EUCbackup Default chapterAdvanced API Automation (Rohit )

Advanced API Automation (Rohit )


This lab will provide hands on training to leverage APIs to perform Automation task in your Workspace ONE UEM Environment. We will use POSTMAN to demonstrate the API automation.

In the industry today, DevOps, Operations and Support teams are leveraging API capability to automate application releases, minimize human interaction and achieve faster troubleshooting. In this lab we will learn how to use these APIs by making a collection of API calls for our DevOps use case.

Use Case: Developer team releases weekly updates to business critical application. Built an automation for this application release to our production devices.

Getting Started

All the REST API calls are listed in the API portal. You can access the portal by navigating to https://<WorkspaceONE UEM URL>/api/help. 

1. Navigate to

2. Click on APIs. Select the module you want to work on. Also you can use the search capability to search for the desired API call. In the Search APIs/ Method field type the name of the API. 


Setting up POSTMAN

This step is optional. You can setup POSTMAN on your personal desktop or use the application on ControlCenter2 server. 

1. Navigate to

2. Click on Download the App. 

3. This will redirect to the Download page. Click download and select your compatible version. If you are downloading on ControlCenter VM, then select 64-bit. 

4. Open the application once downloaded, sign in or create a new account. 

DevOps Automation

To meet our use case, DevOps needs the capability of uploading the application to the UEM console, create and assign smart group and publish to specific devices. We will use a total of 4 API calls to achieve the same.

Step 1: Upload Application

Uploading the application in the console comprises of two POST API commands.

  1. uploadblob: Uploads the apk as a blob to the database server.
  2. begininstall: Creates an internal application using the uploaded file blob.

1. Search uploadblob in the Search APIs/ Method field. 

2. Click on Upload Blob. ( /uploadblob )

3. Enter required fields for filename and organizationGroupId.

Note: Filename will be the filename of the apk you are uploading. To fetch organizationGroupid, open Workspace ONE UEM console and navigate to Groups & Settings > Groups > Organization Groups > Details. Copy the ID from the Browser URL. For example: In this case, 722 is the OGID.

4. Click Try it now. 

5. Scroll down to see the response of your API call. Copy the Request URL in the response. 

Note: We will use Postman tool to make our API calls and create Automation. 

6. Navigate to the ControlCenter2 Server. 

7. Find the Postman icon on your desktop screen. Open Postman application. 

8. Click Request. 

9. Provide a Request Name. In this case, DevOps Upload Blob. This is the first API call you are creating.

10. Scroll down to create collection. Name it Livefire collection. 

11. Click Save to Livefire Collection. 

12. Paste the copied Request URL in the Enter Request URL field in Postman.

13. Change the Request type from GET to POST. Note the Params value is now populated.

14. Under Authorization tab, change the type to Basic Auth. Provide your Workspace ONE UEM admin credentials in the username and password field.

15. Under Headers, add the following key value.

Aw-tenant-code YOUR API ADMIN KEY
Content-Type Application/json

Navigate to System > Advanced > API in Workspace ONE UEM console to get Admin API.

16. Under Body, choose Binary and select file. Select the apk on your desktop.

17. Under Tests, copy and paste the below json script. This will create a global variable Value and assign the response result of the blob update to this global variable.

var data = JSON.parse(responseBody);
if (data.hasOwnProperty("Value"))
    postman.setGlobalVariable("value", data.Value);

18. Click SEND. You should see 200 OK in the response Status. In the body of the response, you will see uuid and value of the uploaded blob.

Before we move forward, we will check to confirm the global parameter from our previous call is created.

  1. Navigate to Settings (Top Right) > Globals.
  2. Check in the list if there exist an entry called 'value' and its CURRENT VALUE matches the output in the response body. We will use this value in the next call.

Once Uploadblob is successfully executed, we will pass this blob "value" parameter in the next API call to save as an internal app on the console.

  1. Create a new tab in POSTMAN. Name it Compile APK.
  2. Navigate to Under APIs, search for begininstall.
  3. Click on /apps/internal/begininstall API. You might have to scroll down on the browser to see the expanded view of the API call.
  4. Under Parameter field, click Data Type box on the right. You will see the appChunkTransaction field populated. Click Try it out!
  5. Copy the Request URL field in the response.
  6. Navigate to Postman, under Enter Request URL, paste the URL.
  7. Change the command type to POST.
  8. Under Authorization, select type as Basic Auth and fill in the username and password.
  9. Under Header, copy the same Header values from the previous upload blob API call.
  10. Under the Body Tab , select RAW and change the type to JSON from TEXT.
  11. Then, Paste the below script. In this example, we have simplified to only include device type Android (Device type- 5), Push mode and Organization group.
  "BlobId": "{{value}}",
  "DeviceType": "5",
  "ApplicationName": "testapk",
  "SupportedModels": {
    "Model": [
        "ModelId": 0,
        "ModelName": "Android"
  "PushMode": "Auto",
  "LocationGroupId": 722,
  "CarryOverAssignments": true

Replace the LocationGroupId to your LGID and give your application a Name. Leave Push Mode in the Body of the API call "Auto".

9.  In the Tests Tab, we will create a new global variable for our application id. This Application id will be passed in the future to assign the smart group to this application.

var data = JSON.parse(responseBody);

10. Click SEND. Confirm the response is 200 OK.


Note: In real world, Customer would edit the appChunkTransaction body from the API portal to meet their own use case.

Step 2: Create Smart Group

1. Navigate back to your Workspace ONE UEM API console,

2. Under APIs tab, search for Smart Group. Click on POST /smartgroups.

3. Scroll down to find the expanded view of the API, under Parameters, click inside Data Type box. This will populate the SmartGroupEditModel field.

4. Click Try It Out! button.  

5. Copy the Request URL field,

6. Open Postman. Create a new tab and name it Create Smart Group.

7. Change the Request type to POST.

8. Copy the Request URL.

9. Under Authorization, select type as Basic Auth and fill in the username and password.

10. Under Header, copy the same Header values from the previous upload blob API call.

11. In Body Tab paste the below script, and edit the "ManagedByOrganisationGroupId" field and the "Id" field with YOUR LGID

NOTE: Customer would use the SmartGroupEditModel and replace values with their own required parameters. For simplicity, below is an example where we create a smart group, 'Livefire smart group' managed at OG with LGID 722.  

  "Name": "Livefire smart group",
  "CriteriaType": "All",
  "ManagedByOrganizationGroupId": "722",
  "OrganizationGroups": [
      "Id": "722",

12. Under Tests, copy the below JSON script. In this script, we are passing the response from create smart group API call to our next call.

var data = JSON.parse(responseBody);
if (data.hasOwnProperty("Value"))
    postman.setGlobalVariable("SmartGroup", data.Value);

13. Click SEND. Confirm the response is 201 Created.

Make sure the Variable "SmartGroup" is created in the Settings of Postman.


STEP 3: Assign and Publish.

1. Navigate to Workspace ONE UEM API console,

2. Under APIs tab, search for assignments.

3. Click on PUT /apps/internal/{applicationId}/assignments

4. In order to fetch the request URL and Body of the API call. Enter the application id and copy the applicationAssignments field (click on Data Type Example)

5. Click Try it Out! Copy the Request URL.

  • Note, the application id will be replaced by Global Variable "app" that was created in the second API call by Tests JSON script.

6. Open Postman. Create a new Tab and name it Assign Smart Group.

7. Change the Request type to PUT or POST.

8. Copy the Request URL.{{app}}/assignments.

9. Under Authorization, select type as Basic Auth and fill in the username and password.

10. Under Header, copy the same Header values from the previous upload blob API call.

11. Under Body, you can copy and paste the body from the API portal. For simplicity, paste the below body.

  "SmartGroupIds": [
    {{SmartGroup}}  ],
  "DeploymentParameters": {
    "PushMode": "Auto",
    "ApplicationBackup": true,
    "IsPerAppVpnEnabled": false,
    "AllowManagement": true,
    "MacOsDesiredStateManagement": true,
    "RequiresApproval": true,
    "VisibleInAppCatalog": true,

Note: We are passing the 'SmartGroup' Global variable from the previous API call.

12. Click SEND. Check for 200 OK response.



1. Navigate to the Workspace ONE UEM console.

2. Under Apps&Books > Native. Check your APK is added successfully under Internal tab.

3. Check the assignment of the APK. Click on your APK and click ASSIGN. Assign button is located top right of the screen.

4. Confirm Assignment includes livefire smart group. Select the assignment and click EDIT.

5. Confirm Select Assignment Group is livefire smart group and App Delivery Method is set to AUTO.

6. Click on livefire smart group. In the criteria confirm your OG is selected under Organization Group.

7. Cancel all the windows. This confirms all the APIs successfully Executed.


This Section will add all the above 4 API calls in one collection and execute them together to demonstrate automation. Before you begin, delete the APK and Smart Group you just created in the previous section from the workspace ONE UEM console.


  1. In the Workspace ONE UEM console, navigate to Apps&Books > Native. Select the APK you uploaded and click DELETE.
  2. Click on Filter on the same screen. Under Status, choose All. You will observe the app was not deleted but deactivated from the console. Select your APK from this list Again and click DELETE.
    • Note: This is a safety net in console to ensure Admin do not delete critical production application that have an active assignment.
  3. Delete the Livefire Smart Group from the UEM console. Navigate to Groups&Settings > Groups > Assignment Groups. Select your smart group and click DELETE.

Create a new Collection.

  1. Navigate to POSTMAN.
  2. On the left pane, click + New Collection. Name it Livefire DevOps.
  3. Click Create.

Save all 4 API calls to the new collection.

  1. In POSTMAN, from the left panel, click on upload blob API call.
  2. Navigate to the down arrow next to SAVE. Click on Save As and select Livefire DevOps.
  3. Repeat this task for the remaining 3 API calls.

Run the Collection

Once the API collection is ready and console clean up is completed, you are ready to execute this automation.

  1. Select your collection in POSTMAN.
  2. Click on the play icon.
  3. In the expanded window view, click RUN.
  4. This will open a new window, Click RUN Livefire DevOps.
  5. Go to your Workspace ONE UEM console and validate the APK is present and smart group is assigned.

You can export the entire collection in a json file and use tools like Newman to execute the same from Command Line. You can perform the same task sequence in Powershell leveraging the Workspace ONE UEM API Portal. This lab uses Postman to simplify and demonstrate API automation for beginners.

To export in JSON, click on the menu Icon (View More Options) next to collection. Click Export to generate a JSON script for your collection. This lab does not demonstrate Newman or Powershell.


Add your comment

E-Mail me when someone replies to this comment