example: *sum*Of*TotalDeployment*. In multi-segment queries, these fields need to be properly qualified using the recommended dot-separated (U+002E FULL-STOP, “.”) field syntax (e.g. applications.name)
Name | Alias
------------ | -------------
Sum | $sum
Count distinct | $distinct
Count | $count
Average | $avg
Max | $max
Min | $min
- EXCLUSIONS: `JsonArray`
JSON formatted array of column names to exclude from the final output. In queries involving multiple segments, these fields need to be properly qualified using the recommended dot-separated (U+002E FULL-STOP, “.”) field syntax.
- LIMIT: `Integer`
Numerical value < [Max Result Set](#max-result-set)
<!--NeedCopy-->
Response object
JSON response object is compatible with the JSON:API guidelines and Citrix’s compatibility guidelines.
| Name | Purpose |
|---|---|
| items | Array containing all JSON objects matching query criteria (only used when user requests JSON content-type). If there are no results matching the provided query, an empty array is used in the items field. |
JSON
When “Accept” contains application/json, the API will produce JSON output with all the data. The output should follow this schema:
{
"items": [
{
name: "Secure Mail",
platform: "Android",
lastUserId: "luisat",
type: "MDX"
},
{
name: "Slack",
platform: "Android",
lastUserId: "emmanuelc",
type: "SaaS"
}
]
}
<!--NeedCopy-->
CSV
When the “Accept” header requests text/csv, the output becomes a text response in CSV format
name,platform,lastUserId,type
Secure Mail,Android,luisat,MDX
Slack,Android,emmanuelc,SaaS
<!--NeedCopy-->
Pagination
Pagination follows the standard Offset Pagination Continuation Token document.
Segments (Logical entities)
The data available through the reporting API enables the following logical segments:
- /applications
- /devices
- /users
- /enrollments
- /softwareInventories
- /certificates
- /keyStore
Each segment has a set of qualified fields.
Qualified fields
In queries, all fields must be fully qualified, except when querying a single segment.
Example:
applications.name
devices.isJailBroken
Applications
| Alias | Purpose |
|---|---|
| name | Application display name (e.g. Secure Mail) |
| isDisabled | Can application be downloaded or synced to device |
| version | Application version (e.g. 19.3.5) |
| minOSPlatformVersion | Rules for the minimum OS version and platform |
| maxOSPlatformVersion | Rules for maximum OS version and platform |
| category | Application category (e.g. Productivity) |
| type | Application type (e.g. MDX, Public App Store, Enterprise, Web Link, Web & SaaS) |
| appPlatform | Target platform (Android For Work, iOS, Android, Windows, Windows 8 ) |
| deliveryGroup | Group to which application is published to |
| deliveryGroupCreateDate | When delivery group was created |
| deliveryGroupLastModifiedDate | When delivery group was last modified |
| isDeliveryGroupEnabled | Whether resources in this delivery group are pushed to devices |
Devices
| Alias | Purpose |
|---|---|
| serialNumber | Unique physical device identifier (e.g RF8NC245YPM) |
| platform | Operating System platform (e.g. iOS, macOS, Windows Tablet, Windows Phone) |
| platformVersion | Operating System platform version (e.g. 5.1.1) |
| lastUserName | Meta-information about user who last authenticated with the device (e.g. julio.perales@acme.com “Julio Perales” (Distribution)” |
| model | Device model OEM (e.g. Pixel) |
| imei | International Mobile Equipment Identity |
| wifiMacAddress | MAC address for the WiFi network adapter on device |
| bluetoothMacAddress | MAC address for the bluetooth network adapter on device |
| activeSyncId | ActiveSync Identifier or address |
| firstConnectionDate | Date device first registered |
| lastAuthDate | Date and time device last checked-in |
| lastUsername | Username of person who last authenticated with the device |
| lastProfileInventoryDate | Date when profile inventory was last updated |
| osFamily | Operating system name |
| whitelistCompliant | Whether this device is compliant with whitelist |
| blacklistCompliant | Whether this device is compliant with blacklist |
| deviceType | Device type (e.g. iphone, ipad, etc) |
| isContainerLocked | Whether MDX applications are allowed to launch on device |
| isContainerWiped | Whether MDX applications have been wiped on device |
| isMdmManaged | Whether device is MDM enrolled |
| isMamManaged | Whether device is MAM registered |
| startDateErasing | Date start device erasing |
| endDateErasing | Date end device erasing |
| wipeFailedDate | Wipeout device failed date |
| corpWipeAskedDate | Corporation wipeout device requested date |
| corpWipeDoneDate | Corporation wipeout device done date |
| corpWipeFailedDate | Corporation wipeout device failed date |
| isJailBroken | Whether device has been “rooted” or has root access |
| telephoneNumber | Device registered phone number |
Software Inventory
| Alias | Purpose |
|---|---|
| name | Name of software inventory |
| blacklistCompliant | Whether this device’s software inventory is compliant with blacklist |
| whitelistCompliant | Whether this device’s software inventory is compliant with whitelist |
| packageId | Software package ID |
| version | Software package version |
| realVersion | Software package real version |
| hasUpdateAvailable | Whether software inventory has any pending updates |
Users
| Alias | Purpose |
|---|---|
| User’s email address (e.g julio.perales@acme.com) | |
| first | First name |
| last | Last name |
Enrollments
| Alias | Purpose |
|---|---|
| status | Enrollment status (e.g. ACTIVE, REVOKED) |
| activationDate | Date device was enrolled |
| username | Username who last enrolled |
| deviceMode | Enrollment mode (e.g. MDM, MAM, ENT (MAM + MDM)) |
| enrollmentMethod | (e.g. domain, invitation, invitation + credential, etc) |
| enrollmentMode | (e.g. ENT, MAM, MDM) |
| accessRight | Enrollment access rights |
Certificates
| Alias | Purpose |
|---|---|
| description | Brief description |
| groupName | Group name |
| certType | Certificate type |
| validFromDate | Certificate validation start date |
| validToDate | Certificate validation expiration date |
| isActive | If it is active in CEM |
Getting started
Copied!
Failed!