Set Temporary Elevated Device Privileges Using the API

This article explains how to use the 黑料海角91入口 API to set temporary elevated device privileges for a user in your org. To perform these functions, use the Access Requests API endpoint. See . By using various API calls (GET, POST, PUT) you can create, query, modify, or revoke existing access requests.

The access requests endpoint accepts these API calls to perform various functions:

POST
- Create an access request.
- Revoke an existing access request by inputting its accessID.
GET
- Query an existing access request by inputting its accessID.
PUT
- Modify the expiration time of an existing access request by its accessID.

Prerequisites:

黑料海角91入口 API Key
- See Accessing Your API Key.
黑料海角91入口 Org ID
- See Access your Organization ID.
User ID
- See Locating the User鈥檚 User ID from the API.
Device or System ID
- See Locating the Device鈥檚 System ID.
Operation ID
- This is a static value specific to temporary elevated device privileges. Enter ff487bda-e18f-42ed-9d6c-5c7cafd6adf9.

Considerations:

The following examples are presented in cURL, but you can also use an app like Postman to manage your API requests. See Configure 黑料海角91入口 API Endpoints in Postman.
Creating an access request generates an accessID specific to that request. This $ACCESS_ID value is required for querying, updating, or revoking an existing request.

Running an Access Request Command

The following is a sample command to create an access request. This will grant the user temporary admin privileges on the specified device that will be automatically revoked at the expiry time.

curl --location 'https://console.jumpcloud.com/api/v2/accessrequests' \
--header 'x-api-key: $JC_API_KEY' \
--header 'X-Org-Id: $JC_ORG_ID' \
--header 'Content-Type: application/json' \
--data '{
  "requestorId": "$JC_User_ID",
  "resourceId": "$JC_Device_ID",
  "resourceType": "device",
  "remarks": "",
  "expiry": "2024-05-10T13:57:45.497Z",
  "operationId": "ff487bda-e18f-42ed-9d6c-5c7cafd6adf9",
  "additionalAttributes": {
    "sudo": {
      "enabled": true,
      "withoutPassword": false
    }
  }
}'

You鈥檒l need to enter the relevant information into the following fields to create the access request:

x-api-key
- Your API key.
X-Org-Id
- Your 黑料海角91入口 Organizational ID.
requestorId
- The objectID of the user you鈥檙e granting temporary elevated privileges.
resourceId
- The objectID of the user鈥檚 device.
resourceType
- This is defined as 鈥渄evice鈥� for this request.
expiry
- The time in UTC when the user鈥檚 temporary elevated privileges will expire.

Successful completion of the command will create the access request and return an accessID which can be used to query, update, or revoke it ahead of expiration.

{
"id": "$ACCESS_ID"
}

Querying an Access Request

You can use the accessID returned in the previous step to query the status of the access request. Replace the $ACCESS_ID below with the returned value.

curl --location 'https://console.jumpcloud.com/api/v2/accessrequests/$ACCESS_ID鈥� \
--header 'Accept: application/json' \
--header 'x-api-key: $JC_API_KEY

This will return details of the access request:

{
    "id": 16839,
    "applicationIntId": "",
    "accessId": "ACCESS_ID",
    "onBehalfOfUserId": "redacted",
    "requestorId": "$JC_User_ID",
    "tempGroupId": "",
    "resourceId": "$JC_Device_ID",
    "resourceType": "device",
    "accessState": "granted",
    "remarks": "",
    "expiry": "2024-05-10T13:57:45Z",
    "version": 0,
    "createdBy": "redacted",
    "updatedBy": "redacted",
    "operationId": "ff487bda-e18f-42ed-9d6c-5c7cafd6adf9",
    "additionalAttributes": "eyJzdWRvIjogeyJlbmFibGVkIjogdHJ1ZSwgIndpdGhvdXRQYXNzd29yZCI6IGZhbHNlfX0=",
    "duration": 148664,
    "metadata": "",
    "jobId": "ZjvjIVIlzQABNQxS",
    "companyId": "YkX0p4k4MlRDoC8n"
}

Updating an Access Request

You can also use the accessID to update an existing access request. For example, you can extend the duration of the user鈥檚 temporary admin access. This example extends the expiry 1 day past the original command from 2024-05-10 to 2024-05-11.

curl --location --request PUT 'https://console.jumpcloud.com/api/v2/accessrequests/$ACCESS_ID' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'x-api-key: $JC_API_KEY' \
--data '{
  "additionalAttributes": {},
  "expiry": "2024-05-11T19:42:30.404Z",
  "organizationObjectId": "$JC_Device_ID",
  "requestorId": "redacted",
  "remarks": "<string>"
}'

Revoking an Access Request

To revoke an access request and remove a user鈥檚 temporary admin access ahead of the expiration, use the following command. Replace the $ACCESS_ID below with the returned value in the first step after creating the access request:

curl --location --request POST 'https://console.jumpcloud.com/api/v2/accessrequests/$ACCESS_ID/revoke' \
--header 'Accept: application/json' \
--header 'x-api-key: $JC_API_KEY'

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case

黑料海角91入口