Developer Documentation
Global App Configuration Service

Configuration profiles API workflow documentation

May 6, 2024
Contributed by: 
C

The following content provides a detailed description of the API usage for creating, updating, and deleting configuration profiles in addition to configuring settings for it. For more details on configuration profiles as well as using the UI, please click here.

Note:

Some additional headers are required while making each of the following API calls. [1]

Step 1 : Creating a configuration profile record

Before we can configure settings for a configuration profile, first we need to create a configuration profile record which will contain all the necessary details to provide user group specific settings. We can do that by making the following API call.

  • Type: POST
  • URL: /aca/profile
  • Description: Creates a new configuration profile record for the given URL.
  • Parameters: postBody - Contains required attributes for configuration profile record creation. [2]
  • Response: A JSON object containing details of a specific configuration profile. [3]

Note:

When creating a configuration profile record, it is possible to add up to 10 groups. Furthermore, a total of 20 configuration profiles can be created.

Step 2 : Fetching configuration profiles

Now that we have created a configuration profile record, we can retrieve the same using the following API calls.

2.1 : Fetching configuration profiles for a customer

  • Type: GET
  • URL: /aca/profile
  • Description: Gets all the configuration profiles’ data for the given Customer ID.
  • Response: A JSON object containing all configuration profile records for the customer. [4]

2.2 : Fetching configuration profiles for a specific url

  • Type: GET
  • URL: /aca/profile/url/{url}
  • Description: Gets the configuration profile data for a given url.
  • Parameters:
    • url - The specific URL in apt format (then base64 encoded). [5]
  • Response: A JSON object containing all configuration profile records for a specific service URL owned by the customer. [4]

2.3 : Fetching data for a specific configuration profile ID

  • Type: GET
  • URL: /aca/profile/{profileId}
  • Description: Gets the configuration profile data for a given configuration profile ID.
  • Parameters:
    • profileId - The configuration profile ID to fetch data for.
  • Response: A JSON object containing details of a given configuration profile. [3]

Step 3 : Managing settings for a configuration profile

After the creation of a configuration profile we can now assign settings to it which can be served to the user groups (subject to configuration profile priority resolution).

  • Type: POST / PUT
  • URL: /aca/settings/app/{app}/url
  • Description: Creates (POST) or Updates (PUT) settings for a given configuration profile ID.
  • Parameters:
    • profileId - The given configuration profile ID to update.
    • url - The given service URL in apt format. [5]
    • Body - Contains settings to be configured, url, and configuration profile ID in the format below.
{
  "serviceURL": {
    "url": {serviceURL} // Add the serviceURL here
  },
  "settingsProfile": {
    "profileId": {configurationProfileID} // Add the configuration profile ID here
  },
  "settings": {
    "name": "Productivity Apps",
    "description": "Provides access to MS Office and other basic apps",
    "useForAppConfig": true,
    "appSettings": {
      "windows": [
        {
          "category": "root",
          "userOverride": false,
          "assignedTo": [
            "AllUsersNoAuthentication"
          ],
          "assignmentPriority": 0,
          "settings": [
            {
              "name": "Hide Local Keyboard Layout Setting",
              "value": "false"
            }
          ]
        }
      ]
    }
  }
}
<!--NeedCopy-->

Note:

Configuration profiles are currently only supported for Workspaces and are not supported with channels. For a complete list of settings that can be configured for a configuration profile, see this.

Step 4 : Updating a configuration profile record

Once a configuration profile is created, if we need to make modifications to any of its attributes, we can make use of the following API calls.

4.1 Updating a configuration profile record

  • Type: PUT
  • URL: /aca/profile/{profileId}
  • Description: Updates the configuration profile record for a given configuration profile ID.
  • Parameters:
    • profileId - The given configuration profile ID to update.
    • putBody - Contains updated data. [2]
  • Response: None

4.2 Adding groups to a configuration profile record

  • Type: PATCH
  • URL: /aca/profile/{profileId}/groups$add
  • Description: Adds groups in a configuration profile record for a given configuration profile ID.
  • Parameters:
    • profileId - The given configuration profile ID to update.
    • patchBody - Contains groups to be added. [6]
  • Response: JSON object containing updated configuration profile data.

4.3 Removing groups from a configuration profile record

  • Type: PATCH
  • URL: /aca/profile/{profileId}/groups$remove
  • Description: Patches the group IDs in a configuration profile record to remove group IDs for a given configuration profile ID.
  • Parameters:
    • profileId - The given configuration profile ID to update.
    • patchBody - Contains the groups to be removed: [6]
  • Response: JSON object containing updated configuration profile data.

4.4 Updating configuration profile priority

  • Type: PATCH
  • URL: /aca/profile/{profileId}/priority$replace
  • Description: Updates priority in a configuration profile record for a given configuration profile ID.
  • Parameters:
    • profileId - The given configuration profile ID to update.
    • patchBody - Contains priority to be updated. [7]
  • Response: JSON object containing updated configuration profile data.

Step 5 : Removing a configuration profile record

If we want to remove a configuration profile record, we can do that in the following two steps. First we need to remove the settings associated with that profile, then we can proceed to remove the configuration profile record.

Step 5.1 : Deleting settings for a configuration profile

  • Type: DELETE
  • URL: /aca/settings/app/${app}/url/{url}/profile/{profileId}
  • Description: Deletes settings for a particular configuration profile ID.
  • Parameters:
    • profileId - The given configuration profile ID to update.
    • url - The given service URL in apt format. [5]
  • Response: None

Step 5.2 : Removing configuration profile record

  • Type: DELETE
  • URL: /aca/profile/{profileId}
  • Description: Deletes the configuration profile record for a given configuration profile ID.
  • Parameters:
    • profileId - The given configuration profile ID to delete.
  • Response: None

1. The following headers are mandatory for every API call

  • Citrix-CustomerId : Citrix Cloud Customer ID.
  • Citrix-TransactionId : Transaction ID (GUID) that is used to track this request.
  • Authorization : CWSAuth bearer={bearerToken}

2. JSON body having required attributes for configuration profile creation or updation 

{
  "description": "string",
  "groups": [
    {
      "id": "string",
      "name": "string"
    }
  ],
  "name": "string",
  "priority": number,
  "url": "string"
}
<!--NeedCopy-->

Groups can be queried by using the following command. Make sure to replace the values in curly braces.

curl --location --request POST 'https://cws.citrixworkspacesapi.net/{YOUR-CUSTOMER-ID}/users/query' \
--header 'Content-Type: application/json' \
--header 'Authorization: CWSAuth bearer={token}' \
--data-raw '
{
    "adminUser": "",
    "domain": "{YOUR-DOMAIN}", // Use your domain for AD or null for AZUREAD
    "forest": "{YOUR-DOMAIN}", // Use your domain for AD or null for AZUREAD
    "idpType": "AD", // Use your IdP type, can be AD or AZUREAD
    "key": "",
    "query": "gacsadmin", // Use this query to search for groups
    "offerings": [],
    "supportsAzureAdGroups": false // Set this flag as true if you use AZUREAD
}'
<!--NeedCopy-->

A response to the above request would look like this.

{
    "results": [
        {
            "accountName": "gacsadmin", // Use accountName for AD as name
            ...
            "displayName": "gacsadministrator", // Use displayName for AAD as name
            ...
            "isGroup": true, // Consider records only which have isGroup as true
            ...
            "universalClaims": [
                "SID:/**********-*************", // Use SID prefix claim for AD as group Id
                "OID:/azuread/****************" // Use OID prefix claim for AAD as group Id
            ]
        }
    ]
}
<!--NeedCopy-->

Description of the attributes of the schemas

  • description: string Providing a description of the configuration profile.
  • groups: array of objects with the following properties.
    • id: string Active Directory or Azure Active Directory ID.
    • name: string Name of the configuration profile.
  • name: string consisting of alphanumerics, spaces, ‘-‘ and ‘_’.
  • priority: number between 1 and 1 million.
  • url: string the service URL in apt format. [5]
  • id: Configuration profile ID (GUID) of the created configuration profile record for example: 3fa81f64-5417-1562-b3fc-2c953f63afa6
  • createdAt: Time of creation of configuration profile record for example: 2024-02-13T03:23:19.273
  • modifiedAt: Time of last modification of configuration profile record for example: 2024-02-13T03:23:19.273Z

3. JSON response body for a single configuration profile record 

{
  "createdAt": "string",
  "description": "string",
  "groups": [
    {
      "id": "string",
      "name": "string"
    }
  ],
  "id": "string",
  "modifiedAt": "string",
  "name": "string",
  "priority": number,
  "url": "string"
}
<!--NeedCopy-->

4. JSON response body containing multiple configuration profile records 

{
  "count": number,
  "items": [
    {
      "createdAt": "string",
      "description": "string",
      "groups": [
        {
          "id": "string",
          "name": "string"
        }
      ],
      "id": "string",
      "modifiedAt": "string",
      "name": "string",
      "priority": number,
      "url": "string"
    }
  ],
  "nextToken": "string"
}
<!--NeedCopy-->

5. All the URLs while making calls are in the following format

{protocol}://{domain}:{port}/{path}

  • protocol might be http or https in case of StoreFront URLs
  • protocol is always https in case of Workspace URLs
  • path is not present in case of Workspace URLs
  • path is optional in case of StoreFront URLs

6. JSON body containing groups 

{
  "groups": [
    {
      "id": "string",
      "name": "string"
    }
  ]
}
<!--NeedCopy-->

7. JSON body containing updated priority 

{
  "priority": 0
}
<!--NeedCopy-->

Supported settings in configuration profiles and their values

The following table lists the settings and the values that are accepted per platform in configuration profiles:

Platforms tab {.tabnav}

Windows

Platform Category Setting Name Values accepted Description
Windows Root Hide advanced preferences “true”, “false” Hides the Advanced Preferences option from the Citrix Workspace app icon in the system tray.
Windows Root Hide connection center “true”, “false” Hides the Connection center option from the Advanced Preferences.
Windows Root Hide data collection “true”, “false” Hides the data collection option from the Advanced Preferences.
Windows Root Hide delete password “true”, “false” Hides the Delete passwords option from the Advanced Preferences.
Windows Root Hide support info “true”, “false” Hides the Support information from the Advanced Preferences.
Windows Root Hide Citrix casting “true”, “false” Hides the Citrix Casting option from the Advanced Preferences.
Windows Root Hide Citrix files “true”, “false” Hides the Citrix Files option from the Advanced Preferences.
Windows Dazzle WSC reconnect mode [“0”, .., “15”] Select the Workspace Control Reconnect Mode.
Windows Dazzle All apps are mandatory “true”, “false” Adds all apps to the Favorites tab.
Windows Dazzle Use different paths for start menu and desktop “true”, “false” Allows users to select different paths for the Start menu and shortcuts.
Windows Dazzle Remove apps on exit “true”, “false” Removes apps upon Citrix Workspace app exit.
Windows Dazzle Fast connect api support enabled “true”, “false” Enables fast connect API support.
Windows Dazzle Put shortcuts in the startup menu “true”, “false” Lists the shortcuts in the Start menu.
Windows Dazzle Enable FTA “true”, “false” Enables a default file type association.
Windows Dazzle Start menu dir String Value Folder name in the Start menu to list the shortcuts.
Windows Dazzle Enable default FTAs “true”, “false” Enables a default file type association.
Windows Dazzle Self-service mode “true”, “false” Enables Self Service mode. Disabling this setting restricts access to Citrix Workspace app user interface. Users can access apps and desktops via the Start menu and desktop shortcuts.
Windows Dazzle Clear app list on exit “true”, “false” Clears apps upon Citrix Workspace app exit.
Windows Dazzle Desktop dir String Value Lists all the desktop shortcuts in the specified folder on the local desktop.
Windows Dazzle Remove apps on logoff “true”, “false” Removes desktop shortcuts and apps from the Start menu upon sign-out.
Windows Dazzle Use category as a desktop path “true”, “false” Allows to view the apps and their category folder on the local desktop.
Windows Dazzle Publish safe content “true”, “false” Publish safe content.
Windows Dazzle Suppress refresh on startup “true”, “false” Suppress refresh upon Citrix Workspace app startup.
Windows Dazzle Clear app list on logoff “true”, “false” Clears the app list after you sign out from the Citrix Workspace app.
Windows Dazzle Put shortcuts on desktop “true”, “false” Allows to create Citrix Workspace app shortcut on the desktop.
Windows Dazzle Use category as a Start menu path “true”, “false” Allows to view the apps and their category folder in the Windows Start menu.
Windows Dazzle Store Authentication Tokens “true”, “false” Encrypts and stores the authentication token on the local disk. Users do not have to reenter the credentials during a system or session restart.
Windows Dazzle Enable User Manage Local Apps “true”, “false” Enables user manage local apps.
Windows Dazzle Enable Local App Discovery “true”, “false” Enables Local App Discovery feature. This feature helps to discover and list locally installed applications on the Citrix Workspace app.
Windows Dazzle Local App allow list Array of App Object to allow list for Local App Discovery. example: [{name:””, “path”: “”, “arguments”: “”}] Allows to configure the local app allow list.
Windows Dazzle Quick Desktop Launch Support “true”, “false”  
Windows ICA Client Auto Update Rollout Priority “Fast”, “Medium”, “Slow” Controls when the app must be updated on the client device.
Windows ICA Client Auto Update LTSR Only “true”, “false” Enables to get updates for LTSR only.
Windows ICA Client Defer Update Count [“-1”, .., “30”] Specifies the number of times that a user can defer the notifications for the release updates.
Windows ICA Client Enable CEIP “true”, “false” Collects configuration, events, properties, and usage data from the Citrix Workspace app anonymously.
Windows Browser Open All Apps In Cwb “true”, “false” Enables to open all apps in Citrix Workspace Browser.
Windows Browser Incognito Mode Availability “Incognito mode available”, “Incognito mode disabled” Enables availability of the incognito mode.
Windows Browser Developer Tools Availability “Disallow usage of the Developer Tools on extensions installed by enterprise policy”, “Allow usage of the Developer Tools”, “Disallow usage of the Developer Tools” Enables availability of the developer tools.
Windows Browser Enable Password Save “true”, “false” If you enable password saving, Citrix Workspace app stores the password on the device for future logons and does not prompt for passwords when users connect to applications.
Windows Browser Extension Install Force List Array of strings, example : [“extension_id1”,”extension_id2”]  
Windows Browser Extension Install Allow List Array of objects of type ExtensionInstallAllowlist. Example : {“id”:”extension_id1”,”name”:”extension_name1”,”install link”:”chrome store url for the extension”}  
Windows Browser Managed Bookmarks Array of objects of type CitrixBrowserBookmarkModel. Example: [{“toplevel_name”:”My managed bookmarks folder”},{“name”:”Google”,”url”:”google.com”},{“name”:”Youtube”,”url”:”youtube.com”},{“name”:”Chrome links”,”children”:[{“name”:”Chromium”,”url”:”chromium.org”},{“name”:”Chromium Developers”,”url”:”dev.chromium.org”}]}]  
Windows Browser Delete Browsing Data On Exit Array of Strings, example: [“browsing_history”,”download_history”]  
Windows Browser auto fill address enabled “true”, “false” When enabled, AutoFill suggests or fills the address information.
Windows Browser auto fill credit card enabled “true”, “false” When enabled, AutoFill suggests or fills the credit card information.
Windows Browser command line flag security warnings enabled “true”, “false” When enabled, displays the security warnings when potentially dangerous command-line flags are used to launch the browser.
Windows Browser payment method query enabled “true”, “false” When enabled, websites are allowed to verify if you’ve saved any payment methods already.
Windows Browser saving browser history disabled “true”, “false” When enabled, the browsing history doesn’t get saved, tab syncing is off, and you can’t change this setting.
Windows Browser search suggests enabled “true”, “false” When enabled, search suggestions are enabled and for the browser’s address bar. This policy doesn’t affect the suggestions based on bookmarks or history.
Windows Browser export bookmark allowed “true”, “false”  
Windows Browser force ephemeral profiles “true”, “false”  
Windows Browser default cookies setting “Allow all sites to set local data”, “Do not allow any site to set local data”, “Keep cookies for the duration of the session” Specify how you want to handle the cookies.
Windows Browser default popup setting “Allow all sites to show pop-ups”: “Allow all sites to show pop-ups”, “Do not allow any site to show pop-ups”, “BlockPopups applies, but users can change this setting” When enabled, all sites are allowed to display pop-ups. When disabled, no site is allowed to display pop-ups.
Windows Browser relaunch notification period [“1”, .., “2147483647”] Specify the time in milliseconds after which the users are notified that the browser must be relaunched or the device must be restarted to apply a pending update. If not set, the default period of 604800000 milliseconds (one week) is used.
Windows Browser look alike warning allowlist domains An array of strings. For example, [“foo.example.com”,”example.org”]. Specify the list of websites where lookalike URL warnings are prevented from displaying. The lookalike URL warnings are displayed on the websites that the browser assumes to be trying to imitate another website that the user is familiar with.
Windows Browser extension installs sources An array of strings. For example, [“https://corp.mycompany.com/”,”https://corp1.mycompany1.com/”]. Specify the URLs which can install the extensions, apps, and themes.
Windows Browser auto launch protocols from origins An object of type AutoLaunchProtocolsFromOriginsModel. For example, {“protocol”: “teams”, “allowedOrigins”: [“example.com”, “http://www.example.com:8080”]}. Specify a list of protocols that can launch an external application from the listed origins without prompting the user.
Windows root enable ftu “true”, “false” Use to suppress the Add Account screen.
Windows dazzle maximize workspace window “true”, “false” Shows Citrix Workspace app in the maximized window, by default.
Windows dazzle show reconnection prompt to reconnect sessions “true”, “false” Shows a prompt that allows the users to reconnect to all the disconnected sessions.
Windows ICA Client window size   Default window size of the Citrix Workspace app.

macOS

Platform Category Setting Name Values accepted Description
macOS ICA Client Reconnect Apps and Desktops String Value example: “startWorkspace”, “refreshApps” Allows users to reconnect to a session when the user sign-in to the Citrix Workspace app.
macOS ICA Client Enable CEIP “true”, “false” Enables Citrix Customer Experience Improvement Program(CEIP) to collect usage data anonymously. Disabling this setting sends Citrix Workspace app version only.
macOS ICA Client Auto Update Rollout Priority “Fast”, “Medium”, “Slow” Controls when the app must be updated on the client device.
macOS ICA Client Defer Update Count [“-1”, .., “30”] Specifies the number of times that a user can defer the notifications for the release updates.
macOS ICA Client reconnect on sign-in “true”, “false” Allows a session to automatically reconnect when a new account is added or during sign-in.
macOS ICA Client reconnect on refresh “true”, “false” Automatically reconnects to a session launched from another device when upon refresh of the apps or desktops on the second device
macOS Root Hide Citrix casting “true”, “false” Hides Citrix Casting option from the Advanced Preferences. Citrix Casting option appears when this setting is disabled and allows the users to enable or disable the Citrix Casting feature.
macOS Root Hide delete password “true”, “false” Hides Delete passwords option from the Advanced Preferences and restricts users to clear the stored passwords.
macOS Root Hide Citrix files download location “true”, “false” Hides Citrix Files option from the Advanced Preference and restricts the users to update the files download location.
macOS Root Enable Quick Access for StoreFront “true”, “false” Allows StoreFront users to open their favorite apps and desktops from the Quick Access menu. Learn more
macOS Dazzle Remove apps on logoff “true”, “false” Removes the app shortcut added to the Favorites upon sign-out.
macOS Dazzle Add shortcuts to launchpad “true”, “false” Allows users to add shortcut of the app to the Favorites.
macOS Dazzle Maximize workspace window “true”, “false” Enables to open the Citrix Workspace app in the maximized mode, by default.
macOS Browser Open All Apps In Cwb “true”, “false” Enables to open all apps in Citrix Workspace Browser.
macOS Browser Incognito Mode Availability “Incognito mode available”, “Incognito mode disabled” Enables availability of the incognito mode.
macOS Browser Developer Tools Availability “Disallow usage of the Developer Tools on extensions installed by enterprise policy”, “Allow usage of the Developer Tools”, “Disallow usage of the Developer Tools” Disallow usage of the Developer Tools on extensions installed by enterprise policy.
macOS Browser Enable Password Save “true”, “false” If you enable password saving, Citrix Workspace app stores the password on the device for future logons and does not prompt for passwords when users connect to applications.
macOS Browser Extension Install Force List Array of strings, example : [“extension_id1”,”extension_id2”]  
macOS Browser Extension Install Allow List Array of objects of type ExtensionInstallAllowlist. Example: {“id”:”extension_id1”,”name”:”extension_name1”,”install link”:”chrome store url for the extension”}  
macOS Browser Managed Bookmarks Array of objects of type CitrixBrowserBookmarkModel. Example: [{“toplevel_name”:”My managed bookmarks folder”},{“name”:”Google”,”url”:”google.com”},{“name”:”YouTube”,”url”:”youtube.com”},{“name”:”Chrome links”,”children”:[{“name”:”Chromium”,”url”:”chromium.org”},{“name”:”Chromium Developers”,”url”:”dev.chromium.org”}]}]  
macOS Browser Delete Browsing Data On Exit Array of Strings, example: [“browsing_history”,”download_history”]  
macOS Browser auto fill address enabled “true”, “false” When enabled, AutoFill suggests or fills the address information.
macOS Browser auto fill credit card enabled “true”, “false” When enabled, AutoFill suggests or fills the credit card information.
macOS Browser command line flag security warnings enabled “true”, “false” When enabled, displays the security warnings when potentially dangerous command-line flags are used to launch the browser.
macOS Browser payment method query enabled “true”, “false” When enabled, websites are allowed to verify if you’ve saved any payment methods already.
macOS Browser saving browser history disabled “true”, “false” When enabled, the browsing history doesn’t get saved, tab syncing is off, and you can’t change this setting.
macOS Browser search suggests enabled “true”, “false” When enabled, search suggestions are enabled and for the browser’s address bar. This policy doesn’t affect the suggestions based on bookmarks or history.
macOS Browser export bookmark allowed “true”, “false”  
macOS Browser force ephemeral profiles “true”, “false”  
macOS Browser default cookies setting “Allow all sites to set local data”, “Do not allow any site to set local data”, “Keep cookies for the duration of the session” Specify how you want to handle the cookies.
macOS Browser default popup setting “Allow all sites to show pop-ups”: “Allow all sites to show pop-ups”, “Do not allow any site to show pop-ups”, “BlockPopups applies, but users can change this setting” When enabled, all sites are allowed to display pop-ups. When disabled, no site is allowed to display pop-ups.
macOS Browser relaunch notification period [“1”, .., “2147483647”] Specify the time in milliseconds after which the users are notified that the browser must be relaunched or the device must be restarted to apply a pending update. If not set, the default period of 604800000 milliseconds (one week) is used.
macOS Browser look alike warning allowlist domains An array of strings. For example, [“foo.example.com”,”example.org”]. Specify the list of websites where lookalike URL warnings are prevented from displaying. The lookalike URL warnings are displayed on the websites that the browser assumes to be trying to imitate another website that the user is familiar with.
macOS Browser extension installs sources An array of strings. For example, [“https://corp.mycompany.com/”,”https://corp1.mycompany1.com/”]. Specify the URLs which can install the extensions, apps, and themes.
macOS Browser auto launch protocols from origins An object of type AutoLaunchProtocolsFromOriginsModel. For example, {“protocol”: “teams”, “allowedOrigins”: [“example.com”, “http://www.example.com:8080”]}. Specify a list of protocols that can launch an external application from the listed origins without prompting the user.

{}

Resources
Global App Configuration Service OpenAPI Specification
Copy Download
Configuration profiles API workflow documentation
May 6, 2024
Contributed by: 
C
May 6, 2024
Contributed by: 
C

In this article

Resources
Global App Configuration Service OpenAPI Specification
Copy Download
Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.