API Reference Document for

MobileIron WebService 9.0

February 26, 2016

1
MobileIron Confidential
 Contents
API Reference Document for MobileIron WebService 9.0 ................................................................. 1

Contents .............................................................................................................................................. 2

1 Important Note on v1 API Deprecation ...................................................................................... 7

2 Document Overview ................................................................................................................... 7

3 General Guidelines and Conventions ......................................................................................... 7

3.1 Parameter Formats ......................................................................................................... 7

3.1.1 Path Parameters 8

3.1.2 Query parameters 8
3.2 Date Formats................................................................................................................... 9

3.3 Phone Number Formats .................................................................................................. 9

3.4 HTTP request methods.................................................................................................... 9

3.5 Response Formats ........................................................................................................... 9

3.6 HTTP Response Codes ................................................................................................... 10

3.7 Using offset and limit Parameters to Cycle through Records ....................................... 10

3.8 Device and User Identifiers ........................................................................................... 12

3.9 Operating System Dependencies .................................................................................. 12

3.10 Supported Browsers and Recommended Plugins ......................................................... 12

3.11 General Practice ............................................................................................................ 12

4 Authentication .......................................................................................................................... 12

4.1 Username/Password ..................................................................................................... 13

5 WADL ........................................................................................................................................ 13

6 Device Management ................................................................................................................. 13

6.1 Status and statusCode values ....................................................................................... 13

2
MobileIron Confidential
6.2 Compliance, quarantinedStatus, and blockReason values ........................................... 14

6.3 Get Devices by Status.................................................................................................... 16

6.3.1 Get Device details for a specific device 21

6.3.2 Android Details Key-Value Descriptions 26
6.3.3 iOS Details Key-Value Descriptions 39
6.3.4 Exporting Device Information to a CSV 49
6.4 Get Device Details for a Phone Number/User/Label/Wi-Fi MAC Address ................... 50

6.5 Register a Device ........................................................................................................... 57

6.6 Retire a Device .............................................................................................................. 59

6.7 Lock a Device ................................................................................................................. 61

6.8 Unlock a Device ............................................................................................................. 62

6.9 Wipe a Device ............................................................................................................... 64

6.10 Wakeup Client ............................................................................................................... 66

6.11 Locate a Device ............................................................................................................. 67

6.12 Enable Roaming ............................................................................................................ 69

6.13 Get all Labels ................................................................................................................. 71

6.14 List of Labels for a Device.............................................................................................. 72

6.15 Apply Labels to a Device ............................................................................................... 73

6.16 Remove Labels from a Device ....................................................................................... 75

6.17 List of Operators............................................................................................................ 77

6.18 List of Countries ............................................................................................................ 79

6.19 Send Action to bulk devices .......................................................................................... 80

6.20 Send message to devices .............................................................................................. 83

6.21 Get Profiles for a Device................................................................................................ 85

3
MobileIron Confidential
 6.22 Re-push Profiles for a Device ........................................................................................ 87

7 Exchange ActiveSync (EAS) ....................................................................................................... 88

7.1 List All ActiveSync Devices ............................................................................................ 88

7.2 Device Details for ActiveSync ........................................................................................ 91

7.3 Request Action on ActiveSync Device ........................................................................... 94

8 Security Management............................................................................................................... 95

8.1 Update Password for a User ......................................................................................... 95

8.2 Upload certificate for a User ......................................................................................... 97

8.3 Delete certificate for a User .......................................................................................... 98

8.4 Get certificate for a User............................................................................................... 99

8.5 Find a User .................................................................................................................. 100

8.6 Search LDAP Users ...................................................................................................... 101

8.7 Authenticate a User .................................................................................................... 103

9 Alerts ....................................................................................................................................... 106

9.1 Get All Alerts ............................................................................................................... 106

9.2 Get All Alerts for Phone Number ................................................................................ 108

9.3 Get all Alerts for User.................................................................................................. 111

9.4 Get All Alerts for a Phone Number of a User .............................................................. 113

9.5 Update Alert ................................................................................................................ 115

9.6 Update List of Alerts.................................................................................................... 116

10 Applications ............................................................................................................................ 117

10.1 Get Application Inventory ........................................................................................... 117

10.2 Get Device Application Inventory ............................................................................... 120

4
MobileIron Confidential
 10.3 Get Devices by Application Name ............................................................................... 124

10.4 Add Application to the App Storefront ....................................................................... 126

10.4.1 Request File 128

10.5 Apply App to/Remove App from a Label .................................................................... 130

10.6 Get all app categories ................................................................................................. 130

10.7 Delete an app category ............................................................................................... 131

10.8 Get all apps for a platform type in App Catalog.......................................................... 132

10.9 Associate or dissociate a category with an app .......................................................... 134

10.10 Add a new app category ............................................................................................. 135

10.11 Rename an app category ............................................................................................ 136

11 Policies .................................................................................................................................... 138

11.1 Get Policies.................................................................................................................. 138

11.2 Get Policies by DeviceUUID......................................................................................... 139

11.3 Apply/Remove policy for a label. ................................................................................ 141

11.4 Policy Rules ................................................................................................................. 142

11.4.1 Security policy rules 142

11.4.2 Lockdown policy rules 162
11.4.3 Sync policy rules 163
11.4.4 Privacy policy rules 166
12 Application Settings ................................................................................................................ 170

12.1 Get all Application Settings ......................................................................................... 170

12.2 Get Application Settings by Device UUID.................................................................... 172

13 AppConnect for iOS and Android Analytics ............................................................................ 173

13.1 Get Analytics for AppConnect Apps ............................................................................ 173

5
MobileIron Confidential
14 Testing from a browser ........................................................................................................... 175

15 Test Client ............................................................................................................................... 175

16 Change Log.............................................................................................................................. 176

16.1 Changes made for February 26, 2016 version of document ...................................... 176

16.2 Changes made for February 9, 2016 version of document ........................................ 176

16.3 Changes made for October 29, 2015 version of document ........................................ 176

16.4 Changes made for July 1, 2015 version of document ................................................. 177

16.5 Changes made for May 6, 2015 version of document ................................................ 177

16.6 Changes made for March 19, 2015 version of document .......................................... 177

16.7 Changes made for November 17, 2014 version of document .................................... 177

16.8 Changes made for August 19, 2014 version of document .......................................... 177

16.9 Changes made for June 18, 2014 version of document ............................................. 178

16.10 Changes made for May 28, 2014 version of document .............................................. 178

16.11 Changes made for Dec 19, 2013 version of document ............................................... 178

6
MobileIron Confidential
1 Important Note on v1 API Deprecation
MobileIron is deprecating some v1 APIs in favor of their new v2 API counterparts and MobileIron will not
concurrently support some of the deprecated v1 versions. Please see this KB article for details.

2 Document Overview
This document provides development information for customers and partners intending to use
MobileIron WebService APIs.

The initial sections provide general guidelines and conventions for reference.

The main part of the document includes API descriptions, which are categorized as follows:
• Device management – includes device registration, changing device states (locked, lost, wiped,
retired, etc.), and retrieving lists (countries, operators, and labels).
• Exchange ActiveSync – retrieves detailed information for EAS devices and provides a way to act
on those devices.
• Security management –helps a user with password protection.
• Alerts – allows for alert retrieval and updates.
• Applications – provides an inventory of installed applications.
• Policies
• Application settings
• AppConnect analytics

Each of the above categories contains one or more API calls. In most cases, there is an API description, a
URI, a set of mandatory or optional request parameters, response status codes, and the response (with
example data included). The input parameters and output response include definitions where
necessary. Please refer to the Administration Guide for additional background and details on how these
functions behave in the UI.

The end of the document includes a sample http test client implemented in Java.

3 General Guidelines and Conventions

3.1 Parameter Formats
The HTTP requests use two types of parameters:

• Path parameters
• Query parameters

7
MobileIron Confidential
3.1.1 Path Parameters
Path parameters continue the URI path using a slash (/) for a separator. For example, to get details for a
device, you specify its device uuid with a path parameter. The following shows the URI format for this
request, and an example:

https://{host-name}/api/v1/dm/devices/{deviceuuid}

https://mycore.mobileiron.com/api/v1/dm/devices/4239b999-46e3-423b-
b808-54fff69b544c

If a request uses path parameters, they are specified in the URI format for the request.

3.1.2 Query parameters

Query parameters are included in the URI path using a question mark or ampersand (? or &). For
example, to retire a device, after specifying the device uuid as a path parameter, you specify a reason as
a query parameter. The following shows the URI format for this request, and an example:

https://{host-name}/api/v1/dm/devices/retire/{deviceuuid}

https://mycore.mobileiron.com/api/v1/dm/devices/retire/c097c9e2-c82e-
40f6-9e69-a0478c4fcee0?reason=AnyReasonTextYouChoose

The first query parameter is preceded by a question mark (?), using the following format:

?parameterName=parameterValue

Subsequent query parameters are preceded by an ampersand (&), using the following format:

&parameterName=parameterValue

For example, to get all the Android devices that have a particular application installed, use the following
request:

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=Frog%2
0Toss!_017%201.0&platform=A

Note: If a parameter is not shown in a request’s URI format with a slash, it is a query parameter; the URI
format for a request shows only the path parameters. The description that follows each URI format
provides information on the query parameters, if any.

8
MobileIron Confidential
3.2 Date Formats
Many API calls include start and end dates in the request. In general, the dates are optional. If dates are
not included, all available records will be returned. If start and end dates are included in the request,
only records within the date range will be returned.

Dates can be in the following formats

• Jan 1 2010
• January 1, 2010
• January 1, 2010, 00:00:00
• UTC format: YYYY-MM-DDThh:mm:ssTZD
o For example: 2010-03-10T15:04:06+00:00 which is March 10, 2010 3:04:06 PM
• Alternate format: MM-DD-YYYY hh:mm:ss
o For example: 03-12-2010 13:23:12 which is March 12, 2010 1:23:12 PM

3.3 Phone Number Formats

Many API calls require a phone number in the request. The following rules apply to an input phone
number:
• Enter numbers only.
• Do not include a country code.
• Do not include parenthesis, dashes, periods, or other special characters.

3.4 HTTP request methods

Depending on the HTTP request, use one of the following HTTP request methods:

• Get – Use for requests that retrieve information from MobileIron Core.
• Put – Use for requests that change information on MobileIron Core.
• Post – Use for the bulk requests that perform actions on many devices, or for requests that
provide substantial information on MobileIron Core.

Each request description specifies which HTTP request method to use.

3.5 Response Formats

Requests to the API can return xml or json, based on the request headers.
• For xml output, set the ‘Accept’ header in the request to ‘application/xml’.
• For json output, set the ‘Accept’ header in the request to ‘application/json’.

9
MobileIron Confidential
3.6 HTTP Response Codes
Responses from the API use the codes listed below. In addition, a “Success” message is shown for
successful method executions. When method executions fail, a descriptive error message is displayed.
• 200 OK: Success
• 400 Bad request: The request was invalid. The accompanying error message in the output
explains the reason.
• 401 Unauthorized: Authentication to the API has failed. Authentication credentials are missing
or wrong.
• 404 Not found: The requested resource is not found. The accompanying error message explains
the reason.
• 405 Method Not Allowed: The HTTP request method that was specified is not the correct
method for the request.
• 500 Internal Server Error: An internal server error has occurred while processing the request.
• 502 Bad Gateway: The MobileIron server is not reachable.

3.7 Using offset and limit Parameters to Cycle through Records

Some requests result in responses that contain many records. For example, the request for the list of all
devices on which a specific application is installed can match hundreds or thousands of devices.
Therefore, the following request returns by default only the first 100 records rather than all records:

• Get Devices by Application Name

To return more than the first 100 records, these APIs support the limit and offset query parameters.
These parameters allow you to get successive sets of records in successive responses.
Specifically, use these query parameters to do the following:

• Limit the number of records returned in the response to a number you choose, using the query
parameter limit.

For example, the following request returns the first 50 devices that have the LinkedIn app
installed:

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=LinkedI
n&limit=50

• Specify the index of the first record to return in the response, using the query parameter
offset.

The value is zero-based. For example, the following request returns 50 devices, starting with the
101st device:

10
MobileIron Confidential
 https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=LinkedI
n&limit=50&offset=100

The offset parameter defaults to 0. Therefore, both of the following requests return 50 devices,
starting with the first device:

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=LinkedI
n&limit=50&offset=0

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=LinkedI
n&limit=50

Therefore, to get successive sets of records in successive responses, increase the offset value by the
limit value in each request. For example:

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=LinkedI
n&limit=50&offset=0

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=LinkedI
n&limit=50&offset=50

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=LinkedI
n&limit=50&offset=100

For the API that gets the devices that have a particular app installed (Get Devices by Application Name),
you can also set limit to -1 to get all the devices in one response. For example:

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=LinkedI
n&limit=-1

The following table summarizes the limit and offset query parameters.

Query Description Default value Special value

parameter

limit Maximum number of 100 -1

records to show in the
Note: This default value Shows all records in the response.
response.
applies only to APIs that
support the limit query Note: This special value only
parameter. Other APIs applies to the apps/inventory/app
always return all API, described in Get Devices by
applicable records in the Application Name.
response.

11
MobileIron Confidential
Query Description Default value Special value
parameter

offset Zero-based index of first 0

record to show in the
response

3.8 Device and User Identifiers

The requests and responses use identifiers for devices and users.

Every time a user or a device is created, MobileIron Core internally generates a unique identifier, called
a “uuid”. Each device gets a unique uuid. Because a single user can have multiple devices, each user
gets a unique uuid, independent of any devices used.

Other IDs are used for other purposes, such as identifying a network, and are described in the APIs.

3.9 Operating System Dependencies

Refer to the Administrator’s Guide for an up-to-date matrix which displays supported features by
operating system and platform. If a particular feature is not supported by an OS, the feature API will not
return a valid response.

3.10 Supported Browsers and Recommended Plugins

FireFox and Chrome are the supported browsers. Internet Explorer is not supported. Plugins like Poster
for FireFox and Advanced REST Client for Chrome are recommended for interacting with the http server;
simply submitting a URI in the browser does not consistently result in a properly rendered response.

3.11 General Practice

All the requests are wrapped in WebServiceRequest, and the responses are wrapped in
WebServiceResponse. startDate and endDate from the request are returned in the response.

4 Authentication
Access to the web service is granted using roles. The ability to grant role access is available to
administrators that are assigned the role ‘Manage administrators and device spaces’. These Super
Administrators can assign the ‘API’ role to a user with the following steps:

1. From the Admin Portal, select Admin > Admins.

2. Select a user from the list of users.

12
MobileIron Confidential
 3. Select Actions > Edit Roles.
4. Select the ‘API’ role, which is listed under Others.
5. Click Save.

4.1 Username/Password
The web service requires authentication via username and password:
Username: Username of any local or LDAP user who has the ‘API’ role.
Password: The same password used to login to MobileIron Core the Admin Portal.

5 WADL
The WADL (Web Application Description Language) is an xml interface file between client and server.
The WADL file is present in the API test client zip file. To view the generated WADL, open the following
URL from a browser:

https://{host-name}/api/?_wadl&_type=xml

6 Device Management
Device Management APIs allow administrators to retrieve a variety of details for devices based on
varying search criteria. These APIs can also register, retire, wipe, lock, unlock, locate, and wakeup a
device. Lastly, labels, countries, and operators can be retrieved from these APIs.

6.1 Status and statusCode values

Some Device Management APIs refer to device “status” and “statusCode” in either requests or
responses. Possible values for these variables are listed here:

status:
• ACTIVE – Active devices
• IENROLL_VERIFIED – Enrollment verified devices for iPhone and WebOS
• IENROLL_INPROGRESS – Enrolling devices for iPhone and WebOS
• IENROLL_COMPLETE – Enrolled devices for iPhone and WebOS
• INFECTED – Virus Infected devices
• LOST – Lost devices
• RETIRED – Retired devices
• VERIFIED – Registration Verified devices
• VERIFICATION_PENDING – Verification Pending devices
• EXPIRED – Expired devices
• WIPED – Wiped devices

13
MobileIron Confidential
statusCode:
• ACTIVE - 97
• BLOCKED - 98
• IENROLL_VERIFIED - 100
• IENROLL_INPROGRESS - 101
• IENROLL_COMPLETE - 102
• INFECTED - 105
• LOST - 108
• RETIRED - 114
• VERIFIED - 118
• VERIFICATION_PENDING - 112
• EXPIRED - 120
• WIPED - 119

6.2 Compliance, quarantinedStatus, and blockReason values

The APIs which return information about a device include these fields:

• <compliance>
• <quarantinedStatus>
• <blockReason>

The value of each of these fields appears in the response as a decimal number that represents a bitmap
value. Each bit in the value represents a reason why the device is not in compliance, has been
quarantined, or has been blocked from accessing the ActiveSync server.

The following table shows when each of these fields is non-zero:

Field Value
<compliance> The value is non-zero if the device is not in compliance as specified by its security
policy.
<quarantinedStatus> The value is non-zero if the device is not in compliance as specified by its security
policy, and the setting that is not in compliance specifies an action that includes
quarantining the device.
<blockReason> The value is non-zero in the following cases:

• The device is not in compliance as specified by its security policy, and the
setting that is not in compliance specifies an action that includes
blocking access to the ActiveSync server.
• The administrator has manually blocked the device’s access to the
ActiveSync server. This action is available in MobileIron Core Admin
14
MobileIron Confidential
 Portal, at Users & Devices | ActiveSync Associations.

Note: If multiple reasons apply, the corresponding bit values are summed. For example, if the device
has been compromised (value 1), and its OS version is less than the required version (value 2), then the
field has the value 3.

The following table shows all the possible bitmap values for the <compliance>, <quarantinedStatus>,
and <blockReason> fields:

Hexadecimal Decimal Description

value value
0x000000 0 Device is in compliance.

Note: Jailbroken Android devices have the compliance value 0,

but the security_state field in the Android device details has the
value “compromised”.
0x000001 1 Device is compromised.
0x000002 2 OS version is less than the supported OS version.
0x000004 4 Hardware version is not allowed.
0x000008 8 Data Protection is not enabled.
0x000010 8272 Policy is out of date.
0x000020 32 Device is out of contact.
0x000040 64 App control policy is out of compliance.
0x000080 128 Device exceeds per mailbox limit.
0x000100 256 Device is not registered.
0x000200 512 Device is manually blocked.
0x000400 1024 Exchange Reported.
0x000800 2048 Device administrator is deactivated.

Note: On an Android device, the device administrator is

deactivated. On iOS 5.0 and higher, the MDM profile has been
removed, which deactivates MDM on the device.
0x001000 4096 Disallowed app control policy is out of compliance.
0x002000 8256 Required app control policy is out of compliance.
0x004000 16384 Allowed app control policy is out of compliance.
0x008000 32768 Logged out.
0x400000 4194304 Unknown reason.

15
MobileIron Confidential
6.3 Get Devices by Status
A device within the MobileIron system travels through a variety of different states, each of which can be
retrieved through an API call. States such as enrollment-in-progress, active, retired, lost, or wiped can
be retrieved. This API returns all devices that match the requested status type. If the status is not
specified, all devices with ‘Active’ status are returned.

Examples:

Get all devices with the status ACTIVE:

https://mycore.mobileiron.com/api/v1/dm/devices

Get all devices with the status LOST:

https://mycore.mobileiron.com/api/v1/dm/devices?status=LOST

Get all devices with the status ACTIVE updated within the last 20 minutes:

https://mycore.mobileiron.com/api/v1/dm/devices?updatedWithin=20

URI: Devices with the input status are

https://{host-name}/api/v1/dm/devices returned.
Http Method: GET
Format: xml, json
Request:
Status Optional.
See list of valid values above.
updatedWithin Optional.
Limit the devices returned to
those whose details changed
within the specified number of
minutes.
Note: This option does not return
Windows devices and Windows
Phone devices.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<messages>
<message>212 Device(s) returned</message> Status message.
16
MobileIron Confidential
</messages>
<devices>
<device id='2’>
<uuid>8d711cdc-e93c-49b1-88d6-222f54132445</uuid> Unique identifier for the device.
<principal>jdoe</principal> User ID for the user of the device.
This corresponds to the user ID in
the MobileIron Core Admin
Portal, as seen in Users & Devices
| Users.
<blockReason>0</blockReason> A bitmap value that lists the
reasons, if any, that the device is
blocked from accessing the
ActiveSync server. The possible
values are described in 5.2
Compliance, quarantinedStatus,
and blockReason values.
<clientId>1073741831</clientId> For MobileIron Core internal use.
<comment>comment for the device</comment> Comment entered by the
administrator.
<compliance>0</compliance> A bitmap value that lists the
reasons, if any, that the device is
out of compliance with its
security policy. The possible
values are described in 5.2
Compliance, quarantinedStatus,
and blockReason values.
<countryCode>1</countryCode> Country code for the device.
<countryId>183</countryId> Country identifier for the device.
MOBILEIRON CORE assigns this
identifier to the country.
<countryName>United States</countryName> Country name for the device.
<details> Device details, which consist of
key-value pairs. The set of key-
value pairs vary by the make,
model, and operator of the
device. The set shown is only an
example.

For more information, see 5.3.2

Android Details Key-Value
Descriptions and 5.3.3 iOS Details
Key-Value Descriptions.

17
MobileIron Confidential
 If device registration is pending,
then the details section is empty.
<entry>
<key>device_model</key>
<value>DROIDX</value>
</entry>
<entry>
<key>platform_name</key>
<value>2.2</value>
</entry>
<entry>
<key>Client_version</key>
<value>4.2.0</value>
</entry>
</details>
<deviceCount>1</deviceCount> Not used. Always 0.
<easLastSyncAttempt>2012-01- Time of the last attempt the
10T20:36:57+00:00</easLastSyncAttempt> device made to synchronize with
Exchange ActiveSync.
<easUuid>4d22d6d7-29dc-4c35-8e67-23dee442cf85</easUuid> Exchange ActiveSync device id.
<emailAddress>[email protected]</emailAddress> The user’s email address as
entered during registration.
<emailDomain>txt.att.net</emailDomain> Email domain of the operator for
the device.
<employeeOwned>false</employeeOwned> true - the employee owns the
device.
false - the enterprise owns the
device.

The value is set during

registration and the
administrator can change it.
<homeOperator>Verizon</homeOperator> The service operator for the
device when it is not roaming.
<languageCountryId>0<languageCountryId> The unique identifier for the
country associated with the
language used on the device. For
example, there would be a
different ID for a Canadian French
language device when compared
to a device from France.

MobileIron Core assigns this

18
MobileIron Confidential
 identifier to the country.
<languageId>1</languageId> The unique identifier for the
language used on the device.
<lastConnectedAt>2011-07-08T01:52:33+00:00</lastConnectedAt> The date and time that the device
last made successful contact with
the MobileIron server.

For iOS devices that have iOS

MDM enabled, this value is the
time of the last iOS MDM
checkin.
<manufacturer>Research In Motion</manufacturer> The device manufacturer as
automatically reported by the
device during registration.
<mdmManaged>false</mdmManaged> Indicates that the MDM profile is
enabled on the device. This field
applies only to iOS devices. For
other devices, the value is always
false.
<mdmProfileUrlId></mdmProfileUrlId> MOBILEIRON CORE internal ID for
its iOS MDM profile information.
<model>8130</model> The model of the device as
reported by the device during
registration.
<name>jdoe:Android 4.4:PDA 2</name> The concatenated name used to
identify the device/user
combination.
<notifyUser>true</notifyUser> true indicates the user should be
notified via SMS and email during
registration.

false indicates the user should

not be notified.

The notification consists of the

principal name, platform, and
phone number.
<operator>AT&T</operator> Service provider for the device.
The value PDA indicates no
operator is associated with the
device.
<operatorId>269</operatorId> Identifier of the operator for the
device. MOBILEIRON CORE

19
MobileIron Confidential
 assigns this identifier to the
operator.
<phoneNumber>4085551212</phoneNumber> The phone number entered by
the user or administrator during
registration.
<pin>2732E6DB</pin> Unique identification number for
a BlackBerry device. Not available
for other devices.
<platform>Android 4.4</platform> String indicating the platform
installed on the device. The
string is specified during
registration.
<quarantinedStatus>0</quarantinedStatus> A bitmap value that lists the
reasons, if any, that the device is
quarantined. When a device is
quarantined, its configurations
(that is, profiles) have been
removed due to violations with
its security policy.

The possible values are described

in 5.2 Compliance,
quarantinedStatus, and
blockReason values.
<regCount>0</regCount> For Blackberry, after the MobileIron
client is downloaded, the VSP sends
the provisioning SMS message to the
client. If the client fails to connect,
then the VSP resends the message at
a scheduled interval. This value
indicates how many times the VSP
sent the provisioning message to the
client.

<regType>DEFAULT</regType> This value applies only to BlackBerry

devices, indicating the registration
type configured on MobileIron Core.
Possible values are:

DEFAULT: Register/Deploy via

MobileIron

BES: Register via MobileIron, Deploy

20
MobileIron Confidential
 via BES

BESAUTO: Register/Deploy via

BES 5.x
<status>ACTIVE</status> String indicating the current
status of the device with regard
to registration and connection.
For valid values, see Status field
above.
<statusCode>97</statusCode> Numeric code defined for the
status. See list of valid values
above.
<userDisplayName>Joe Doe</userDisplayName> The concatenation of the user’s
first name and last name as
defined during registration.
<userFirstName>Joe</userFirstName>
<userLastName>Doe</userLastName>
<userSource>76</userSource> Value 76 for a Local user.

Value 68 for an LDAP user.

Note:
76 is the value of ASCII ‘L’, which
stands for Local.
68 is the value of ASCII ‘D’, which
stands for Directory (LDAP).
<userUUID>de398fcb-a3a4-412c-a1dd-9be8bd46e728</userUUID> Internal user ID.
<iPhoneVersion>8J2</iPhoneVersion> Version number of iPhone.
</device>
</devices>
</deviceManagementWebServiceResponse>

6.3.1 Get Device details for a specific device

Example:

https://mycore.mobileiron.com/api/v1/dm/devices/12849438-0d74-3c30-6b7d-
121a3da8645d

URI: Devices with the input status are

https://{host-name}/api/v1/dm/devices/{deviceuuid} returned.
Http Method: GET
Format: xml, json

21
MobileIron Confidential
Request:
Deviceuuid Unique identifier for the device.
Only one uuid can be passed at a
time.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
</messages> Empty if the device specified
exists. Otherwise, a <message>
element is included indicating
that no device was found.
<device id='2’>
<uuid>8d711cdc-e93c-49b1-88d6-222f54132445</uuid> Unique identifier for the device.
<principal>jdoe</principal> User ID for the user of the device.
This corresponds to the user ID in
the MobileIron Core Admin
Portal, as seen in Users & Devices
| Users.
<blockReason>0</blockReason> A bitmap value that lists the
reasons, if any, that the device is
blocked from accessing the
ActiveSync server. The possible
values are described in The
possible values are described in
5.2 Compliance,
quarantinedStatus, and
blockReason values.
<clientId>1073741831</clientId> For MOBILEIRON CORE internal
use.
<compliance>0</compliance> A bitmap value that lists the
reasons, if any, that the device is
out of compliance with its
security policy. The possible
values are described in 5.2
Compliance, quarantinedStatus,
and blockReason values.
<countryCode>1</countryCode> The country code for the device.
<details> Device details, which consist of
key-value pairs. The set of key-

22
MobileIron Confidential
 value pairs vary by the make,
model, and operator of the
device. The set shown is only an
example.

For more information, see 5.3.2

Android Details Key-Value
Descriptions and 5.3.3 iOS Details
Key-Value Descriptions.

If device registration is pending,

then the details section is empty.
<entry>
<key>device_model</key>
<value>DROIDX</value>
</entry>
<entry>
<key>platform_name</key>
<value>2.2</value>
</entry>
<entry>
<key>Client_version</key>
<value>4.2.0</value>
</entry>
</details>
<deviceCount>1</deviceCount> Not used. Always 0.
<emailAddress>[email protected]</emailAddress> The user’s email address as
entered during registration.
<employeeOwned>false</employeeOwned> true - the employee owns the
device.
false - the enterprise owns the
device.

The value is set during

registration and the
administrator can change it.
<languageCountryId>0<languageCountryId> The unique identifier for the
country associated with the
language used on the device. For
example, there would be a
different ID for a Canadian French
language device when compared
to a device from France.
23
MobileIron Confidential
 MobileIron Core assigns this
identifier to the country.
<languageId>1</languageId> The unique identifier for the
language used on the device.
<lastConnectedAt>2011-07-08T01:52:33+00:00</lastConnectedAt> The date and time that the device
last made successful contact with
the MobileIron server.

For iOS devices that have iOS

MDM enabled, this value is the
time of the last iOS MDM
checkin.
<manufacturer>Research In Motion</manufacturer> The device manufacturer as
automatically reported by the
device during registration.
<mdmManaged>false</mdmManaged> Indicates that the MDM profile is
enabled on the device. This field
applies only to iOS devices. For
other devices, the value is always
false.
<mdmProfileUrlId></mdmProfileUrlId> MOBILEIRON CORE internal ID for
its iOS MDM profile information.
<model>8130</model> The model of the device as
reported by the device during
registration.
<namejdoe:Android 4.4:PDA 2</name> The concatenated name used to
identify the device/user
combination.
<notifyUser>true</notifyUser> true indicates the user should be
notified via SMS and email during
registration.

false indicates the user should

not be notified.

The notification consists of the

principal name, platform, and
phone number.
<operator>PDA</operator> Service provider for the device.
The value PDA indicates no
operator is associated with the
device.

24
MobileIron Confidential
<operatorId>269</operatorId> Identifier of the operator for the
device. MOBILEIRON CORE
assigns this identifier to the
operator.
<phoneNumber>4085551212</phoneNumber> The phone number entered by
the user or administrator during
registration.
<platform>Android 4.4</platform> String indicating the platform
installed on the device. The
string is specified during
registration.
<quarantinedStatus>0<quarantinedStatus> A bitmap value that lists the
reasons, if any, that the device is
quarantined. When a device is
quarantined, its configurations
(that is, profiles) have been
removed due to violations with
its security policy.

The possible values are described

in 5.2 Compliance,
quarantinedStatus, and
blockReason values.
<regCount>0</regCount> For Blackberry, after the
MobileIron client is downloaded,
the VSP sends the provisioning
SMS message to the client. If the
client fails to connect, then the
VSP resends the message at a
scheduled interval. This value
indicates how many times the
VSP sent the provisioning
message to the client.
<regType>DEFAULT</regType> This value applies only to BlackBerry
devices, indicating the registration
type configured on the VSP. Possible
values are:

DEFAULT: Register/Deploy via

MobileIron

BES: Register via MobileIron, Deploy

via BES

25
MobileIron Confidential
 BESAUTO: Register/Deploy via
BES 5.x.
<status>ACTIVE</status> String indicating the current
status of the device with regard
to registration and connection.
For valid values, see Status field
above.
<statusCode>97</statusCode> Numeric code defined for the
status. See list of valid values
above.
<userDisplayName>Joe Doe</userDisplayName> The concatenation of the user’s
first name and last name as
defined during registration.
<userFirstName>Joe</userFirstName>
<userLastName>Doe</userLastName>
<userSource>76</userSource> Value 76 for a local user.

Value 68 for an LDAP user.

Note:
76 is the value of ASCII ‘L’, which
stands for Local.
68 is the value of ASCII ‘D’, which
stands for Directory (LDAP).
<userUUID>de398fcb-a3a4-412c-a1dd-9be8bd46e728</userUUID> Internal user ID.
</device>
</deviceManagementWebServiceResponse>

6.3.2 Android Details Key-Value Descriptions

The following table shows the key-value pairs in the <details> element for Android devices. The set of
key-value pairs and the order they appear in the response can vary according to the type of device.
Therefore, the table presents the pairs in alphabetical order by the key name.

If a key-value pair is not applicable for a device, typically the HTTP response does not include the pair.

The MobileIron Core Admin Guide has more information about fields that are available in the Admin
Portal.

Key Name Key Description Value

26
MobileIron Confidential
Key Name Key Description Value

admin_activated Whether device administrator true

privilege is activated for the
MobileIron client on the device. false

battery_life Power remaining in the battery The percentage of power

life. remaining in the battery.

Example: 100

board The name of the underlying board A name that the Android OS
on the Android device. provides.

Example: venus2

brand The brand (e.g., carrier) the A string that the Android OS
Android software is customized provides.
for, if any.
Example: verizon

c2dmToken Android C2DM registration ID for A string of characters

the device.

client_name Name of MobileIron client Example: com.mobileiron

application on the device.

client_version MobileIron client version number Example: 4.5.0

running on the device.

codename Android platform’s current Example: REL

development codename, or the
string "REL" if this is a release
build.

country_code The device’s Mobile Country Example for United States: 310
Codes (MCCs). MCCs are defined
in ITU E.212.

current_mobile_num Phone number of the device Example: 6505551212

ber

27
MobileIron Confidential
Key Name Key Description Value

current_operator_n Name of current registered Example: Verizon

ame operator. Wireless

current_SIM_module International Mobile Subscriber Example:

_number Identity number for the device.
262014530204577

device The name of the industrial design A string that the Android OS
of the device. provides.

Examples:

cdma_droid2

cdma_shadow

device_id Unique identifier for the device Example:

ddc865b69c13eeb4

device_manufacture Manufacturer of the device. Example: motorola

r

device_model Model of the Android device Example: DROID2

device_roaming_fla Whether the device is roaming. on – The device is roaming.

g
off -- The device is not
roaming.

device_type Whether the device uses CDMA or CDMA or GSM

GSM technology to transmit voice
calls. If the device does not
transmit voice calls, this fields
whether the device uses CDMA or
GSM technology is transmit data.

28
MobileIron Confidential
Key Name Key Description Value

display_size Size of the device’s display Dimensions in pixels, in the

format:

<height>X<width>

Example: 854X480

free_media_card_si Amount of unused storage on the Number in bytes

ze media card on the device.
Example: 2.36M

free_media_card_si Amount of unused storage on the Number in bytes

ze_bytes media card on the device.
Example: 104857000

free_ram_size Amount of RAM available on the Number of megabytes, shown

device. with M suffix.

Example: 5.84M

free_ram_size_byte Amount of unused RAM memory Number in bytes.

s on the device.
Example: 104857000

free_storage_size Amount of unused storage on the Number in bytes

device
Example: 6489.68M

free_storage_size_ Size of unused storage on the Number in bytes.

bytes device.
Example: 104857000

29
MobileIron Confidential
Key Name Key Description Value

home_operator Home service provider for the The service provider name,
device mobile country code and mobile
network code of the provider in
the following format:

<name>::<MCC+MNC>

Example: Verizon::310004

imei International Mobile Equipment Example: A00000226EBF9F

Identity of the device.

imsi International Mobile Subscriber Example:

Identity number for the device.
262018410218015

incremental Android platform version’s build Example: 110719

number.

lat_long_last_capt The last time the location of the Specified as seconds since
ured_at device was recorded. January 1, 1970.

Example: 1324421860972

latitude Latitude of the device’s location. Degrees latitude.

Example: 37.396074

locale Locale for the device Examples:

en-US

en

longitude Longitude of the device’s location. Degrees longitude

Example: -122.056339

30
MobileIron Confidential
Key Name Key Description Value

mdm_enabled Whether the MobileIron client is true – The MobileIron client is

fully configured on the device. fully configured.

Note: The MobileIron client can be false – The MobileIron client

installed and running, but still is not fully configured.
unable to manage the device if it
is not fully configured.

multi_mdm Whether multiple Device Admin true – More than one Device
applications are active on the Admin application are active.
device.
False – One or zero Device
Admin Applications are active.

network_id CDMA network identification Example: 6

number.

os_version The Android SDK version code Example: 10

The value 10 corresponds to

Android 2.3.3. Values are
defined on
http://developer.android.com.

platform_name Android platform version number Example: 2.3.3

on the device.

processor_architec Processor architecture of the armeabi-v7a

ture device.

31
MobileIron Confidential
Key Name Key Description Value

prv_bluetooth Whether the lockdown policy for ON – Access to Bluetooth is

the device has disabled access to enabled for both audio and
Bluetooth. data.

AUDIO – Access to Bluetooth is

enabled for audio only.

OFF – Access to Bluetooth is

disabled.

unsupported – The
MobileIron client does not
support enabling or disabling
Bluetooth on the device.

prv_camera Whether the lockdown policy for ON – Access to the camera is

the device has disabled access to enabled.
the camera.
OFF – Access to the camera is
disabled.

unsupported – The
MobileIron client does not
support enabling or disabling
the camera on the device.

prv_device_encrypt Whether the security policy for on – Device encryption is

ion the device has enabled data enabled.
encryption on the device.
off -- Device encryption is
not enabled.

unsupported – The
MobileIron client does not
support enabling or disabling
data encryption on the device.

32
MobileIron Confidential
Key Name Key Description Value

prv_exchange_Domai Domain of the email server of the Email server domain.

n device’s user.
For example: MOBILEIRON

If the email client is not yet

configured, the value is na.

If the email client is not

supported by MobileIron, then
the response does not include
this key-value pair.

prv_exchange_Serve Email server for the device’s user. Email server address.
r
For example:
mail.mobileiron.com

If the email client is not yet

configured, the value is na.

If the email client is not

supported by MobileIron, then
the response does not include
this key-value pair.

prv_exchange_UserN Email user name of the device’s Email user name.

ame user.
For example:
[email protected]

If the email client is not yet

configured, the value is na.

If the email client is not

supported by MobileIron, then
the response does not include
this key-value pair.

33
MobileIron Confidential
Key Name Key Description Value

prv_exchange_UseSS Whether email transport uses ON – Email uses the Secure

L Secure Socket Layer. Socket Layer. The value is ON if
MobileIron supports the email
client and the email client is
configured.

If the email client is not yet

configured, the value is na.

If the email client is not

supported by MobileIron, then
the response does not include
this key-value pair.

prv_max_failed_att Maximum number of times the The maximum number, or the

empts user can enter an incorrect value 0 if no maximum exists.
password before the device is
wiped. This value is applicable only if
prv_password_type
indicates that a password is
mandatory.

prv_max_idle_time Maximum time the device can be Number of minutes

inactive before the user must re-
enter the password. Example: 30

This value is applicable only if

prv_password_type
indicates that a password is
mandatory.

prv_password Whether both of the following ON – Both conditions are true.

conditions are true:
- A password is mandatory for OFF – One or both of the
the user to access the device, conditions are not true.
as specified in the device’s
security policy.
- The device is compliant with
the security policy.

34
MobileIron Confidential
Key Name Key Description Value

prv_password_expir Numbers of days after which the The number of days, or the
ation_timeout device’s password will expire. value unsupported if a
password is optional.

Example: 30

This value is applicable only if

prv_password_type
indicates that a password is
mandatory.

prv_password_histo Number of passwords A number, or the value

ry_length remembered to ensure that the unsupported if a password
device’s user define a different is optional.
password.
This value is applicable only if
For example, the value 4 prevents prv_password_type
the user from repeating a
indicates that a password is
password for the next four
password changes. mandatory.

prv_password_lengt Minimum length for the device’s Number between 1 and 10, or -1
h password. which indicates the password
has no minimum length.

This value is applicable only if

prv_password_type
indicates that a password is
mandatory.

prv_password_minim Minimum number of special A number or the value

um_symbols characters that must be included unsupported if no minimum
in a password. Applicable only to is required.
Android 3.0 and higher.
This value is applicable only if
prv_password_type
indicates that a password is
mandatory.

35
MobileIron Confidential
Key Name Key Description Value

prv_password_type Whether the device’s password is 0 – password is mandatory

mandatory, and whether it must and is restricted to
be restricted to simple numeric alphanumeric characters.
input, alphanumeric characters,
or has no restrictions. The 1 – password is mandatory and
security policy assigned to the is restricted to simple numeric
device specifies the password
characters.
type.
2 – password is mandatory and
has no character restrictions.

-1 – password is optional.

prv_sd_encryption Whether the security policy for on – SD encryption is enabled.

the device has enabled encrypting
the contents of the SD (Secure off -- SD encryption is not
Data card) on the device. enabled.

unsupported – The
MobileIron client does not
support enabling or disabling SD
encryption on the device.

prv_sdcard Whether the lockdown policy for ON – Access to the SD card is

the device has disabled access to enabled.
the SD card.
OFF – Access to the SD card is
disabled.

unsupported – A lockdown
policy is not applied to this
device.

prv_vpn_servers A list of VPN servers that the List of semi-colon-separated

device can access. VPN servers, each given as an IP
address, a host name, or a URL.

The value is na if the list is

empty.

36
MobileIron Confidential
Key Name Key Description Value

prv_wifi Whether the lockdown policy for ON – Access to wireless LANs is

the device has disabled access to enabled.
wireless LANs.
OFF – Access to wireless LANs
is disabled.

unsupported – The
MobileIron client does not
support enabling or disabling
access to wireless LANs on the
device.

prv_wlan_ssids Wireless local area network List of identifiers, separated by

Service Set Identifiers for all semi-colons.
wireless LANs configures on the
device. If none, then the value is na.

Example: MobileIron-
Guest;MobileIron-Test

registration_imsi International Mobile Subscriber Example: 262073991646313

Identity number for the device.

registration_opera The name of the service provider Example: Verizon

tor_name for the device.

regUuid Device’s unique ID. Example:

ddc865b69c13eeb4

Samsung_DM Samsung device information for Example:

Samsung devices that support
FW: Key2,1 SW:1.0
Samsung MDM APIs.

security_state Indicates whether the device has Ok – The device has not been
been compromised. A compromised.
compromised Android device
means that the device has been Compromised – The device
rooted, which means that an has been compromised.
application has root access to the
device’s file system.

37
MobileIron Confidential
Key Name Key Description Value

SIM_module_number International Mobile Subscriber Example:

Identity number for the device. IMSI:3104105000000000

system_id CDMA System Identification Example: 40

number

total_media_card_s Amount of storage on the media Number of megabytes, shown

ize card on the device. with M suffix.

Example: 7574.19M

total_media_card_s Amount of storage on the media Number in bytes

ize_bytes card on the device.
Example: 785037745

total_ram_size Amount of RAM memory on the Number of megabytes, shown

device. with M suffix.

Example: 475.93M

total_ram_size_byt Amount of RAM memory on the Number in bytes

es device.
Example: 504857000

total_storage_size Amount of storage on the device. Number of megabytes, shown

with M suffix.

Example: 6700.98M

total_storage_size Amount of storage on the device. Number in bytes

_bytes
Example: 104857000

usb_debugging Indicates whether USB debugging ON – USB debugging is enabled.

is enabled on the device.
OFF – USB debugging is
disabled.

wifi_mac_addr Wi-Fi MAC address of the device. Example: f87b7a29838f

38
MobileIron Confidential
6.3.3 iOS Details Key-Value Descriptions
The following table shows the key-value pairs in the <details> element for iOS devices. The set of key-
value pairs and the order they appear in the response vary according to the type of device, such as
iPhone or iPad. Therefore, the table presents the pairs in alphabetical order by the key name.

Note: In most cases, key names that have an underscore, such as security_state or
Client_build_date, contain information that the device’s MobileIron client provides. Key names
without underscores, such as allowUntrustedTLSPrompt or maxGracePeriod, contain
information that the device’s operating system provides.

Key Name Key Description Value

allowAppInstallati Whether installation of Example: false

on applications is allowed.

allowCloudBackup Whether backing up the device true – Backing up to iCloud is

to iCloud is allowed. allowed.
Availability: iOS 5.0 and later.
false – Backing up to iCloud is
not allowed.

allowCloudDocument When false, document and Example: false

Sync key-value syncing to iCloud is
disabled.
allowExplicitConte Whether explicit music or video true – Explicit content is not
nt content purchased from the hidden.
iTunes Store is hidden. Content is
marked as explicit by content false – Explicit content is
providers when sold through the hidden.
iTunes Store.

allowInAppPurchase Whether In-App purchases are true – In-App Purchases are

s allowed. allowed.

false - In-App Purchases are

39
MobileIron Confidential
Key Name Key Description Value

not allowed.

allowiTunes Whether the iTunes Music Store true – iTunes is allowed.

is allowed on the device.
false - iTunes is not allowed.

allowMultiPlayerGa Whether multiplayer gaming is true – Multiplayer gaming is

ming allowed. allowed.

false - Multiplayer gaming is

not allowed.

allowPhotoStream Indicates whether the device’s true – Photo Stream is

Photo Stream is allowed on the allowed.
device.
Availability: iOS 5.0 and later. false – Photo Stream is not
allowed.

allowUntrustedTLSP When false, automatically true or false

rompt rejects untrusted HTTPS
certificates without prompting
the user.

Availability: iOS 5.0 and later.

allowVideoConferen Whether videoconferencing is true - Videoconferencing is
allowed on the device.
cing allowed.

false – Videoconferencing is
not allowed.

allowVoiceDialing Whether voice dialing is allowed true – Voice dialing is allowed

when the device is locked. when the device is locked.

false - Voice dialing is not

allowed when the device is
locked.

allowYouTube Whether the YouTube application true - YouTube is allowed.

is allowed on the device.
false – YouTube is not

40
MobileIron Confidential
Key Name Key Description Value

allowed.

apnsToken The device’s APNs (Apple Push Example:

Notification service) token.
5c7b0866d6d068f8b40156
90b83a6d1c00fb9484bdb0
0ea40d926bbade28de5f

AvailableDeviceCap Floating-point gibibytes (base- Example:

acity 1024 gigabytes). 13.765106201171875

Battery Level Floating-point percentage Example:

expressed as a value between 0.0 0.10000000149011612
and 1.0, or -1.0 if battery level
cannot be determined.

Availability: iOS 5.0 and later.

battery_life Power remaining in the battery The percentage of power

life. remaining in the battery.

Example: 30

BluetoothMAC Bluetooth MAC address. Example: B8FF617F7927

BuildVersion The iOS build number (8A260b, Example: 8J3

for example).
CarrierSettingsVer Version of the currently-installed Example: 11.0
sion carrier settings file.

CellularTechnology Returns the type of cellular Example: GSM

technology.
Availability: iOS 4.2.6 and later.

CheckOut Received MobileIron Core has received a true – MobileIron Core has
checkout message from the received a checkout message.
device. This message indicates
that the MDM profile was false – MobileIron Core has
removed from the device. not received a checkout message.

Client_build_date Build date of the MobileIron Example: Apr 8 2011

client.
41
MobileIron Confidential
Key Name Key Description Value

12:02:24

client_name Name of MobileIron client Example:

application on the device. com.mobileiron.phoneat
work

Client_version MobileIron client version number Example: 4.5.12.33698

running on the device.
country_code The device’s Mobile Country Example for United States: 310
Codes (MCCs). MCCs are defined
in ITU E.212 .

Current MCC The device’s Mobile Country Example for United States: 310
Codes (MCCs). MCCs are defined
in ITU E.212 .

Current MNC Current Mobile Network Code. If Example: 00

the device is not roaming, this is
the same as the SIM MNC.
DataRoamingEnabled Whether Data Roaming is Example: false
enabled.
device_id The International Mobile Example:
Equipment Number for an IMEI:012537000804721
iPhone.

device_manufacture Device manufacturer. For iOS Example: Apple

r devices, the value is always
Apple.
device_model Model of the iOS device. Examples:
iPad
iPhone 4
device_type Whether the device uses CDMA CDMA or GSM
or GSM technology to transmit Example: GSM
voice calls. If the device does not
transmit voice calls, this field
indicates whether the device
uses CDMA or GSM technology to
transmit data.
DeviceCapacity Floating-point gibibytes (base- Example: 14.020126342773438
1024 gigabytes).

42
MobileIron Confidential
Key Name Key Description Value

DeviceCompromised Whether the device is true – The device is

compromised. compromised.

false – The device is not

compromised.

DeviceName The name given to the device via Example: Joe B’s iPad
iTunes.
forceEncryptedBack Whether the device forces true or false
up encrypted backups.

free_storage_size_ Size of unused storage on the Number in bytes.

byte device.
Example:
14780170240.0000000000
00000

HardwareEncryption Describes the underlying The value represents a bit field

Caps hardware encryption capabilities with following meanings:
of the device.
1 – block-level encryption

2 – file-level encryption

Therefore, because these are bit

field values, the value 3 means
both block-level and file-level
encryption.

imei The device’s IMEI number. Example: 011981001429081

Ignored if the device does not
support GSM.
ImeiOrMeid The device’s MEID number. Example: 01 198100 142908
Ignored if the device does not 1
support CDMA.
imsi International Mobile Subscriber The IMSI or the value na if the
Identity number for the device. device has no IMSI.

Example: 262073947704030

43
MobileIron Confidential
Key Name Key Description Value

iOSBackgroundStatu The status of background 0 – The device supports

s location multitasking on the background location
device. multitasking, and the user has
enabled location services.

1 – The device supports

background location
multitasking, but the user has
disabled location services.

2 – Background multitasking has

been disabled by the privacy
policy applied to the device.

3 – The device hardware does

not support background
multitasking.

4 – The iOS version is earlier

than 4.0, and therefore does not
support background multitasking.

Example: 3

ip_address IP address of the device. Example: 192.168.1.174

The response includes this field

only if the device had connected
to a WIFI network. However, this
field does not indicate whether
the device is currently connected
to a WIFI network.

iPhone ICCID The ICC identifier for the installed Example: 8949 2260 7349 2040
SIM card. 105
iPhone IMEI International Mobile Equipment Example: 01 253700 080472 1
Identity of the device.
iPhone WIFI MAC address of device. Example:
MAC_ADDRESS_EN0 b8:ff:61:7f:79:26

44
MobileIron Confidential
Key Name Key Description Value

iPhone PRODUCT The model code for the device. Examples:

iPad
iPhone 4

iPhone UDID The unique device identifier Example:

(UDID) of the iOS device. 81a3379d884f1bd9f1b0ce
9b340358288081f7a1

iPhone VERSION The iOS build number of the iOS Example: 8J3
version that the device is
running.
it_policy_result Not used. Not used.

lat_long_last_capt The last time the location of the Specified as seconds since
ured_at device was recorded. January 1, 1970.

Example: 1325108114776

latitude Latitude of the device’s location. Degrees latitude.

Example: 50.645397

locale Locale for the device Examples:

en-US
en
longitude Longitude of the device’s Degrees longitude.
location.
Example: 7.943374

maxGracePeriod Maximum grace period, in Example: 900

minutes, to unlock the phone
without entering a passcode. The
value 0 means no grace period is
allowed; a passcode is required
immediately.
maxInactivity Number of minutes for which the Example: 300
device can be idle (without being
unlocked by the user) before it
gets locked by the system. Once

45
MobileIron Confidential
Key Name Key Description Value

this limit is reached, the device is

locked and the passcode must be
entered.
minLength Minimum overall length of the Example: 4
passcode.
mobile_number Phone number of the device. The mobile number, or the value
(null) if the device has no
mobile number.

Example:

+491718169911

Model The device’s model number. Examples:

MC820LL

MC603DN

ModelName Name of the device model. Examples:

iPad

iPhone

ModemFirmwareVersi The baseband firmware version. Example: 05.16.05

on

os_version The version of iOS that the device Example:

is running.
iPhone OS 4.3.3 (8J3)

iPhone OS 5.0.1
(9A405)

OSVersion The version of iOS that the device Example: 4.3.3

is running.
PasscodeIsComplian Set to true if the user's passcode true or false
t is compliant with all
requirements on the device,
including Exchange and other
accounts.

46
MobileIron Confidential
Key Name Key Description Value

PasscodeIsComplian Set to true if the user's passcode Example: true

tWithProfiles is compliant with requirements
from profiles.
PasscodePresent Set to true if the device is true or false
protected by a passcode.
platform_name For all iOS devices, this field has Example: iPhone
the value iPhone.
platform_type Either iPad or iPhone. Examples:

iPad

iPhone

processor_architec For iOS devices, the value is Example: ARM

ture always ARM.

ProductName The model code for the device. Examples:

iPad1,1

iPhone3,1

ratingApps Maximum rating for apps on the Example: 1000

device, according to Apple’s
ranking of apps.

ratingMovies Maximum rating for movies on Example: 1000

the device, according to Apple’s
ranking of movies.

ratingTVShows Maximum rating for TV shows on Example: 1000

the device, according to Apple’s
ranking of TV shows.

registration_imsi International Mobile Subscriber Example: (null)

Identity number for the device.
registration_opera The name of the service provider The name of the service provider,
tor_name for the device. or (null) if not applicable.

Example: AT&T

47
MobileIron Confidential
Key Name Key Description Value

safariAcceptCookie Indicates Safari’s setting to 0 - Never

s accept cookies.
1 - From visited

2 - Always

safariAllowPopups Indicates whether Safari is set to true – popups are allowed.

allow pop-ups.
false – popups are not
allowed.

safariForceFraudWa Indicates whether Safari is set to true – Fraud warning is

rning enable fraud warning. enabled.

false – Fraud warning is not

enabled.

security_reason_co Not used. Not used.

de

security_state Indicates whether the device has 0 – The device has been
been compromised. compromised.

1 – The device has not been

compromised.

SerialNumber The device’s serial number. Example: V5046DGHZ38

signal_strength The signal strength on the device. A number representing the signal
strength, given in dBm.

SIM MCC Home Mobile Country Code Example for United States: 310
(numeric string). MCCs are
defined in ITU E.212 .
SIM MNC The Mobile Network Code of the Example:
SIM card on the device.
01
Note: This field contains a
07
numeric MNC only if the network
is GSM. For CDMA networks, this
field contains an abbreviation of

48
MobileIron Confidential
Key Name Key Description Value

the carrier name, such as VZW or

SPR, for Verizon and Sprint.

SIMCarrierNetwork Name of the home carrier Example: Telekom.de

network.
Subscriber Carrier Name of the home carrier Example: o2-de
Network network. (Replaces
SIMCarrierNetwork.)

Availability: iOS 5.0 and later.

total_storage_size Amount of storage on the device. Number in bytes.

_bytes
Example:
15053996032.0000005368
70912

Voice Roaming Whether Voice Roaming is Example: true

Enabled enabled.

WiFiMAC Wi-Fi MAC address. Example: B8FF617F7926

6.3.4 Exporting Device Information to a CSV

To export device information to a CSV, use the following URI:

https://{host-name}/api/v1/dm/devices.csv

Note: No support is available for exporting device information for Exchange ActiveSync (EAS) devices to a
CSV. The request https://{host-name}/api/v1/eas/devices.csv is not supported.

The following fields are exported:

• Operator
• Country
• Device UUID
• Phone Number
• Principal
• Name

49
MobileIron Confidential
 • Platform
• Manufacturer
• Model
• Email Address
• Status Code
• Employee Owned
• Compliance
• Quarantine Status
• IMSI
• IMEI
• UDID
• Client Version
• MDM Enabled
• Serial Number
• Last Connected At
• Active Sync UUID
• Active Sync Last Sync Attempt
• Wi-Fi MAC Address
• Device Encryption
• Last MDM Check-In
• Last Security State Changed On
• Registered On

6.4 Get Device Details for a Phone Number/User/Label/Wi-Fi MAC

Address
Device details such as manufacturer, model, OS, status, and registered email address can be retrieved in
multiple ways using an API. Search requests can be made by phone number, user ID, or label. A single
user may be assigned multiple devices, in which case a list of devices could be returned for a matching
user ID. Given a phone number in the request, the API returns the device details for the pairing of user
and phone number. Given a label in the request, the API returns the device details for all devices
assigned to that label. The details returned depend on what the device reports; different devices may
return different information. This API applies only to registered devices.

Examples:

Get the device details for the device that has a specified phone number:

https://mycore.mobileiron.com/api/v1/dm/phones/4155551212

50
MobileIron Confidential
Get the device details for the devices that have the specified phone numbers:

https://mycore.mobileiron.com/api/v1/dm/phones/6505551212,4155551212

Get the device details for the devices belonging to the specified user:

https://mycore.mobileiron.com/api/v1/dm/users/jdoe

Get the device details for the devices assigned to a specific label:

https://mycore.mobileiron.com/api/v1/dm/labels/android

Get the device details for the device having a specific Wi-Fi MAC address:

https://mycore.mobileiron.com/api/v1/dm/devices/mac/38AA3C62BFAD

1. URI: Device details of the input phone

https://{host-name}/api/v1/dm/phones/{phone#} number is returned.
Http Method: GET
Format: xml, json
Request:
phoneNumber Required.
This can be multiple, comma-
separated phone numbers.
Example:
4085551212,6505551212

2. URI: Device details of all devices

https://{host-name}/api/v1/dm/users/{username} registered to the input username
will be returned.
Http Method: GET
Format: xml, json
Request:
userName Required. Device unique login
user name.

3. URI: Device details of all devices

https://{host-name}/api/v1/dm/labels/{labelname} assigned to the input labelname
will be returned.
Http Method: GET
Format: xml, json
Request:
labelName Required. Unique label name.
51
MobileIron Confidential
4. URI: Device details of the device
https://{host-name}/api/v1/dm/devices/mac/{macaddress} associated with the input Wi-Fi
MAC address.
Http Method: GET
Format: xml, json
Request:
macAddress Required.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<phoneNumber>14085551212</phoneNumber> Phone numbers from the
request. Included in response in
these two cases:
- only one phone number was in
the request.
- the request specified more than
one phone number, and a
problem occurred so that no
device details are included in the
response.

Note: If the request specified a

user name or a label name, they
are not repeated at the beginning
of the response.
<messages>
<message>212 Device(s) returned</message> Success is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.

Note: If the request specified one

valid phone number, the
<messages> element is empty.
</messages>
<devices>
<device id=’2’> Device identifier.
52
MobileIron Confidential
<uuid>8d711cdc-e93c-49b1-88d6-222f54132445</uuid> Unique identifier for the device.
<principal>jdoe</principal> User ID for the user of the device.
This corresponds to the user ID in
the Admin Portal, as seen in
Users & Devices | Users.
<blockReason>0</blockReason> A bitmap value that lists the
reasons, if any, that the device is
blocked from accessing the
ActiveSync server. The possible
values are described in 5.2
Compliance, quarantinedStatus,
and blockReason values.
<clientId>1073741831</clientId> For MOBILEIRON CORE internal
use.
<compliance>0</compliance> A bitmap value that lists the
reasons, if any, that the device is
out of compliance with its
security policy. The possible
values are described in 5.2
Compliance, quarantinedStatus,
and blockReason values.
<countryCode>1</countryCode> The country code for the device.
<countryId>183</countryId> Country identifier for the device.
MOBILEIRON CORE assigns this
identifier to the country.
<countryName>United States</countryName>
<details> Device details, which consist of
key-value pairs. The set of key-
value pairs vary by the make,
model, and operator of the
device. The set shown is only an
example.

For more information, see 5.3.2

Android Details Key-Value
Descriptions and 5.3.3 iOS Details
Key-Value Descriptions.

If device registration is pending,

then the details section is empty.
<entry>
<key>total_ram_size</key>
<value>109.74M</value>

53
MobileIron Confidential
 </entry>
<entry>
<entry>
<key>device_model</key>
<value>SGH-i617</value>
</entry>
<entry>
<key>platform_name</key>
<value>Windows Mobile 6.1 Standard</value>
</entry>
</details>
<deviceCount>0</deviceCount> Not used. Always 0.
<emailAddress>[email protected]</emailAddress> The user’s email address as
entered during registration.
<emailDomain>mydomain.com</emailDomain> Not used at this time.
<employeeOwned>false</employeeOwned> true - the employee owns the
device.
false - the enterprise owns the
device.

The value is set during

registration and the
administrator can change it.
<homeOperator>Verizon</homeOperator> The service operator for the
device when it is not roaming.
<languageCountryId>183</languageCountryId> The unique identifier for the
country associated with the
language used on the device. For
example, there would be a
different ID for a Canadian French
language device when compared
to a device from France.

MobileIron Core assigns this

identifier to the country.
<languageId>1</languageId> The unique identifier for the
language used on the device.
<lastConnectedAt>2011-07-08T01:52:33+00:00</lastConnectedAt> The date and time that the device
last made successful contact with
the MobileIron server.

For iOS devices that have iOS

MDM enabled, this value is the
54
MobileIron Confidential
 time of the last iOS MDM
checkin.
<manufacturer>Research In Motion</manufacturer> The device manufacturer as
automatically reported by the
device during registration.
<mdmManaged>false</mdmManaged> Indicates that the MDM profile is
enabled on the device. This field
applies only to iOS devices. For
other devices, the value is always
false.
<mdmProfileUrlId></mdmProfileUrlId> MOBILEIRON CORE internal ID for
its iOS MDM profile information.
<model>8130</model> The model of the device as
automatically reported by the
device during registration.
<name>jdoe:Android 4.4:PDA 2</name> The concatenated name used to
identify the device/user
combination.
<notifyUser>true</notifyUser> true indicates the user should be
notified via SMS and email during
registration.

false indicates the user should

not be notified during
registration.

The notification consists of the

principal name, platform, and
phone number.

<operator>Verizon</operator> Service provider for the device.

The value PDA indicates no
operator is associated with the
device.
<operatorId>4195</operatorId> Identifier of the operator for the
device. MOBILEIRON CORE
assigns this identifier to the
operator.
<phoneNumber>4085551212</phoneNumber> The phone number entered by
the user during registration.
<platform>Android 4.4</platform> String indicating the platform
installed on the device. The
string is specified during

55
MobileIron Confidential
 registration.
<quarantinedStatus>0</quarantinedStatus> A bitmap value that lists the
reasons, if any, that the device is
quarantined. When a device is
quarantined, its configurations
(that is, profiles) have been
removed due to violations with
its security policy.

The possible values are described

in 5.2 Compliance,
quarantinedStatus, and
blockReason values.
<regCount>0</regCount> For Blackberry, after the MobileIron
client is downloaded, the VSP sends
the provisioning SMS message to the
client. If the client fails to connect,
then the VSP resends the message at
a scheduled interval. This value
indicates how many times the VSP
sent the provisioning message to the
client.

<regType>DEFAULT</regType> This value applies only to BlackBerry

devices, indicating the registration
type configured on the VSP. Possible
values are:

DEFAULT: Register/Deploy via

MobileIron

BES: Register via MobileIron, Deploy

via BES

BESAUTO: Register/Deploy via BES

5.x.

registeredAt Lists the date and time of device

registration.

<status>ACTIVE</status> String indicating the current

status of the device with regard
to registration and connection.
See list of valid values above.

56
MobileIron Confidential
<statusCode>97</statusCode> Numeric code defined for the
status. See list of valid values
above.
<userDisplayName>Joe Doe</userDisplayName> The concatenation of the user’s
first name and last name as
defined during registration.
<userFirstName>Joe</userFirstName>
<userLastName>Doe</userLastName>
<userUUID>de398fcb-a3a4-412c-a1dd-9be8bd46e728</userUUID> Internal user ID.

</device>
</devices>
</deviceManagementWebServiceResponse>

6.5 Register a Device

This API registers a device with MobileIron Core. Registering or enrolling a device designates it for
management in MobileIron Core. The action of registering a device accomplishes the following:
• Activates a user associated with the device.
• Makes the device known to the MobileIron system.
• Downloads the MobileIron Client to the device
• Completes an initial scan of the device and synchronizes it to MobileIron Core.
Example:

https://mycore.mobileiron.com/api/v1/dm/register?phoneNumber=4155551212&userI
d=jdoe&platform=A&userFirstName=Joe&userLastName=Doe&userEmailAddress=jdoe@mo
bileiron.com&countrycode=1&operator=Verizon

URI: Register a device.

https://{host-name}/api/v1/dm/register/
Http Method: PUT
Format: xml, json
Request:
phoneNumber Required.
userId Required.
operator String indicating operator. This
field will be updated after
registration if MobileIron Core
can find the operator based on
the phoneNumber entry.
isEmployeeOwned True indicates the device is
owned by the employee.
57
MobileIron Confidential
 False indicates it is owned by the
company. Default is false.
platform Required. Platform or operating
system of the device.
Valid values:
A- Android
I – iOS
E – Windows
M – Windows Phone devices
(WP8, WP8.1)
L- Mac OS X
deviceType Device type can be a phone or
PDA.
Valid values : Phone, PDA
If device is a PDA, then phone
number is optional.
importUserFromLdap True – import the matching user
from LDAP.
False –create a local user.

If a local user does not exist with

the input userid, then a new local
user is created. For local users,
first name, last name, and email
address are required.

MobileIron Core sets the

password for a new local user to
the userid.
userFirstName Required for local user. User’s
first name.
userLastName Required for local user. User’s
last name.
userEmailAddress Required for local user. User’s
email address.
notifyUser True indicates user should be
notified of registration by
email/SMS.
False indicates user should not be
notified.
countryCode Required. Country code of the
operator.

58
MobileIron Confidential
Response Status Code:
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<phoneNumber>14085551212</phoneNumber> Phone number registered.
<registration>
<messages/>
<deviceUuid>caba40e7-f56b-44aa-ac70- Alpha-numeric string that
79e32e91adf8</deviceUuid> uniquely identifies the device.
<messages/> Status Message.
Success is shown if the method
execution is successful.

A descriptive error message is

shown if the method execution
failed.
<status>SUCCESS</status> See “Status and statusCode
values”.
<passcode>63460</passcode> 5-digit numeric passcode needed
during registration validation. If
the passcode is not applicable for
the operating system, it will be
empty.
<passcodeTTL>120</passcodeTTL> Number of hours the passcode is
valid.
<registrationUrl>http://app16.mobileiron.com:8080/v/75b13</regi URL provided to the user. User
strationUrl> enters a passcode to verify the
device registration and the client
begins to download.
</registration>
</deviceManagementWebServiceResponse>

6.6 Retire a Device

This API retires a device. Devices are retired based on a unique device ID (uuid).

Examples:

https://mycore.mobileiron.com/api/v1/dm/devices/retire/ee8198d9-5d79-4961-
94c4-e21bf04b2467?Reason=User%20replaced%20device

59
MobileIron Confidential
https://mycore.mobileiron.com/api/v1/dm/devices/retire/mac/38AA3C62BFAD?Reaso
n=User%20replaced%20device

1. URI: Device with the input device

https://{host-name}/api/v1/dm/devices/retire/{deviceuuid} uuid is retired
Http Method: PUT
Format: xml, json
Request:
Device uuid Required. Unique ID of the
device. This ID can be retrieved in
the response of other API calls,
such as Device Registration or
Get Device Details.
Reason Free form text field (512
character limit) to display reason
why the device is being retired.

2. URI: Device with the input Wi-Fi MAC

https://{host- address is retired.
name}/api/v1/dm/devices/retire/mac/{macaddress}
Http Method: PUT
Format: xml, json
Request:
macAddress Required.
Reason Free form text field (512
character limit) to display reason
why the device is being retired.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<messages>
<message> Device is retired successfully.</message> Status Message.
Success is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
60
MobileIron Confidential
<deviceUuid>caba40e7-f56b-44aa-ac70- Unique device ID.
79e32e91adf8</deviceUuid>
< /deviceManagementWebServiceResponse>

6.7 Lock a Device

This API locks a device, which typically forces the user to enter a passcode (either a user-generated or
MobileIron-generated password) to access the device and prevents the user from reversing this
restriction. Devices are locked based on unique device ID (uuid). As all mobile operating systems
behave differently, refer to the Administration Guide for details on lock support.

Examples:

https://mycore.mobileiron.com/api/v1/dm/devices/lock/ee8198d9-5d79-4961-94c4-
e21bf04b2467?Reason=User%20lost%20device

https://mycore.mobileiron.com/api/v1/dm/devices/lock/mac/38AA3C62BFAD?Reason=
User%20lost%20device

1. URI: Device with the input device

https://{host-name}/api/v1/dm/devices/lock/{deviceuuid} uuid is locked.
Http Method: PUT
Format: xml, json
Request:
Device UUID Required. Unique ID of the
device. This ID is sent in the
response of the Registration API.
Reason Required. Free form text field
(512 character limit) to display
reason why the device is being
locked.

1. URI: Device with the Wi-Fi MAC

https://{host-name}/api/v1/dm/devices/lock/mac/{macaddress} address is locked.
Http Method: PUT
Format: xml, json
Request:
macAddress Required.
Reason Required. Free form text field
(512 character limit) to display
reason why the device is being
locked.

61
MobileIron Confidential
Response Status Code:
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<messages>
<message>Device is locked successfully.</message> Status Message.
Success is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>

<deviceUuid>caba40e7-f56b-44aa-ac70- Unique device ID.

79e32e91adf8</deviceUuid>
This field is not included for
Android and iOS devices.
<unlockpasscode>12345</unlockpasscode> Passcode to unlock the device. If
this is missing, then the device
was most likely locked with the
user-set passcode.

This field is not included for

Android and iOS devices.
< /deviceManagementWebServiceResponse >

6.8 Unlock a Device

This API unlocks a device.

On Android and iOS devices, unlocking the device clears its passcode.

On Blackberry devices, when a device without a user-generated passcode is locked, a special MobileIron
passcode must be generated and shared with the user to unlock the device. A special passcode may be
generated based on unique device ID (uuid). For those device, this API returns the unlock passcode.

Refer to the MobileIron Core Administration Guide for details on unlock support.

Examples:

62
MobileIron Confidential
https://mycore.mobileiron.com/api/v1/dm/devices/unlock/ee8198d9-5d79-4961-
94c4-e21bf04b2467?Reason=User%20forgot%20password

https://mycore.mobileiron.com/api/v1/dm/devices/unlock/mac/38AA3C62BFAD?Reaso
n=User%20forgot%20password

1.URI: Unlock passcode for the device

https://{host-name}/api/v1/dm/devices/unlock/{deviceuuid} with the input device uuid is
returned.
Http Method: GET
Format: xml, json
Request:
Device UUID Required. Unique ID of the
device. This ID is sent in the
response of the Registration API.
Reason Required. Free form text field
(512 character limit) to display
reason why the device is being
unlocked.

2.URI: Unlock passcode for the device

https://{host- with the input device Wi-Fi MAC
name}/api/v1/dm/devices/unlock/mac/{macaddress} address is returned.
Http Method: GET
Format: xml, json
Request:
macAddress Required.
Reason Required. Free form text field
(512 character limit) to display
reason why the device is being
unlocked.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<messages>
<message>1 passcode(s) sent.</message> Status Message.
Passcode count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
63
MobileIron Confidential
 failed.
</messages>

<passcodes>
<passcode>
<uuid>cf667a65-1e1a-4121-af63-398b11540d2f</uuid> Unique device ID.
<name> jdoe:Android:6505551212</name> Username:Platform:
phonenumber string to help
distinguish between a user’s
multiple devices.
<value>6910</value> For iOS devices:

Q – The device is MDM managed

and has a passcode.
F – The device is MDM managed
but has no passcode.
NA – The device is not MDM
managed. Unlock is not possible.

For Android devices:

Q – The device has a passcode.
F – The device has no passcode.
NA – Unlock failed.

For Blackberry devices:

Passcode to unlock the device. If

value is empty, then the device
was most likely locked with the
user-set passcode.
</passcode>
</passcodes>
< /deviceManagementWebServiceResponse >

6.9 Wipe a Device

This API wipes a device, which returns its settings to the factory defaults. Once wiped, device status
changes to “Wiped,” and the only valid action to apply is Retire. A wipe call is based on a unique device
ID (uuid).

Example:

64
MobileIron Confidential
https://mycore.mobileiron.com/api/v1/dm/devices/wipe/ee8198d9-5d79-4961-94c4-
e21bf04b2467?Reason=Device%stolen

https://mycore.mobileiron.com/api/v1/dm/devices/wipe/38AA3C62BFAD?Reason=
Device%stolen

1.URI: Device with the input device

https://{host-name}/api/v1/dm/devices/wipe/{deviceuuid} uuid is wiped.
Http Method: PUT
Format: xml, json
Request:
Device UUID Required. Unique ID of the
device. This ID is sent in the
response of the Registration API.
Reason Free form text field (512
character limit) to display reason
why the device is being wiped.

2.URI: Device with the input device Wi-

https://{host-name}/api/v1/dm/devices/wipe/mac/{macaddress} Fi MAC address is wiped.
Http Method: PUT
Format: xml, json
Request:
macAddress Required.
Reason Free form text field (512
character limit) to display reason
why the device is being wiped.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
< deviceManagementWebServiceResponse>
<messages>
<message></message> Status Message.
Success is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>

<deviceUuid>caba40e7-f56b-44aa-ac70- Unique device ID.

65
MobileIron Confidential
79e32e91adf8</deviceUuid>
< /deviceManagementWebServiceResponse>

6.10 Wakeup Client

This API forces a device to connect to MobileIron Core, waking up the MobileIron Client. A wakeup call
is based on a unique device ID (uuid).

Examples:

https://mycore.mobileiron.com/api/v1/dm/devices/wakeup/ee8198d9-5d79-4961-
94c4-e21bf04b2467

https://mycore.mobileiron.com/api/v1/dm/devices/wakeup/mac/38AA3C62BFAD
1.URI: Request to wake up is sent to
https://{host-name}/api/v1/dm/devices/wakeup/{deviceuuid} device with the input device
uuid.
Http Method: GET
Format: xml, json

2.URI: Request to wake up is sent to

https://{host- device with the input Wi-Fi MAC
name}/api/v1/dm/devices/wakeup/mac/{macaddress} address.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.

Response:
< deviceManagementWebServiceResponse>
<messages>
<message>Wake up request sent to device with uuid:cf667a65- Status Message.
1e1a-4121-af63-398b11540d2f</message> Success is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>

<deviceUuid>caba40e7-f56b-44aa-ac70- Unique device ID.

66
MobileIron Confidential
79e32e91adf8</deviceUuid>
< /deviceManagementWebServiceResponse>

6.11 Locate a Device

The MobileIron Client periodically records cell tower location information. When this API is used, the
last known location of the device is returned based on requested unique device ID (uuid). If needed, this
API will remotely turn on a device’s GPS. To find the current location of the device:

1. Call this API with locatenow=true. This will send a request to the device to determine the
current location. This process might take between a few seconds and 1 minute.
2. Call the locate API again after a few minutes without the locatenow parameter . This will return
the current location found from step 1. If the current location could not be determined it will
return the last known location.

Examples:

https://mycore.mobileiron.com/api/v1/dm/devices/locate/ee8198d9-5d79-4961-
94c4-e21bf04b2467

https://mycore.mobileiron.com/api/v1/dm/devices/locate/mac/38AA3C62BFAD

https://mycore.mobileiron.com/api/v1/dm/devices/locate/ee8198d9-5d79-4961-
94c4-e21bf04b2467?locatenow=true

1.URI: Location of the device with the

https://{host-name}/api/v1/dm/devices/locate/{deviceuuid} input device uuid is returned.
Http Method: GET
Format: xml, json
Request:
Device UUID Required. Unique ID of the
device. This ID is sent in the
response of the Registration API.
locatenow Optional. True or false. Defaults
to false. See step 1 in the
explanation above. This
parameter does not apply to iOS.

2.URI: Location of the device with the

https://{host- input Wi-Fi MAC address is
name}/api/v1/dm/devices/locate/mac/{macaddress} returned.
Http Method: GET
Format: xml, json

67
MobileIron Confidential
Request:
macAddress Required.
locatenow Optional. True or false. Defaults
to false. See step 1 in the
explanation above. This
parameter does not apply to iOS.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
< deviceManagementWebServiceResponse >
<deviceUuid>cf667a65-1e1a-4121-af63- Unique Device ID.
398b11540d2f</deviceUuid>
<messages>
<message></message> Status Message.
Success is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<locations>
<location>
<uuid>cf667a65-1e1a-4121-af63-398b11540d2f</uuid> Unique Device ID.
<lookupResult>Cell</lookupResult> Value returned describes how
location was retrieved. Valid
values:
LookupFailure: unable to retrieve
the location of the device.
GPS: location retrieved using the
GPS of the device.
Cell: location retrieved using cell
towers.
<latitude>37.386433</latitude> Latitude of the location of the
device.
<longitude>-122.053902</longitude> Longitude of the location of the
device.
<radius>1500</radius>
<capturedAt>1285802663000</capturedAt> Time when the location of the
device was captured in epoch
format.
68
MobileIron Confidential
</location>
</locations>
<locateNow>false</locateNow>
< /deviceManagementWebServiceResponse>

6.12 Enable Roaming

This API enables or disables voice and data roaming on an iOS 5 device. However, note the following:

• Voice roaming is available only on certain carriers. If you use this API to enable voice roaming on
a device, the API returns success regardless of whether voice roaming is available on that
device’s carrier.
• If you disable voice roaming, you are also disabling data roaming, even if you specify true
(enable) for the data roaming query parameter.
• The API returns success regardless of whether the device supports the setting. To see whether a
device has data or voice roaming enabled, see the Voice Roaming Enabled and
DataRoamingEnabled fields in the response to a Get Device API. See 5.3.3 iOS Details Key-
Value Descriptions.

Example:

https://mycore.mobileiron.com/api/v1/dm/devices/enableroaming/ee8198d9-5d79-
4961-94c4-e21bf04b2467?voice=true&data=false

URI: The specified deviceuuid

https://{host- indicates the device on which to
name}/api/v1/dm/devices/enableroaming/{deviceuuid} change roaming settings.
Http Method: PUT
Format: xml, json
Request:
deviceuuid Required. Unique ID of the iOS
device. This ID can be retrieved in
the response of other API calls,
such as 5.3 Get Devices by Status.
voice Required. This parameter is a
query parameter.

Set to true to enable voice

roaming.
Set to false to disable voice
roaming.

69
MobileIron Confidential
data Required. This parameter is a
query parameter.

Set to true to enable data

roaming.
Set to false to disable data
roaming.

If you set the voice parameter to

false, data roaming is disabled
even if you set the data
parameter to true.
Response Status Code:
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<deviceUuid>
190eb32e-32e1-4fe2-baa1-06a4488aaa4c
</deviceUuid>
<messages>
<message> Status message for voice
Device voice roaming settings updated successfully. The voice roaming.
roaming setting is available only on certain carriers. Disabling voice
roaming also disables data roaming. Success is shown if the method
</message> execution is successful.
A descriptive error message is
shown if the method execution
failed.
<message> Status message for data roaming.
Device data roaming settings updated successfully.
</message> Success is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
< /deviceManagementWebServiceResponse>

70
MobileIron Confidential
6.13 Get all Labels
Using labels is the method by which devices are grouped in the MobileIron database. Labels can be
used for applying policies or performing other management tasks on multiple devices. An administrator
can create labels in addition to a default set supplied in MobileIron Core. This API lists all labels,
whether or not they are in use.

Example:

https://mycore.mobileiron.com/api/v1/dm/labels

URI: All labels in the database are

https://{host-name}/api/v1/dm/labels returned.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
< deviceManagementWebServiceResponse >
<messages>
<message>1 Label (s) returned</message> Status message.
A label count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<labels>

<label id=”-3”> Internal database ID.

Negative numbers correspond to
the default labels.
Positive numbers correspond to
labels that MobileIron Core
administrator added.

<name>iOS</name> Label name.

<description>Label for all iOS devices.</description> Label description.

71
MobileIron Confidential
 <staticLabel>false</staticLabel> Static labels are system created
labels.
False indicates a dynamic label.
Devices which satisfy the criteria
specified in <searchCriteria> are
automatically added to this label.
True indicates a static label,
which has no <searchCriteria>
Devices are manually assigned to
static labels.
<query>
&quot;common.platform&quot;=&quot;iOS&quot; AND
&quot;common.retired&quot;=false
</query>
<deviceCount>3</deviceCount> The number of devices currently
assigned to the label.
<isESSearch>116</isESSearch>
<label>
</labels>
< /deviceManagementWebServiceResponse>

6.14 List of Labels for a Device

A device may be applied to one or more labels. This API gets the list of all labels to which a unique
device ID is assigned.

Example:

https://mycore.mobileiron.com/api/v1/dm/labels/devices/12849438-0d74-3c30-
6b7d-121a3da8645d

URI: All labels assigned to uuid are

https://{host-name}/api/v1/dm/labels/devices/{deviceuuid} returned.
Http Method: GET
Format: xml, json

Request:
Device UUID Required. Unique ID of the
device. This ID is sent in the
response of the Registration API.

Response Status Code:

72
MobileIron Confidential
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
< deviceManagementWebServiceResponse >
<messages>
<message>1 Label (s) returned</message> Status message.
Label count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<labels>
<label id=”-3”>
<name>Android</name>
<description>Label for all Android Phones.</description>
<staticLabel>false</staticLabel>
<deviceCount>0</deviceCount>
<isESSearch>116</isESSearch>
<label>
</labels>
< /deviceManagementWebServiceResponse>

6.15 Apply Labels to a Device

Using labels is the method by which devices are grouped in the MobileIron database. Labels can be used
for applying policies or performing other management tasks on multiple devices. MobileIron provides a
set of default labels that you can apply to devices. You can also create your own labels using the Admin
Portal (refer to the MobileIron Administration guide for instructions). Using this API, you can:
• apply a label to a device
• apply a label to multiple devices
• apply multiple labels to one device
• apply multiple labels to multiple devices
The API response contains error messages in these situations:
• The request contains an invalid device uuid.
• The request contains an invalid label.
• A label in the request is already applied to the device.

Examples:

Apply one label named TestLabel to one device:

73
MobileIron Confidential
https://mycore.mobileiron.com/api/v1/dm/labels/TestLabel/bdcbdf2e-a64f-41ac-
800c-f834eb8869e2?action=apply

Apply two labels, named TestLabel1 and TestLabel2, to one device:

https://mycore.mobileiron.com/api/v1/dm/labels/TestLabel1,TestLabel2/bdcbdf2e
-a64f-41ac-800c-f834eb8869e2?action=apply

Apply two labels, named TestLabel1 and TestLabel2, to two devices.

https://mycore.mobileiron.com/api/v1/dm/labels/TestLabel1,TestLabel2/bdcbdf2e
-a64f-41ac-800c-f834eb8869e2,3eaab11d-0437-4528-a0db-
0713f75a701b?action=apply

URI: All labels assigned to uuid are

https://{host-name}/api/v1/dm/labels/{label}/{deviceUuid} returned.

Http Method: PUT

Format: xml, json

Request:
label Required.

The name of the label to be

applied. When applying multiple
labels to a device, separate each
label with a comma, e.g.,
LabelOne,LabelTwo,LabelThree.

deviceUuid Required.

The device Uuid to which the label

is to be applied. When a label is
applied to multiple devices,
separate each Uuid with a
comma, e.g., b0bbcd5c-09ed-
4de0-97b5-
5bb18056b177,893e11e4-2281-
43af-85e7-33dde660316d

Note: Do not put spaces between

74
MobileIron Confidential
 commas.

action= Required. This parameter is a

query parameter:

?action=apply

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<messages>
<message>Label(s) applied to device(s).</message>
<SucceededLabels>
<succeededLabel>
<label>Executive</label>
<device>
<uuid> a7f4ce8e-e6de-4a0a-b487-a32a63840e32</uuid>
</device>
</succeededLabel>
</SucceededLabels>
<deviceManagementWebServiceResponse>

6.16 Remove Labels from a Device

Use this API to remove:
• one label from one device
• multiple labels from one device
• one label from multiple devices
• multiple labels from multiple devices
The API response contains error messages in these situations:
• The request contains an invalid device uuid.
• The request contains an invalid label.
• A label in the request is not applied to one or more of the specified devices.

Examples:
75
MobileIron Confidential
Remove one label named TestLabel from one device:

https://mycore.mobileiron.com/api/v1/dm/labels/TestLabel/bdcbdf2e-a64f-41ac-
800c-f834eb8869e2?action=remove

Remove two labels, named TestLabel1 and TestLabel2, from one device:

https://mycore.mobileiron.com/api/v1/dm/labels/TestLabel1,TestLabel2/bdcbdf2e
-a64f-41ac-800c-f834eb8869e2?action=remove

Remove two labels, named TestLabel1 and TestLabel2, from two devices.

https://mycore.mobileiron.com/api/v1/dm/labels/TestLabel1,TestLabel2/bdcbdf2e
-a64f-41ac-800c-f834eb8869e2,3eaab11d-0437-4528-a0db-
0713f75a701b?action=remove

URI: All labels assigned to uuid are

https://{host-name}/api/v1/dm/labels/{label}/{deviceUuid} returned.

Http Method: PUT

Format: xml, json

Request:
label Required.

The name of the label to be

removed. When removing
multiple labels to a device,
separate each label with a
comma, e.g.,
LabelOne,LabelTwo,LabelThree.

deviceUuid Required.

The device Uuid from which the

label is to be removed. When a
label is removed from multiple
devices, separate each Uuid with
a comma, e.g., b0bbcd5c-09ed-
4de0-97b5-
5bb18056b177,893e11e4-2281-

76
MobileIron Confidential
 43af-85e7-33dde660316d

Note: Do not put spaces between

commas.

action= Required. This parameter is a

query parameter:

?action=remove

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<deviceManagementWebServiceResponse>
<messages>
<message>Label(s) removed from device(s).</message>
<SucceededLabels>
<succeededLabel>
<label>Executive</label>
<device>
<uuid> a7f4ce8e-e6de-4a0a-b487-a32a63840e32</uuid>
</device>
</succeededLabel>
</SucceededLabels>
<deviceManagementWebServiceResponse>

6.17 List of Operators

MobileIron retains a default list of operators for use during device registration. Operators may be
enabled or disabled by an administrator. This API returns a complete list of all operators, regardless of
whether they are used.

Example:

https://mycore.mobileiron.com/api/v1/dm/operators

URI: All operators defined in

77
MobileIron Confidential
https://{host-name}/api/v1/dm/operators database are returned.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
< deviceManagementWebServiceResponse >
<messages>
<message>1 Operator (s) returned</message> Status message.
Operator count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<operators>
<operator>
<carrierShortName>AT&amp;T</carrierShortName> Operator name.
<carrierType>Mobile</carrierType> Mobile: Operator provides
mobile services.
Fixed: Operator provides fixed
telecom services.
<countryCode>1</countryCode> Numeric country code.
<countryId>183</countryId> Country identifier for the device.
MOBILEIRON CORE assigns this
identifier to the country.
<countryName>United States</countryName> Country name.

<enabled>true</enabled> True indicates the operator is

enabled (configured for display)
in the registration screen.
False indicates the operator is
disabled.
<id>269</id> Unique operator identifier in the
database.
</operator>
</operators>
< /deviceManagementWebServiceResponse>

78
MobileIron Confidential
6.18 List of Countries
MobileIron retains a default list of countries in the database. A country selection populates the country
code field. This API provides a complete list of all defined countries, regardless of whether they are
used. This list of countries is used during device registration.

Example:

https://mycore.mobileiron.com/api/v1/dm/countries

URI: All countries defined in the

https://{host-name}/api/v1/dm/countries database are returned.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
< deviceManagementWebServiceResponse >
<messages>
<message>2 Countries returned</message> Status Message.
Country count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<countries>

<country>
<countryName>United States</countryName> Country name.
<countryCode>1</countryCode> Numeric country code.
<isoAlpha2Code>US</isoAlpha2Code> ISO Alpha 2 country code.
<enabledForRegistration>102</enabledForRegistration> Whether the MobileIron Core
administrator enabled the
country for registration.
102 means disabled.
116 means enabled.

Note: 116 is the ASCII value for

‘t’, which stands for true, and 102
79
MobileIron Confidential
 is the ASCII value for ‘f’, which
stands for false.
</country>

<country>
<countryName>India</countryName>
<countryCode>91</countryCode>
<isoAplha2Code>IN</isoAplha2Code>
<enabledForRegistration>116</enabledForRegistration>
</country>
</countries>
< /deviceManagementWebServiceResponse>

6.19 Send Action to bulk devices

This request sends an action to multiple devices. The possible actions are:

• Lock or unlock one or more devices.

• Retire one or more devices.
• Wipe one or more devices.
• Wake up the MobileIron client on one or more devices, to force the clients to check in with
MobileIron Core.

MobileIron Core validates that the request has a valid action and valid devices, and then sends the
response. MobileIron Core performs the actions after sending the response. You can view the actions
taken by looking at Logs & Events | All Logs in the Admin Portal.

If the requested action is invalid, MobileIron Core sends a response so indicating. If some devices are
invalid, the response lists them, but MobileIron Core will still take the action on the valid devices.

Note: The UNLOCK bulk request is the exception. In this case, MobileIron Core performs the action
before sending the response.

Example:

A LOCK request on two valid devices:

https://mycore.mobileiron.com/api/v1/dm/bulk/devices/LOCK?deviceUuids=1ac8bd8
1-4ab9-4e3e-b3a8-0c4f70521d23&deviceUuids=ab7e93f4-90e2-485b-82b9-
7a030ef7d985

The resulting response:

80
MobileIron Confidential
<deviceManagementWebServiceResponse>
<messages/>
</deviceManagementWebServiceResponse>

URI:
https://{host-name}/api/v1/dm/bulk/devices/{actiontype}
Http Method: POST
Format: xml, json

Request:
actiontype Required.
Specify one of these action types:
LOCK
UNLOCK
WAKEUP_DEVICE
RETIRE
WIPE

Note: These values are all capital

letters.
deviceUuids Required.

List each device uuid as a query

parameter that has the name
deviceUuids. By default, the
maximum number of device
uuids you can list is 20,000.

You can configure this value by

setting the variable
bulk.api.maxdeviceuuids in the
file mifs.properties. This file is
located in the directory
/mi/tomcat-properties in the
Linux system in which MobileIron
Core is running.

Warning: The name of the

parameter is deviceUuids, with
an “s” at the end.
Response Status Code:
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
81
MobileIron Confidential
Response:
< deviceManagementWebServiceResponse >
<messages> Status information, if any. Also
specifies errors in the request, if
any.

If MobileIron Core has no status

or errors to report, this field is
empty.
<message>Invalid action</message> If you do not capitalize the action
or misspell it, this field contains
the value “Invalid action”.
<invalidDevices> If the request contains one or
more invalid device uuids, this
field lists them.
<uuid> 1ac8bd81-4ab9-4e3e-b3a8-0c4f70521d23</uuid>
<uuid> 623094f9-645b-4ecf-8840-78597cc1254b</uuid>
</invalidDevices>
<passcodes> Only for the UNLOCK action.
<passcode>
<uuid>1ac8bd81-4ab9-4e3e-b3a8-0c4f70521d23</uuid> The device uuid.
<name>jdoe:Android:6505551212</name> The concatenation of the device’s
user’s name, device platform, and
phone number.
<value>Q</value> For iOS devices:

Q – The device is MDM managed

and has a passcode.
F – The device is MDM managed
but has no passcode.

For Android devices:

Q – The device has a passcode.
F – The device has no passcode.

For Blackberry devices:

Passcode to unlock the device. If

value is empty, then the device
was most likely locked with the
user-set passcode.
</passcode>
</passcodes>

82
MobileIron Confidential
<failedDevices> Only for the UNLOCK action.
<message>
Message contents indicates the
device for which the unlock
failed.
</message>
</failedDevices>
< /deviceManagementWebServiceResponse>

6.20 Send message to devices

This request sends a message to one or more devices using email, SMS or push notification (e.g., APNS).

MobileIron Core validates that the request has valid devices, and then sends the response. MobileIron
Core sends the messages to the devices after sending the response. You can view the results of sending
the messages by looking at Logs & Events | All Logs in the Admin Portal.

If some devices are invalid, the response lists them, but MobileIron Core will still send the message to
the valid devices.

Examples:

Send an SMS to two devices based on UDID.

https://app027.auto.mobileiron.com/api/v1/dm/bulk/sendmessage?mode=sms&messag
e=Hello World&deviceUuid=e6d4f5f0-d883-41d2-8e87-
c76fb4ef4cde&deviceUuid=54bc5eb5-592c-472e-98d2-e859bd037fef

The resulting response:

<deviceManagementWebServiceResponse>
<messages/>
<message> Message sent successfully for all devices.</message>
</deviceManagementWebServiceResponse>

Send an SMS to a device based on Wi-Fi MAC address:

https://app027.auto.mobileiron.com/api/v1/dm/bulk/mac/sendmessage?mode=sms&me
ssage=Hello World&deviceWiFiMacAddress=00237696635F

1.URI:
https://{host-name}/api/v1/dm/bulk/sendmessage
Http Method: POST
83
MobileIron Confidential
Format: xml, json

Request:
deviceUuid Required.

List each device uuid as a query

parameter that has the name
deviceUuid. By default, the
maximum number of device
uuids you can list is 20,000.

You can configure this value by

setting the variable
bulk.api.maxdeviceuuids in the
file mifs.properties. This file is
located in the directory
/mi/tomcat-properties in the
Linux system in which MobileIron
Core is running.

Warning: The name of this

parameter is deviceUuid, with no
“s” at the end.
message Required.
subject Valid only when the mode is
email.
mode Required. Possible values:
sms
email
pns (indicates push notification
service)

2.URI:
https://{host-name}/api/v1/dm/bulk/mac/sendmessage
Http Method: POST
Format: xml, json

Request:
deviceWiFiMacAddress Required.

List each Wi-Fi MAC address as a

query parameter that has the
name macAddress.

84
MobileIron Confidential
message Required.
subject Valid only when the mode is
email.
mode Required. Possible values:
sms
email
pns

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
< deviceManagementWebServiceResponse >
<messages>
<message>Message sent successfully for all devices.</message> Status information.

</messages>
<invalidDevices> If the request contains one or
more invalid device uuids, this
field lists them.
<uuid> 1ac8bd81-4ab9-4e3e-b3a8-0c4f70521d23</uuid>
<uuid> 623094f9-645b-4ecf-8840-78597cc1254b</uuid>
</invalidDevices>
</messageSentFailed> Indicates the message was not
sent for at least one specified
device, due to, for example, an
invalid device uuid.
< /deviceManagementWebServiceResponse>

6.21 Get Profiles for a Device

This API returns the configurations and policies for a specified device uuid.

Example:

https://app027.auto.mobileiron.com/api/v1/dm/devices/profiles/e6d4f5f0-d883-
41d2-8e87-c76fb4ef4cde

URI: All profiles applied to the

https://{host-name}/api/v1/dm/devices/profiles/{deviceUuid} specified device are returned.

85
MobileIron Confidential
Http Method: GET

Format: xml, json

Request:
deviceUuid Required.
Unique ID of the device. This ID
can be retrieved in the response
of other API calls, such as Device
Registration or Get Device
Details.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:

<deviceManagementWebServiceResponse>
<messages />
<profiles>
<profile id="-7">
<uuid>misystem-default-docs-policy</uuid>
<name>Default Docs@Work Policy</name>
<policyType>DOCS</policyType>
<status>Applied</status>
<profileType>POLICY</profileType>
<lastUpdatedAt>1347343156739</lastUpdatedAt>
</profile>
<profile id="-3">
<uuid>misystem-default-security-policy</uuid>
<name>Default Security Policy</name>
<policyType>SECURITY</policyType>
<status>Applied</status>
<profileType>POLICY</profileType>
<lastUpdatedAt>1347343165503</lastUpdatedAt>
</profile>
<profile id="-2">
<uuid>misystem-default-privacy-policy</uuid>
<name>Default Privacy Policy</name>
<policyType>PRIVACY</policyType>

86
MobileIron Confidential
<status>Applied</status>
<profileType>POLICY</profileType>
<lastUpdatedAt>1347343156731</lastUpdatedAt>
</profile>
<profile id="-2">
<name> System - iOS MDM</name>
<policyType>MDM</policyType>
<status>Applied</status>
<profileType>APP</profileType>
<lastUpdatedAt>1347343165501</lastUpdatedAt>
</profile>
</profiles>
</deviceManagementWebServiceResponse>

6.22 Re-push Profiles for a Device

This API re-pushes the specified configuration or policy for the device uuid.

Example:

https://app027.auto.mobileiron.com/api/v1/dm/devices/repushprofile/e6d4f5f0-
d883-41d2-8e87-c76fb4ef4cde

https://app386.auto.mobileiron.com/api/v1/dm/devices/repushprofile/1faaaf43-
c99d-4c21-bab4-c9e810bd9606?id=3&type=APP

URI: All profiles applied to the

https://{host-name}/api/v1/dm/devices/repushprofile/ specified device are returned.
{deviceUuid}

Http Method: PUT

Format: xml, json

Request:
deviceUuid Required.
Unique ID of the device. This ID
can be retrieved in the response
of other API calls, such as Device
Registration or Get Device
Details.
id Profile ID. Use the Get Profiles
API to get the profile ID.

87
MobileIron Confidential
type APP for configuration
POLICY for policy

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:

7 Exchange ActiveSync (EAS)

7.1 List All ActiveSync Devices
This API returns a list of ActiveSync unique device IDs (uuid) that use ActiveSync to connect to the
enterprise. Devices are grouped as follows in the return list: Registered Allowed, Registered Blocked,
Unregistered Allowed, Unregistered Blocked, and Wiped.

An administrator may wish to block an ActiveSync device to prevent it from connecting to the enterprise
(i.e., get email). If a device is blocked, any previously synchronized email is removed. Use the allow
feature to permit a device to connect to the enterprise which was previously blocked.

Example:

https://mycore.mobileiron.com/api/v1/eas/devices

URI: All ActiveSync devices are

https://{host-name}/api/v1/eas/devices returned.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<easWebServiceReponse>
<messages>
<message>212 Device(s) returned</message> Status message. Lists the number
of devices found, or that no

88
MobileIron Confidential
 devices were found.
</messages>
<registeredAllowedDevices>
<registeredAllowedDevice> All the child elements of the
<registeredAllowedDevice>
element are also in the
<registeredBlockedDevice>,
<unregisteredAllowedDevice>,
<unregisteredBlockedDevice>,
and <wipedDevice> elements.
<uuid>hdgd-e93c-49b1-88d6-222f54132445</uuid> ActiveSync unique identifier for
the device.
<domain>exchdomain.com</domain> The Exchange ActiveSync domain
of the device.
<deviceId>Appl87025CNUA4S</deviceId> ActiveSync device identifier.
<mailboxId>jdoe113</mailboxId> ActiveSync mailbox ID for the
device.
<userName>jdoe113</username> ActiveSync username associated
with the device.
<phoneNumber>6505551212</phoneNumber> Phone number associated with
the device.
<model>iPhone</model> Device model as recorded by the
ActiveSync server.
<platform>iOS</platform> Device operating system as
recorded by the ActiveSync
server.
<platformCode>11</platformCode> Device operating system code as
recorded by te ActiveSync server.
<status>Registered</status> MobileIron status for the device.
<activeSyncStatus>Allowed</activeSyncStatus> ActiveSync status for the device.
<firstSyncTime>1326179585000</firstSyncTime> The timestamp for the first time
the device synchronized
ActiveSync data. This time field is
expressed in Unix Epoch Time,
which is the number of
milliseconds since January 1,
1970.
<lastSyncTime>1326180768000</lastSyncTime> The timestamp for te last time
the device synchronized
ActiveSync data. This time field is
expressed in Unix Epoch Time,
which is the number of
milliseconds since January 1,

89
MobileIron Confidential
 1970.
<miDeviceUuid>6f72cabb-1d8b-4965-aa8e- MobileIron unique identifier for
a355deab8222</miDeviceUuid> the device.
<actionSource>EXCHANGE</actionSource>
</registeredAllowedDevice> ActiveSync unique identifier for a
registered device with Allowed
status.
</registeredAllowedDevices> A list of ActiveSync unique
identifiers for registered devices
with Allowed status.
<registeredBlockedDevices> A list of ActiveSync unique
identifiers for registered devices
with Blocked status.
<registeredBlockedDevice>
<uuid>hgdgd-fsg-4wfsb1-dgdg-dgfdg</uuid> ActiveSync unique identifier for a
registered device with Blocked
status.
</ registeredBlockedDevice >
</ registeredBlockedDevices>
<unregisteredAllowedDevices> A list of ActiveSync unique
identifiers for unregistered
devices with Allowed status.
<unregisteredAllowedDevice>
<uuid>8herw5345d711cdc-e93c-dfg-hgdf-hssgfd</uuid> ActiveSync unique identifier for
an unregistered device with
Allowed status.
</ unregisteredAllowedDevice >
</ unregisteredAllowedDevices>
<unregisteredBlockedDevices> A list of ActiveSync unique
identifiers for unregistered
devices with Blocked status.
<unregisteredBlockedDevice>
<uuid>34gdrtger-4err-gd-88d6-2fes</uuid> ActiveSync unique identifier for
an unregistered device with
Blocked status.
</ unregisteredBlockedDevice >
</ unregisteredBlockedDevices>
<wipedDevices> A list of ActiveSync unique
identifiers for devices that have
been wiped via ActiveSync wipe.
< wipedDevice >
<uuid>sersdfsc-e93c-49b1-88d6-sg2wefwef</uuid> ActiveSync unique identifier for a
wiped device.
90
MobileIron Confidential
</ wipedDevice >
</ wipedDevices >
</easWebServiceReponse>

7.2 Device Details for ActiveSync

This API returns a variety of details for devices using ActiveSync to connect to the Enterprise. Details
ranging from the first time such device was synced to the ActiveSync version are returned.

Example:

https://mycore.mobileiron.com/api/v1/eas/devices/ee8198d9-5d79-4961-94c4-
e21bf04b2467

URI: Device details of the input

https://{host-name}/api/v1/eas/devices/{EASDeviceUuid} Exchange ActiveSync device uuid
is returned
Http Method: GET
Format: xml, json
Request:
EASDeviceUuid Required. Exchange ActiveSync
device uuid.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<easDevice>
<uuid>f5def24e-4380-4565-bd2f-8cf002fd64cd</uuid>
<details> A series of key/value pairs
determined by ActiveSync.
<entry>
<key>ActionSource</key> EXCHANGE('e', "Exchange"):
Initial state set by the
Exchange server.

AUTOBLOCK('a', "Auto"): state

set by Auto Block action

POLICY('p', "Policy"): state

set by policy enforcement

MANUAL('m', "Manual"): state

91
MobileIron Confidential
 set manually by administrator

UNKNOWN('u', "Unknown")

<value>Exchange</value>
</entry>
<entry>
<key>LastPingHeartbeat</key>
<value>600</value>
</entry>
<entry>
<key>DeviceID</key>
<value>Appl9C0180RF75J</value>
</entry>
<entry>
<key>FirstSyncTime</key>
<value>7/6/2010 11:29:33 AM</value>
</entry>
<entry>
<key>DevicePolicyApplicationStatus</key>
<value>AppliedInFull</value>
</entry>
<entry>
<key>LastSyncAttemptTime</key>
<value>7/7/2010 12:14:52 PM</value>
</entry>
<entry>
<key>NumberOfFoldersSynced</key>
<value>2</value>
</entry>
<entry>
<key>DeviceType</key>
<value>iPod</value>
</entry>
<entry>
<key>DeviceModel</key>
<value>iPod</value>
</entry>
<entry>
<key>DeviceUserAgent</key>
<value>Apple-iPod/705.18</value>
</entry>
<entry>
92
MobileIron Confidential
<key>Status</key>
<value>DeviceOk</value>
</entry>
<entry>
<key>Guid</key>
<value>61a8a847-8e3b-4496-8da6-587b845b77cf</value>
</entry>
<entry>
<key>DeviceAccessState</key>
<value>Allowed</value>
</entry>
<entry>
<key>DeviceEnableOutboundSMS</key>
<value>False</value>
</entry>
<entry>
<key>Identity</key>
<value>newyork.mobileiron.com/Users/Sang
Truong/ExchangeActiveSyncDevices/iPod§Appl9C0180RF75J</value
>
</entry>
<entry>
<key>DeviceAccessStateReason</key>
<value>Individual</value>
</entry>
<entry>
<key>DevicePolicyApplied</key>
<value>Default</value>
</entry>
<entry>
<key>LastPolicyUpdateTime</key>
<value>7/6/2010 11:29:34 AM</value>
</entry>
<entry>
<key>IsRemoteWipeSupported</key>
<value>True</value>
</entry>
<entry>
<key>LastSuccessSync</key>
<value>7/7/2010 12:14:52 PM</value>
</entry>
<entry>
93
MobileIron Confidential
<key>RecoveryPassword</key>
<value>********</value>
</entry>
<entry>
<key>DeviceActiveSyncVersion</key>
<value>12.1</value>
</entry>
</details>
</easDevice>

7.3 Request Action on ActiveSync Device

This API requests status changes to devices using ActiveSync to connect to the Enterprise.

Example:

https://mycore.mobileiron.com/api/v1/eas/devices?action=BLOCK_DEVICE&uuids=ee
8198d9-5d79-4961-94c4-e21bf04b2467&uuids=fe816c9-4c68-3850-83b3-d10ae93a1356

URI: The requested action will be

https://{host-name}/api/v1/eas/devices applied on the device.
Http Method: PUT
Format: xml, json
Request:
uuids Required.
One or more Exchange
ActiveSync device uuids.
action Required.
Valid Actions are:
BLOCK_DEVICE: Block the device
from accessing ActiveSync server.
REINSTATE_DEVICE: Allow the
device to access ActiveSync
server.
WIPE: Wipe the device, which
returns its settings to the factory
defaults.
Response Status Code:
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.

94
MobileIron Confidential
Response:
<easWebServiceResponse>
<messages>
<message>
1 device(s) modified to BLOCK_DEVICE status Status message. Displays action
taken on EAS device.
</ message >
</messages>
</easWebServiceResponse>

8 Security Management
The Security Management API addresses authentication tasks. These tasks apply to both local users and
LDAP users.

8.1 Update Password for a User

This API changes the password for a single user.

Example:

https://mycore.mobileiron.com/api/v1/sm/authentication/users/jdoe

For security reasons, include the old and new passwords in the HTTP request body rather than as query
parameters. For example:

PUT /api/v1/sm/authentication/users/jdoe HTTP/1.1

Host: mycore.mobileiron.com
Content-Length: 44
Accept: application/json
Authorization: Basic amRvZTphYmNkMTIzNA==
Content-Type: application/x-www-form-urlencoded
oldpassword=abcd1234&newpassword=wxy!13579

URI: Updates password for input

https://{host-name}/api/v1/sm/authentication/users/{username} username.
Http Method: PUT
Format: xml, json
Request:
username Required.

Unique login user name.

oldpassword Current password of the user.
95
MobileIron Confidential
 Note: For security reasons,
include this parameter in HTTP
request body.

Required only if the MobileIron

Core setting to save the user
password is set to Yes. You can
set this value in the Admin Portal,
using Settings | Preferences.

When oldpassword is required,

make sure that the value you
provide in the request is correct.
If it is not included or is not
correct, the response contains a
failure message.

Note: When you create a local

user using the API to Register a
Device, MobileIron Core sets the
user’s password to the user ID
(called username in this request).
newpassword Required.

New password of the user.

The password must be between 8

and 20 characters.

Note: For security reasons,

include this parameter in HTTP
request body.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<securityManagementWebServiceResponse>
<userName>jdoe</userName>
<messages>
<message>

96
MobileIron Confidential
Password changed successfully for user: jdoe Status Message.
Success shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</ message >
</messages>
</securityManagementWebServiceResponse>

8.2 Upload certificate for a User

This API uploads a certificate for a single user. If a new certificate is uploaded again for the same user it
will be overwritten.

Important: The content type must be set correctly.

Examples:

https://mycore.mobileiron.com/api/v1/sm/certificates/upload/jdoe

URI: Updates password for input

https://{host-name}/api/v1/sm/certificates/upload/{username} username.
Http Method: POST
Format: xml, json
Headers
Content-Type multipart/form-data
Request:
filename Required.

Certificate file to be uploaded.

password Required.
certtype Optional.
Valid values:
ALL – can be used for all types of
AppSettings
WIFI – used for Wifi settings
VPN – used for VPN settings
SMIMESIGNING – used for
S/MIME signing certificate
settings
SMIMEENCRYPTION – used for
97
MobileIron Confidential
 S/MIME encryption certificate
settings
EMAIL – used for Email settings
EXCHANGE – used for Exchange
settings.
If certtype is not set for a
certificate, it defaults to ‘ALL’
filename1 Optional. Certificate file to be
uploaded.
password1 Optional. Password associated
with the certificate.

Note: For security reasons,

include this parameter in HTTP
request body.
certtype1 Optional. See certtype above.
Multiple sets of filename, password and certtype can be
uploaded. filename2, password2, certtype2 etc.
Response Status Code:
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<securityManagementWebServiceResponse>
<messages>
<message>
Certificate File:mobileironcert.p12 uploaded
successfully.
</message>
</messages>
</securityManagementWebServiceResponse>

8.3 Delete certificate for a User

This API deletes all the certificates for a single user.

Example:

https://mycore.mobileiron.com/api/v1/sm/certificates/delete/jdoe

98
MobileIron Confidential
URI: Updates password for input
https://{host-name}/api/v1/sm/certificates/delete/{username} username.
Http Method: POST
Format: xml, json
Request:

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<securityManagementWebServiceResponse>
<messages>
<message>
Certificates deleted succcessfully for
user:miadmin
</message>
</messages>
</securityManagementWebServiceResponse>

8.4 Get certificate for a User

This API shows the certificate for a single user.

Example:

https://mycore.mobileiron.com/api/v1/sm/certificates/list/jdoe

URI: Updates password for input

https://{host-name}/api/v1/sm/certificates/list/{username} username.
Http Method: GET
Format: xml, json
Request:

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<securityManagementWebServiceResponse>

99
MobileIron Confidential
 <messages>
<message>
Found 1 Certificate(s) for user:miadmin
</message>
<message>
Certificate Info:Serial No:114379182501950,
Expires at:Sun Mar 03 19:40:41 UTC 2013,
Version:3, Algorithm:SHA1withRSA,
Issuer:SERIALNUMBER=07969287, CN=Go Daddy Secure
Certification Authority,
OU=http://certificates.godaddy.com/repository,
O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona,
C=US, Subject:CN=*.mobileiron.com, OU=Domain
Control Validated, O=*.mobileiron.com
</message>
</messages>
</securityManagementWebServiceResponse>

8.5 Find a User

This API finds a single user by username or email address. User details will be returned only if the search
finds an exact match of the username or email address.

Example:

https://mycore.mobileiron.com/api/v1/sm/users/jdoe

URI: Finds the user specified for input

https://{host-name}/api/v1/sm/users/{username} username or email address
Http Method: GET
Format: xml, json
Request:

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<securityManagementWebServiceResponse>
<userName>miadmin</userName>
<messages/>
<user id="9001">
<uuid>f89d8cbf-59d7-47e6-97c2-4681ed8f954a</uuid>
<principal>miadmin</principal>
<createdAt>1374085200000</createdAt>
100
MobileIron Confidential
 <displayName>miadmin</displayName>
<email>[email protected]</email>
<enabled>true</enabled>
<firstName>miadmin</firstName>
<forcePasswordChange>false</forcePasswordChange>

<googleAppsEncryptionAlgVersion>0</googleAppsEncryptionAlgV
ersion>

<lastAdminPortalLoginTime>1374178220915</lastAdminPortalLo
ginTime>
<lastName></lastName>
<opaque>true</opaque>
<roles>ROLE_MPW_LOCK</roles>
<roles>ROLE_USER_MANAGEMENT_RW</roles>
<roles>ROLE_MAI_RW</roles>
<roles>ROLE_APPS_AND_FILES_RW</roles>
<roles>ROLE_SENTRY_FOR_IPAD</roles>
<roles>ROLE_ADMIN_LOCATE</roles>
<roles>ROLE_LOG_R</roles>
<roles>ROLE_TROUBLESHOOTING_RW</roles>
<roles>ROLE_EVENT_CENTER_RW</roles>
<roles>ROLE_ADMIN_WIPE</roles>
<roles>ROLE_SELECTIVE_WIPE</roles>
<roles>ROLE_MPW_REG</roles>
<roles>ROLE_SECURITY_AND_POLICIES_RW</roles>
<roles>ROLE_MPW_LOCATE</roles>
<roles>ROLE_API</roles>
<roles>ROLE_SMARTPHONES_AND_DEVICES_RW</roles>
<roles>ROLE_MPW_WIPE</roles>
<roles>ROLE_USER_PORTAL_RW</roles>
<roles>ROLE_CONNECTOR</roles>
<roles>ROLE_SETTINGS_RW</roles>
<userSource>76</userSource>
</user>
</securityManagementWebServiceResponse>

8.6 Search LDAP Users

This API finds users by username. The search string cannot be less than 2 characters. If the search
results are more than the search limit (can be configured in mifs.properties) an error is returned. Default
search limit is 100.

101
MobileIron Confidential
Example:

https://mycore.mobileiron.com/api/v1/sm/users/search/ldap/?userid=jdoe

URI: Finds the users for the specified

https://{host-name}/api/v1/sm/users/search/ldap/{userid} username search string.
Http Method: GET
Format: xml, json
Request:
userid Required.
Username search string.
Minimum 2 characters.
Response Status Code:
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
‘400- Bad Request’ 1. If the input search string is
less than 2 characters.
2. If the search results are more
than the limit.

Response:
<securityManagementWebServiceResponse>
<userName>testuser000</userName>
<messages/>
<users>
<user>
<principal>testuser0001</principal>
<displayName>testuser0001</displayName>
<email>[email protected]</email>
<enabled>false</enabled>
<firstName>Test</firstName>
<forcePasswordChange>false</forcePasswordChange>
<lastName>User0001</lastName>
<opaque>true</opaque>
<userSource>68</userSource>
</user>
<user>
<principal>testuser0003</principal>
<displayName>testuser0003</displayName>
<email>[email protected]</email>
<enabled>false</enabled>
<firstName>Test</firstName>
102
MobileIron Confidential
 <forcePasswordChange>false</forcePasswordChange>
<lastName>User0003</lastName>
<opaque>true</opaque>
<userSource>68</userSource>
</user>
</users>
</securityManagementWebServiceResponse>

8.7 Authenticate a User

This API authenticates a single user by username.

Example:

https://mycore.mobileiron.com/api/v1/sm/authentication

103
MobileIron Confidential
For security reasons, include the password in the HTTP request body rather than as a query parameter.
For example:

POST /api/v1/sm/authentication HTTP/1.1

Host: mycore.mobileiron.com
Content-Length: 31
Accept: application/json
Authorization: Basic amRvZTphYmNkMTIzNA==

username=jdoe&password=abcd1234

URI: Finds the user specified for input

https://{host-name}/api/v1/sm/users/{username} username.
Http Method: POST
Format: xml, json
Request:
username String
Required

Note: For security reasons,

include this parameter in HTTP
request body.
Password String
Required
The password must be between 8
and 20 characters.
Note: For security reasons,
include this parameter in HTTP
request body.
Response Status Code:
‘401 – Unauthorized’ If the username/password is
invalid.
‘200 – OK’ If username and password are
valid then User details are
returned in the response.
Response:
<securityManagementWebServiceResponse>
<userName>miadmin</userName>
<messages/>
<user id="9001">
<uuid>f89d8cbf-59d7-47e6-97c2-4681ed8f954a</uuid>
<principal>miadmin</principal>
<createdAt>1374085200000</createdAt>
104
MobileIron Confidential
 <displayName>miadmin</displayName>
<email>[email protected]</email>
<enabled>true</enabled>
<firstName>miadmin</firstName>
<forcePasswordChange>false</forcePasswordChange>

<googleAppsEncryptionAlgVersion>0</googleAppsEncryptionAlgV
ersion>

<lastAdminPortalLoginTime>1374178220915</lastAdminPortalLo
ginTime>
<lastName></lastName>
<opaque>true</opaque>
<roles>ROLE_MPW_LOCK</roles>
<roles>ROLE_USER_MANAGEMENT_RW</roles>
<roles>ROLE_MAI_RW</roles>
<roles>ROLE_APPS_AND_FILES_RW</roles>
<roles>ROLE_SENTRY_FOR_IPAD</roles>
<roles>ROLE_ADMIN_LOCATE</roles>
<roles>ROLE_LOG_R</roles>
<roles>ROLE_TROUBLESHOOTING_RW</roles>
<roles>ROLE_EVENT_CENTER_RW</roles>
<roles>ROLE_ADMIN_WIPE</roles>
<roles>ROLE_SELECTIVE_WIPE</roles>
<roles>ROLE_MPW_REG</roles>
<roles>ROLE_SECURITY_AND_POLICIES_RW</roles>
<roles>ROLE_MPW_LOCATE</roles>
<roles>ROLE_API</roles>
<roles>ROLE_SMARTPHONES_AND_DEVICES_RW</roles>
<roles>ROLE_MPW_WIPE</roles>
<roles>ROLE_USER_PORTAL_RW</roles>
<roles>ROLE_CONNECTOR</roles>
<roles>ROLE_SETTINGS_RW</roles>
<userSource>76</userSource>
</user>
</securityManagementWebServiceResponse>

105
MobileIron Confidential
9 Alerts
MobileIron’s Event Center enables administrators to connect events to specific alerts. The following
events are recognized:
• International Roaming Event
• Threshold Reached Event
• SIM Changed Event
• Storage Size Exceeded Event
• System Event
• Policy Violations Event
This API can retrieve alerts generated by an above named event.

Alerts include a variety of characteristics, such as severity, lifecycle status, and read/unread status. Alert
Lifecycle statuses are defined as follows:
1. Created: the conditions for generating the alert have been met.
2. Processed: the alert has been generated.
3. Dispatched: the alert has been sent.
• Dispatch Pending: alert is ready for dispatch.
• Dispatching: dispatch is in progress.
• Dispatched: dispatch has been completed successfully.
• Dispatch Failed: dispatch failed.

9.1 Get All Alerts

This API returns all alerts. You can filter the alerts by their read/unread status.

Examples:

Get all alerts:

https://mycore.mobileiron.com/api/v1/alerts

Get all alerts that have not been read:

https://mycore.mobileiron.com/api/v1/alerts?isRead=false

URI: Returns list of all alerts.

https://{host-name}/api/v1/alerts
Http Method: GET
Format: xml, json
Request:
106
MobileIron Confidential
isRead Filter by the read status of the
alert.
True returns all alerts that are
marked read.
False returns all the alerts that are
marked unread.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response is
returned.
Response:
<alertWebServiceResponse>
<messages>
<message>1 alert(s) returned</message> Status Message.
Alert count is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<alerts>
<alert id=”5”> Internal database ID uniquely
identifies alert.
<deviceUuid>6482dce2-ea75-400a-9f2c-
d67766d942cf</deviceUuid>
<dispatchDeviceUuid>6482dce2-ea75-400a-9f2c-
d67766d942cf</dispatchDeviceUuid>
<userUuid>asdasd-34sd-234sdf-sfsdfd</userUuid> uuid of the user.
<labelId>163</labelId> The internal id of the label that
triggered the alert.
.
<eventSubscriptionName>m1</eventSubscriptionName>
<alertDate>2010-05-01T01:02:00+00:00</alertDate>
<alertText>WARNING::Memory size exceeded 1% for Phone Alert content.
#: 14085551212 (miadmin), Total Memory Size: 154.86MB, Free
Memory Size: 133.59MB</alertText>
<isActive>false</isActive> true -- the alert is unread.

false -- the alert is read.

<retries>2</retries> Number of attempts that have
been made to send this alert.
<updateBy>alertprocessor</updateBy> Name of user/system component
107
MobileIron Confidential
 which updated this alert.
<updatedAt>2010-04-30T01:04:00+00:00</updatedAt> The time at which this alert record
was last modified.
<userName>miadmin</userName> Recipient user name.
Alert type:
<alertDefnname>MEMORY_SIZE_EXCEEDED_ALERT</alertDefnnam
e> INTERNATIONAL_ROAMING_ALERT
THRESHOLD_REACHED_ALERT
SIM_CHANGED_ALERT
MEMORY_SIZE_EXCEEDED_ALERT
SYSTEM_ALERT
POLICY_VIOLATIONS_ALERT
<severity>WARNING</severity> Alert severity:
INFORMATION
WARNING
CRITICAL
<transport>EMAIL</transport> Means by which alert is
communicated:
EMAIL
SMS
APNS (iPhone only)
<status>DISPATCHED</status> Alert dispatch status:
CREATED
PROCESSED
DISPATCH_PENDING
DISPATCHING
DISPATCHED
DISPATCH_FAILED
<isAlertRead>true</isAlertRead> Not used. The isActive field
indicates whether the alert is read
or unread.
</alert>
</alerts>
</alertWebServiceResponse>

9.2 Get All Alerts for Phone Number

This API returns all alerts for a single device phone number. You can further filter the alerts by their
read/unread status.

The fields in the response are the same as the fields in the Get All Alerts Response. However, the set of
alerts is limited to alerts for the phone number specified in the request.

Examples:
108
MobileIron Confidential
Get all alerts for a phone number:

https://mycore.mobileiron.com/api/v1/alerts/phones/6505551212

Get all alerts for a phone number that have been read:

https://mycore.mobileiron.com/api/v1/alerts/phones/6505551212?isRead=true

URI: Returns list of all alerts for input

https://{host-name}/api/v1/alerts/phones/{phonenumber} phone number.
Http Method: GET
Format: xml, json
Request:
phoneNumber Required. Phone number.
isRead Filter by the read status of the
alert.
True returns all alerts which are
marked read.
False returns all the alerts which
are marked unread.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<alertWebServiceResponse>
<messages>
<message>1 alert(s) returned</message> Status Message.
Alert count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<alerts>
<alert>
<id>5</id>
<deviceUuid>6482dce2-ea75-400a-9f2c-
d67766d942cf</deviceUuid>
<dispatchDeviceUuid>6482dce2-ea75-400a-9f2c-
d67766d942cf</dispatchDeviceUuid>
<userUuid>asdasd-34sd-234sdf-sfsdfd</userUuid> uuid of the user.
<labelId>1</labelId> The internal id of the label that
109
MobileIron Confidential
 triggered the alert.

<eventSubscriptionName>m1</eventSubscriptionName>
<alertDate>2010-05-01T01:02:00+00:00</alertDate>
<alertText>WARNING::Memory size exceeded 1% for Phone Alert content.
#: 14085551212 (miadmin), Total Memory Size: 154.86MB, Free
Memory Size: 133.59MB</alertText>
<isActive>false</isActive> true -- the alert is unread.

false -- the alert is read.

<retries>0</retries> The number of attempts that
have been made to send this
alert.
<updateBy>alertprocessor</updateBy>
<updatedAt>2010-04-30T01:04:00+00:00</updatedAt>
<userName>miadmin</userName> Recipient user name.
Alert type.
<alertDefnname>MEMORY_SIZE_EXCEEDED_ALERT</alertDefnnam
e>
<severity>WARNING</severity> Alert severity:
INFORMATION
WARNING
CRITICAL
<transport>EMAIL</transport> Means by which alert is
communicated:
EMAIL
SMS
APNS (iPhone only)
<status>DISPATCHED</status> Alert dispatch status (as
described in the Alerts section
above):
CREATED
PROCESSED
DISPATCH_PENDING
DISPATCHING
DISPATCHED
DISPATCH_FAILED
<isAlertRead>true</isAlertRead> Not used. The isActive field
indicates whether the alert is
read or unread.
</alert>
</alerts>
</alertWebServiceResponse>

110
MobileIron Confidential
9.3 Get all Alerts for User
This API returns all alerts for a single user. Because users may have multiple devices, this API returns all
alerts on all devices matching the username. You can further filter the alerts by their read/unread
status.

The fields in the response are the same as the fields in the Get All Alerts Response. However, the set of
alerts is limited to alerts for the user specified in the request.

Examples:

Get all alerts for a user:

https://mycore.mobileiron.com/api/v1/alerts/users/jdoe

Get all unread alerts for a user:

https://mycore.mobileiron.com/api/v1/alerts/users/jdoe?isRead=false

URI: Returns list of all alerts for the

https://{host-name}/api/v1/alerts/users/{username} input user name.
Http Method: GET
Format: xml, json
Request:
Username Required. Unique login user
name.
isRead Filter by the read status of the
alert.
True returns all alerts which are
marked read.
False returns all the alerts which
are marked unread.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<alertWebServiceResponse>
<messages>
<message>1 alert(s) returned</message> Status Message.
Alert count is shown if the

111
MobileIron Confidential
 method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<alerts>
<alert>
<id>5</id>
<deviceUuid>6482dce2-ea75-400a-9f2c-
d67766d942cf</deviceUuid>
<dispatchDeviceUuid>6482dce2-ea75-400a-9f2c-
d67766d942cf</dispatchDeviceUuid>
<userUuid>asdasd-34sd-234sdf-sfsdfd</userUuid> uuid of the user.
<labelId>1</labelId> The internal id of the label that
triggered the alert.
<eventSubscriptionName>m1</eventSubscriptionName>
<alertDate>2010-05-01T01:02:00+00:00</alertDate>
<alertText>WARNING::Memory size exceeded 1% for Phone Alert content.
#: 14085551212 (miadmin), Total Memory Size: 154.86MB, Free
Memory Size: 133.59MB</alertText>
<isActive>false</isActive> true -- the alert is unread.

false -- the alert is read.

<retries>2</retries> Number of attempts that have
been made to send this alert.
<updateBy>alertprocessor</updateBy>
<updatedAt>2010-04-30T01:04:00+00:00</updatedAt>
<userName>miadmin</userName> Recipient user name.
Alert type.
<alertDefnname>MEMORY_SIZE_EXCEEDED_ALERT</alertDefnnam
e>
<severity>WARNING</severity> Alert severity:
INFORMATION
WARNING
CRITICAL
<transport>EMAIL</transport> Means by which alert is
communicated:
EMAIL
SMS
APNS (iPhone only)
<status>DISPATCHED</status> Alert dispatch status:
CREATED
PROCESSED
112
MobileIron Confidential
 DISPATCH_PENDING
DISPATCHING
DISPATCHED
DISPATCH_FAILED
<isAlertRead>true</isAlertRead> Not used. The isActive field
indicates whether the alert is
read or unread.
</alert>
</alerts>
</alertWebServiceResponse>

9.4 Get All Alerts for a Phone Number of a User

This API returns all alerts for a single phone number of a user. You can further filter the alerts by their
read/unread status.

The fields in the response are the same as the fields in the Get All Alerts Response. However, the set of
alerts is limited to alerts for the user specified in the request.

Example:

https://mycore.mobileiron.com/api/v1/alerts/users/jdoe/phones/16505551212

URI: Returns list of all alerts for the

https://{host- input phone number of the input
name}/api/v1/alerts/users/{username}/phones/{phonenumber} user name.
Http Method: GET
Format: xml, json
Request:
Username Required. Unique login user
name.
phoneNumber Required. Phone number.
isRead Filter by the read status of the
alert.
True returns all alerts which are
marked read.
False returns all the alerts which
are marked unread.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
113
MobileIron Confidential
Response:
<alertWebServiceResponse>
<messages>
<message>1 alert(s) returned</message> Status Message.
Alert count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<alerts>
<alert>
<id>5</id>
<deviceUuid>6482dce2-ea75-400a-9f2c-
d67766d942cf</deviceUuid>
<dispatchDeviceUuid>6482dce2-ea75-400a-9f2c-
d67766d942cf</dispatchDeviceUuid>
<userUuid>asdasd-34sd-234sdf-sfsdfd</userUuid> uuid of the user.
<labelId>1</labelId> The internal id of the label that
triggered the alert.
<eventSubscriptionName>m1</eventSubscriptionName>
<alertDate>2010-05-01T01:02:00+00:00</alertDate>
<alertText>WARNING::Memory size exceeded 1% for Phone Alert content.
#: 14085551212 (miadmin), Total Memory Size: 154.86MB, Free
Memory Size: 133.59MB</alertText>
<isActive>false</isActive> true -- the alert is unread.

false -- the alert is read.

<retries>2</retries> Number of attempts that have
been made to send this alert.
<updateBy>alertprocessor</updateBy>
<updatedAt>2010-04-30T01:04:00+00:00</updatedAt>
<userName>miadmin</userName> Recipient user name.
Alert type.
<alertDefnname>MEMORY_SIZE_EXCEEDED_ALERT</alertDefnnam
e>
<severity>WARNING</severity> Alert severity:
INFORMATION
WARNING
CRITICAL
<transport>EMAIL</transport> Means by which alert is
communicated:
EMAIL
114
MobileIron Confidential
 SMS
APNS (iPhone only)
<status>DISPATCHED</status> Alert dispatch status:
CREATED
PROCESSED
DISPATCH_PENDING
DISPATCHING
DISPATCHED
DISPATCH_FAILED
<isAlertRead>true</isAlertRead> Not used. The isActive field
indicates whether the alert is
read or unread.
</alert>
</alerts>
</alertWebServiceResponse>

9.5 Update Alert

This API updates the read/unread status and comments to a particular alert.

Example:

https://mycore.mobileiron.com/api/v1/alerts/ 3936?isRead=false&comments=Reset

URI: Updates the alert designated by

https://{host-name}/api/v1/alerts/{id} the alert ID.
Http Method: PUT
Format: xml, json
Request:
Id Required. Alert ID to be updated.
isRead Required.
True updates the alert as read.
False updates the alert as unread.
Comments Required.
Comments to be added to the
alert. Free form text field (255
character limit).

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response

115
MobileIron Confidential
 is returned.
Response:
<alertWebServiceResponse>
<messages>
<message>Updated alert 3936 successfully</message> Status Message.
Success is shown if the method
execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
</alertWebServiceResponse>

9.6 Update List of Alerts

This API updates the read/unread status and comments to multiple alerts, designated by a list of IDs.

Example:

https://mycore.mobileiron.com/api/v1/alerts?id=3936&id=3934&isRead=true&comme
nts=”Jdoe read this alert”

URI: Updates multiple alerts,

https://{host-name}/api/v1/alerts/ designated by alert IDs.
Http Method: PUT
Format: xml, json
Request:
id Required. Alert IDs to be
updated.
Note: The IDs are query
parameters.
For example:
https://{host-
name}/api/v1/alerts?id=1&id=2&
id3
Three alerts with ids= 1, 2 and 3
are updated with the specified
isRead value and comments
value.
isRead Required.
True updates the alert as read.
False updates the alert as unread.
Comments Required.

116
MobileIron Confidential
 Comments to be added to the
alert. Free form text field (255
character limit).

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<alertWebServiceResponse>
<messages>
<message> Updated 10 alert(s) successfully</message> Status Message.
Alert update count is shown if
the method execution is
successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
</alertWebServiceResponse>

10 Applications
10.1 Get Application Inventory
This API returns the list of all applications installed across all devices in the MobileIron system.

Example:

https://mycore.mobileiron.com/api/v1/apps/inventory

URI: Returns list of all applications

https://{host-name}/api/v1/apps/inventory installed across all devices.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<appStoreWebServiceResponse>

117
MobileIron Confidential
 <messages>
<message>1 App(s) returned</message> Status Message.
Application count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<apps>
<app id="1">
Bundle ID or package name of
<bundle>com.mobileiron.enterprise.webcontainer the app in the App Catalog on
</bundle> MobileIron Core.
<appName>Apps@Work 1.1.2</appName> Application name.
<assetName>Apps@Work 1.1.2</assetName> Application name. This field has
the same value as the
<appName> field.
<inventoryAppId>1</inventoryAppId> Unique application ID of the app
in the App Catalog on MobileIron
Core, if applicable.
<platform>iOS</platform> The platform that the app runs
on. Possible values are:

Android
Android 1.6
Android 2.0
Android 2.0.1
Android 2.1
Android 2.2
Android 2.3
Android 3.0
Android 3.1
Android 3.2
Android 4.0
Android 4.0.1
Android 4.0.3
Android 4.0.2
Android 4.0.4
Android 4.1
Android 4.2
Android 4.3
Android 4.4
AppleTV

118
MobileIron Confidential
 AppleTV 7.0
iOS 4.0
iOS 4.1
iOS 4.2
iOS 4.3
iOS 5.0
iOS 5.1
iOS 6.0
iOS 6.1
iOS 6.2
iOS 7.0
iOS 7.1
iOS 8.0
OS X
OS X 10.7
OS X 10.8
OS X 10.9
OS X 10.10
Windows Phone
Windows Phone 8
Windows
Windows Pro/RT
Windows 8.1
Windows Phone 8.1
<reportedAppName>Apps@Work</reportedAppName> The app name as reported by the
device, used there on the app’s
springboard. That is, it is the
name associated with the app’s
icon on the device.

If the administrator added the

app manually to MobileIron
Core’s App Catalog, this value is
what the administrator entered
for the app name.
<type>APPLICATION</type> This field always has the value
APPLICATION.
<version>1.1.2</version> Application version.
For Android devices, the field has
this format:
M/N: <versionInt> where
• <versionInt> is the integer
version of the app
• M means market version, and
119
MobileIron Confidential
 N means non-market version.
<appVersion>7.1.0.0.67</appVersion> Applies only to Android.
The version of the app.
<versionInt>71000067</versionInt> Applies only to Android.
The integer version number of
the app.
<longVersion>3.1.2</longVersion> Applies only to iOS.
The build version number of the
app.
<shortVersion>3.1.2</shortVersion> Applies only to iOS.
The release version number of
the app.
</app>
</apps>
</appStoreWebServiceResponse>

10.2 Get Device Application Inventory

This API returns the list of all applications installed on a device.

iOS 5 and higher only:

Starting with iOS 5, the administrator can specify an app as an iOS managed app. The administrator can
control whether:
• an iOS managed app is backed up
• the app is deleted when the MDM profile is removed or the device is quarantined
The list that this API returns includes not only iOS managed apps that are installed, but also iOS
managed apps for which an installation attempt failed or is in progress. A <status> field indicates
whether the app is installed. If it is not installed, the field indicates the reason.

The following table shows the values of the <status> field for iOS managed apps.

Note: All the values, with the exceptions of NotInstalled and MDM Removed, are provided by iOS.

<status> field value Description

AppAlreadyInstalled The attempt to install the app failed because it is already
installed.
NotSupported The attempt to install the app failed because the app is not
supported. For example, the device user attempted to install an
iPad-only app on an iPhone.
CouldNotVerifyAppID The attempt to install the app failed because the App ID could not
be verified with the App Store.
AppStoreDisabled The App Store is disabled on the device.
NeedsRedemption The app is not a free app. It needs to redeem a token.
120
MobileIron Confidential
Redeeming Redeeming the token.
Prompting Prompting the device user for installation.
PromptingForUpdate Prompting the device user to update an installed app to, for
example, a new version.
Installing The app is in the process of being installed.
Managed The app is installed as an iOS managed app.
ManagedButUninstalled The app is an iOS managed app that is no longer installed on the
device.
Unknown The status of the app is unknown.
UserInstalledApp The app is installed, but not as an iOS managed app.
UserRejected The user cancelled the installation of an iOS managed app.
UpdateRejected The user cancelled an update of an OS managed app.
Failed The attempt to install the app failed.
AppAlreadyQueued The app is currently queued for installation.
NotInstalled The app is not installed.
MDM Removed The app is installed on the device, but is no longer an iOS
managed app.

Examples:

https://mycore.mobileiron.com/api/v1/apps/inventory/devices/038d9439-0f75-
4d30-8d7d-120b4cb8646b

https://mycore.mobileiron.com/api/v1/apps/inventory/devices/mac/38AA3C62BFAD

1.URI: Returns list of all applications

https://{host-name}/api/v1/apps/inventory/devices/{deviceuuid} installed on a device.
Http Method: GET
Format: xml, json
Request:
Device UUID Required. Unique ID of the
device.

2.URI: Returns list of all applications

https://{host- installed on a device.
name}/api/v1/apps/inventory/devices/mac/{macaddress}
Http Method: GET
Format: xml, json
Request:
macAddress Required.

Response Status Code:

121
MobileIron Confidential
‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<appStoreWebServiceResponse>
<deviceUuid>1e88d6dd-a8aa-4a16-b2f3-
662dc9736bb6</deviceUuid>
<messages>
<message>1 Client App(s) returned</message> Status Message.
Application count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<clientApps>
<clientApp id="1">
<appId>26</appId> Internal app ID of the app in the
App Catalog on MobileIron Core,
if applicable.

If the app is not in MobileIron

Core’s App Catalog, then the
response does not include the
<appId> field.

Note: Prior to VSP 5.1, this field

sometimes contained the value
that is now given in the <bundle>
field.
<appName>MobileIron 5000000.583</appName> Application name.
<assetName>MobileIron 5000000.583</assetName> Application name. This field has
the same value as the
<appName> field.
<bundle>com.mobileiron.enterprise.EnggSpecs</bundle> The bundle ID or iTunes ID of the
app.

Note: This field was added in VSP

5.1. Prior to VSP 5.1, this value
was sometimes given in the
<appID> field.
<inventoryAppId>1</inventoryAppId> Unique application ID of the app
in the App Catalog on MobileIron

122
MobileIron Confidential
 Core, if applicable. This value
varies by OS, and is typically a
number or version information.
<platform>iOS</platform> The platform that the app runs
on. Possible values are:

Android
Android 1.6
Android 2.0
Android 2.0.1
Android 2.1
Android 2.2
Android 2.3
Android 3.0
Android 3.1
Android 3.2
Android 4.0
Android 4.0.1
Android 4.0.3
Android 4.0.2
Android 4.0.4
Android 4.1
Android 4.2
Android 4.3
Android 4.4
AppleTV
AppleTV 7.0
iOS 4.0
iOS 4.1
iOS 4.2
iOS 4.3
iOS 5.0
iOS 5.1
iOS 6.0
iOS 6.1
iOS 6.2
iOS 7.0
iOS 7.1
iOS 8.0
OS X
OS X 10.7
OS X 10.8
OS X 10.9
OS X 10.10
123
MobileIron Confidential
 Windows Phone
Windows Phone 8
Windows
Windows Pro/RT
Windows 8.1
<reportedAppName>MobileIron</reportedAppName> The app name as reported by the
device, used there on the app’s
springboard. That is, it is the
name associated with the app’s
icon on the device.

If the administrator added the

app manually to MobileIron
Core’s App Catalog, this value is
what the administrator entered
for the app name.
<type>APPLICATION</type> This field always has the value
APPLICATION.
<version>5000000.583</version> Application version.
<status>Managed</status> iOS 5 and higher only. Status of
an iOS managed app. For possible
values, see the beginning of this
section.
</clientApp>
</clientApps>
</appStoreWebServiceResponse>

10.3 Get Devices by Application Name

This API returns the list of all devices on which a specific application is installed.

Examples:

Get all devices that have a particular Sudoku version installed:

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=Sudoku_017%20
1.1

Get all Android devices that have a particular Sudoku version installed:

https://mycore.mobileiron.com/api/v1/apps/inventory/app?appname=Sudoku_017%20
1.1&platform=A

124
MobileIron Confidential
URI: Returns list of all applications
https://{host-name}/api/v1/apps/inventory/app installed on a device.
Http Method: GET
Format: xml, json
Request:
appname Required. Application name.
Send appname as a query
parameter.

The application name is not case

sensitive.

If you are using a browser, URL-

encode whitespace in the
appname using %20. For
example, URL-encode MobileIron
MIClient as
MobileIron%20MIClient.

platform Optional. If not specified, all

platforms can be in the response.

Possible platform values are:

A - Android
I – iOS
E – Windows
M – Windows Phone devices
(WP8, WP8.1)
Q = Web application for iOS
limit See Using offset and limit
Parameters to Cycle through
Records.
offset See Using offset and limit
Parameters to Cycle through
Records.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:

125
MobileIron Confidential
<appStoreWebServiceResponse>
<deviceUuid>1e88d6dd-a8aa-4a16-b2f3-
662dc9736bb6</deviceUuid>
<messages>
<message> 3 Device(s) returned.</message> Status Message.
Device count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<devices>
<device id="1">
<uuid>bf3be0f1-6b4e-4e03-94c0-8b7bd6b89a1c</uuid> Device Unique id
<phonenumber>4085551212</phonenumber> Phone number
<username>miadmin</username> Username.
<platform>iOS 5.1</platform> Platform.
<os>I</os> Platform type. Contains one of
the following values:

A - Android
I – iOS
E – Windows
M – Windows Phone devices
(WP8, WP8.1)
Q = Web application for iOS
<version>5000000.598</version> Version.
</device>
….
</devices>
<appName>MobileIron</appName>
</appStoreWebServiceResponse>

10.4 Add Application to the App Storefront

This API enables you to upload an in-house application to the App Catalog on MobileIron Core.

Examples:

126
MobileIron Confidential
https://mycore.mobileiron.com/api/v1/apps/appstore/addapplication?request=myJ
sonFile.txt&installerfile=myApp.ipa&icon=myIcon.jpg

https://mycore.mobileiron.com/api/v1/apps/appstore/addapplication?request=
myJsonFile.txt&installerfile=myApp.ipa&icon=myIcon.jpg&phonescreen1=
myScreen1.jpg&phonescreen2=myScreen2.jpg&tabletscreen1=myTablet1.jpeg&
tabletscreen2=myTablet2.jpeg

URI: Adds an in-house application to

https://{host-name}/api/v1/apps/appstore/addapplication the enterprise app storefront.
Http Method: POST
Format: xml, json

Content-Type Multipart
Request:
request Name of the JSON file containing
additional parameters for
configuring the application on
MobileIron Core. See “Request
File” on page 128 for information
on the content of this file.
installerfile Name of the app file to be
uploaded (.ipa for iOS, .apk for
Android).
icon Optional. Name of the icon file to
be uploaded.
phoneScreenN Optional. Up to 10 screenshots of
the app for phones, e.g.,
phoneScreen1, phoneScreen2.
tabletScreenN Optional. Up to 10 screenshots of
the app for tablets, e.g.,
tabletScreen1, tabletScreen2.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.

Response:
<messages>

<message>Added application: HelloPGAppConnect.ipa. id:27,

installedCount:0, pushedCount:0, recommendedApp:false</message>

127
MobileIron Confidential
</messages>

10.4.1 Request File

The following table lists the parameters available for the JSON file referenced by the addapplication API.

Note: For Boolean values, use true and false, all lower case.

appname Required. 25 character limit.

platform Required. Indicates the platform for which the application is
intended. I=iOS, A=Android.
description Additional text that explains what the app is or.
displayVersion iOS only
The version number to be displayed to users. Use only numerals
and periods (.).
category Group of apps in which this app should be displayed on the
device. The specified category must already be defined on the
server.
ipadOnly iOS only
true = app available only for iPads.
removeWhenMdmDisabled Only iOS5 and later
true = remove app if MDM is disabled
preventBackup Only iOS5 and later
true = iTunes will not attempt to back up potentially sensitive app
data
pushOnRegistration true = for iOS5 and later, prompt device users to install this app
once device registration is complete or a user signs in on a multi-
user device
true = for Android, sets silent install for the app
allowUnmanagedUpdate iOS only

true = update a previous version of the app, regardless of

whether it was installed as managed. The update is then applied
as an unmanaged updated. This option is useful if you want to
support existing unmanaged installations of the app without
forcing users to uninstall and reinstall as a managed app. (Apple
prohibits installation of updates over unmanaged apps.)

false = update previous versions of the app only if they were

128
MobileIron Confidential
 installed as managed apps.

quarantinable iOS only

true = enable configured compliance actions to remove the app if
a policy violation results in a quarantined device or the device
signs out in multi-user mode. This option does not apply unless
the corresponding option has been specified in a compliance
action, and that compliance action has been selected for one or
more policy options in the security policy for a device. Once the
device is no longer quarantined, the app can be downloaded
again.
featured true = highlight this app in the Featured apps list. On the device,
the user can see a subset of featured apps.
dataProtectionRequired iOS only

true = require that data protection be enabled in order to install

this app.
Note: Devices without data protection enabled will not see the
app at all in the In-house Apps list on the device and will not know
that data protection compliance is required. Therefore, you may
want to communicate the requirement to users.
appCDNDisallow true = do not allow use of the AppDN service, if enabled. See the
AppDN Tech Note for more information on AppDN.
urlOverride The alternate URL (if implemented) for downloading in-house
apps. The URL must point to the in-house app in its alternate
location.

Example:

{
"appstorerequest":{
"appname":"testapp",
"platform":"I",
"description":"Here is a description",
"category":"abcd",
"displayVersion":"10.9.8.7"
}
}

129
MobileIron Confidential
10.5 Apply App to/Remove App from a Label
This API applies an application to or removes an application from an existing label on MobileIron Core.

Example:

https://mycore.mobileiron.com/api/v1/apps/appstore/42?action=apply_label&labe
l=Executives

URI: Applies an app to or removes an

https://{host-name}/api/v1/apps/appstore/{appid} app from an existing label.
Http Method: PUT
Format: xml, json

Request:
appid Identifier for the application
(issued by MobileIron Core).
action apply_label
remove_label
label Label name.

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.

Response:
<appStoreWebServiceResponse>
<messages>
<message>Successfully published application to label and
queued for processing.</message>
</messages>
</appStoreWebServiceResponse>

10.6 Get all app categories

This API returns the list of all app categories.

Example:

https://mycore.mobileiron.com/api/v1/apps/categories

130
MobileIron Confidential
URI: Get all app categories.
https://{host-name}/api/v1/apps/categories
Http Method: GET
Format: xml, json

Response Status Code:

‘200 – OK’ Data is present and the response
is returned. The response can
contain no app categories.

Response:
<appStoreWebServiceResponse>
<totalCount>2</totalCount> Number of categories
<messages/> When totalCount is 0, the
messages element contains a
<message> element with the
value “No categories found”.
<appCategories> Included if one or more app
categories are returned.
<appCategory>
<id>7</id> ID assigned by MobileIron Core
when the category was created.
<name>Finance</name> Name assigned by the
administrator when creating the
category.
</appCategory>
<appCategory>
<id>8</id>
<name>Human Resources</name>
</appCategory>
</appCategories>
</appStoreWebServiceResponse>

10.7 Delete an app category

This API deletes the specified app category.

Example:

https://mycore.mobileiron.com/api/v1/apps/categories/8

URI: Get all app categories.

https://{host-name}/api/v1/apps/categories/{app category ID}
131
MobileIron Confidential
Http Method: DELETE
Format: xml, json

Request:
App category ID The ID of the app category to
delete. The ID was assigned by
MobileIron Core when an
administrator created the app
category.

Use the API in 9.6 Get all app

categories to get the ID to use in
this API.
Response Status Code:
‘200 – OK’ The ID was successfully deleted.
This status code is also returned if
the ID does not exist.

Response:
<appStoreWebServiceResponse>
<totalCount>0</totalCount>
<messages/>
</appStoreWebServiceResponse>

10.8 Get all apps for a platform type in App Catalog

This API lists all the apps for a specific platform that are in MobileIron Core’s App Catalog, regardless
whether they are installed on a device.

Example:

https://mycore.mobileiron.com/api/v1/apps/appstore?platformType=I

URI: Get all apps for a specific

https://{host-name}/api/v1/apps/appstore platform in App Catalog
Http Method: GET
Format: xml, json

Request:
platformType Required. Platform or operating
system of the device.
Valid values:
A - Android
I – iOS
132
MobileIron Confidential
 E – Windows
M – Windows Phone devices
(WP8, WP8.1)
Q = Web application for iOS
Response Status Code:
‘200 – OK’ The list of apps was successfully
returned. This status code is also
returned if no apps for the
platform type are in the App
Catalog.

Response:
<appStoreWebServiceResponse>
<totalCount>0</totalCount> Not used
<messages>
<message> Message indicating the number
"16 enterprise app(s) returned." of apps returned.
</message>
</messages>
<enterpriseApps> Lists the apps returned.
<enterpriseApp> Details about the app.
<bundleIdentifier>com.android.mi.email</bundleIdentifier> Identifier for the app.
<description/> Description of the app, possibly
empty. The field is not included
for Android apps that have no
description.
<id>25</id> Unique ID assigned by the App
Catalog.
<installedCount>14</installedCount> Number of devices that have
installed the app.
<installerFileName> The installer file for in-house
NameOfInstallerFile apps, such as the APK file for
</ installerFileName > Android apps and the IPA file for
iOS apps.

This element is not included for

recommended apps.
<name>NameOfApp</name> Name of the app.
<platformType>I</platformType> The platform type in the request.
<pushedCount>0</pushedCount Not used.
<recommendedApp>false</recommendedApp> true for recommended apps.
false for in-house apps.
<version>3.1.0</version> Version number of the app
133
MobileIron Confidential
 </enterpriseApp>
</enterpriseApps>

10.9 Associate or dissociate a category with an app

This API associates or dissociates a category defined in MobileIron Core’s App Catalog with an app. The
API specifies the app using its unique App Catalog ID. This ID is available from the API defined in 9.8 Get
all apps for a platform type in App Catalog.

Examples:

https://mycore.mobileiron.com/api/v1/apps/appstore/8?action=apply_category&ca
tegory=Sales

https://mycore.mobileiron.com/api/v1/apps/appstore/8?action=remove_category&c
ategory=Sales

URI: Associate or dissociate a

https://{host-name}/api/v1/apps/appstore/{appid} category with an app.
Http Method: PUT
Format: xml, json

Request:
appid The ID of the app with which you
want to associate or dissociate a
category. The ID was assigned by
MobileIron Core when the app
was added to the App Catalog.

Use the API in 9.6 Get all app

categories to get the ID to use in
this API.
action Required. This parameter is a
query parameter.

“apply_category” – to apply the

category to the app

“remove_category” – to remove
the category from the app
category Required. Category name.

This parameter is a query

134
MobileIron Confidential
 parameter.
Response Status Code:
‘200 – OK’ The category was successfully
associated with or dissociated
from the app.
‘400 Bad Request’ The request was invalid.

For example:
• The value of the category
parameter is not valid.
• No category parameter was
included in the request.

Response:
<appStoreWebServiceResponse>
<totalCount>0</totalCount> Not used.
<messages>
<message> Indicates whether the operation
"Successfully added category 'Sales' to app 'SomeApp'." was successful.
</message>
</messages>
</appStoreWebServiceResponse>

10.10 Add a new app category

This API adds a new app category that can then be applied to apps in the App Catalog.

Example:

https://mycore.mobileiron.com/api/v1/apps/categories

where the payload contains the name of the category to add:

In XML:

<appCategory>
<name>Finance</name>
</appCategory>

In JSON:

{"appCategory"={"name":"Finance"}}

135
MobileIron Confidential
URI: Add a new app category.
https://{host-name}/api/v1/apps/categories
Http Method: POST
Format: xml, json

Request:
A payload containing: The payload specifies the name
of the category to add.
<appCategory>
<name>NewCategoryName</name>
</appCategory>
Response Status Code:
‘201 – Created’ The request was successful. The
category was added.

‘200 – OK’ The request was successful. The

category already exists.
‘400 – Bad Request’ The request was invalid.
For example, the XML in the
payload was invalid.
Response:
<appStoreWebServiceResponse>
<totalCount>1</totalCount> Not used.
<messages>
<message> Provides information about the
"Category 'Sales' successfully added." operation.
</message>
For example, when the status
code is 200 the message is:
"Category 'Sales' already exists."
</messages>
</appStoreWebServiceResponse>

10.11 Rename an app category

This API renames an app category in the App Catalog.

Example:

https://mycore.mobileiron.com/api/v1/apps/categories/7

where the payload contains the new name:

136
MobileIron Confidential
In XML:

<appCategory>
<name>Sales USA</name>
</appCategory>

In JSON:

{"appCategory"={"name":"Sales USA"}}

URI: Rename an app category.

https://{host-name}/api/v1/apps/categories
Http Method: PUT
Format: xml, json

Request:
Category ID The ID of the category to rename.

MobileIron Core assigned the ID

when the category was added.

Use the API in 9.6 Get all app

categories to get the ID to use in
this API.
A payload containing: The payload specifies the new
name of the category.
<appCategory>
<name>NewCategoryName</name>
</appCategory>
Response Status Code:
‘200 – OK’ The request was successful. The
category was renamed.
‘400 – Bad Request’ The request was invalid. For
example:
• A category with the new
name already exists.
• The XML in the payload was
poorly formed.

Response:
<appStoreWebServiceResponse>
<totalCount>1</totalCount> Not used.

137
MobileIron Confidential
 <messages>
<message> Provides information about the
"Category with ID '7' updated to 'Sales USA'." operation.
</message>
</messages>
</appStoreWebServiceResponse>

11 Policies
11.1 Get Policies
This API returns the list of all polices across all devices in the MobileIron system.

Example:

https://mycore.mobileiron.com/api/v1/policies

URI: Returns list of all policies

https://{host-name}/api/v1/policies installed across all devices.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<policyWebServiceResponse>
<messages>
<message> 1 policy returned.</message> Status Message.
Policy count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<policies>
<policy id="-2">
<policyName>Default Privacy Policy</policyName> Policy name.
<policyType>DEFAULT</policyType> Policy Type. Either DEFAULT or

138
MobileIron Confidential
 ENTERPRISE.
<profileType>PRIVACY</profileType> Profile type. Either PRIVACY,
SECURITY, LOCKDOWN, or SYNC.
<status>Active</status> Active or Inactive.
<active>true</active> Whether the policy is active.
true means Active.
false means Inactive.
<defaultPolicy>false</defaultPolicy> Deprecated.
<description>Default Privacy Policy</description> Policy description.
<deviceCount>1</deviceCount> Number of devices for which the
policy is applied.
<pendingCount>1</pendingCount> Number of devices for which the
policy is pending.
<priority>1</priority> Priority
<rules> Policy rules, which consist of
type-value pairs. The set of type-
value pairs are listed in Section
10.4 Policy Rules.

The rule shown here is only an

example.
<rule>
<type>PRIVACY_SYNC_CALLLOGS</type> Rule type
<value>store</value>
<clientValue>off</clientValue>
</rule>
….
<rules>
</policy>
</policies>
</ policyWebServiceResponse >

11.2 Get Policies by DeviceUUID

This API returns the list of all polices by device uuid in the MobileIron system.

Example:

https://mycore.mobileiron.com/api/v1/policies/devices/027d9439-0f75-4d30-
8d7d-120b4cb8646b

URI: Returns list of all policies by

https://{host-name}/api/v1/policies/devices/{deviceuuid} device uuid.
139
MobileIron Confidential
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<policyWebServiceResponse>
<messages>
<message> 1 policy returned.</message> Status Message.
Policy count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<policies>
<policy id="-2">
<policyName>Default Privacy Policy</policyName> Policy name.
<policyType>DEFAULT</policyType> Policy Type. Either DEFAULT or
ENTERPRISE.
<profileType>PRIVACY</profileType> Profile type. Either PRIVACY,
SECURITY, LOCKDOWN, or SYNC.
<status>Active</status> Active or Inactive.
<active>true</active> Whether the policy is active.
true means Active.
false means Inactive.
<defaultPolicy>false</defaultPolicy> Deprecated.
<description>Default Privacy Policy</description> Policy description.
<deviceCount>0</deviceCount> This field is not applicable for this
request.
<pendingCount>0</pendingCount> This field is not applicable for this
request.
<priority>1</priority> Priority
<rules> Policy rules, which consist of
type-value pairs. The set of type-
value pairs are listed in Section
10.4 Policy Rules.

The rule shown here is only an

example.
<rule>
140
MobileIron Confidential
 <type>PRIVACY_SYNC_CALLLOGS</type> Rule type
<value>store</value>
<clientValue>off</clientValue>
</rule>
….
<rules>
</policy>
</policies>
</ policyWebServiceResponse >

11.3 Apply/Remove policy for a label.

This API applies a policy to a label or removes a policy from a label.

Example:

https://mycore.mobileiron.com/api/v1/policies/-2?action=apply_label&label=Testlabel

URI: Returns status.

https://{host-name}/api/v1/policies/{policyid}
Http Method: PUT
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Request:
policyid Required. The internally
generated policy ID. Use the Get
Policies and Get Policies by
DeviceUUID to determine a
policy’s ID.
action Required. This parameter is a
query parameter.

“apply_label” – to apply the label

to the policy
“remove_label” – to remove the
label from the policy
label Required. Label name.

141
MobileIron Confidential
 This parameter is a query
parameter.
Response:
<policyWebServiceResponse>
<messages>
<message> Status Message.
Policy applied to label Android successfully. A descriptive error message is
</message> shown if the method execution
failed.
</messages>
<policyWebServiceResponse>

11.4 Policy Rules

An HTTP response that contains information about a policy includes a <rules> element made up of many
<rule> elements.

For example:

<rules>
<rule>
<type>SYNC_HEARTBEAT_INTERVAL</type>
<value>14</value>
<clientValue>840</clientValue>
</rule>
<rule>
<type>SYNC_MULTITASK_INTERVAL</type>
<value>15</value>
<clientValue>15</clientValue>
</rule>
</rules>

The following tables show the values of these <type> elements, their meanings, and possible values.

Note: The <clientValue> element is deprecated. Ignore its values.

11.4.1 Security policy rules

The following table shows the rules for security policies, listed alphabetically by the name of the <type>
field.

Note: Not all the security rules apply to all device types.
142
MobileIron Confidential
For information about security policies, see the MobileIron® Administration Guide.

Security policy rule <type> field Description Values

EAS_BLOCK_ANDROID_DATA_ Whether to take an action when Value: true or false

ENC data encryption is disabled on an
Android device. ClientValue: deprecated.

EAS_BLOCK_ANDROID_DEVIC Whether to take an action when Value: true or false

E_ADMIN_DEACTIVE MobileIron detects that the device
administrator privilege has been ClientValue: deprecated.
removed from the MobileIron app.
EAS_BLOCK_ANDROID_OS The version of Android below Value: An Android version
which MobileIron takes an action. number.

For example: 2.3

ClientValue: deprecated.

EAS_BLOCK_ANDROID_ROOTE Whether to take an action when Value: true or false

D MobileIron detects an Android
device that has been rooted. ClientValue: deprecated.

EAS_BLOCK_IOS_DEVICE_MD Whether to take an action when Value: true or false

M_DEACTIVE MobileIron detects that the MDM
profile has been removed from an ClientValue: deprecated.
iOS device.
EAS_BLOCK_IPHONE_DATA_E Whether to take an action when Value: true or false
NC
data encryption is disabled on an
ClientValue: deprecated.
iOS device.

143
MobileIron Confidential
Security policy rule <type> field Description Values

EAS_BLOCK_IPHONE_HW Whether to take an action for Value:

particular iOS device models that
the administrator has specified as false – No devices are
disallowed. disallowed.

Disallowed devices are specified

in a comma-separated list of
numbers. The numbers are:

1 – iPhone, original version

2 – iPhone 3G

3 – iPhone 3GS

4 – iPod touch, 1st gen

5 – iPod touch, 2nd gen

6 – iPod touch, 3rd gen

7 – iPad

16 – iPhone 4

18 – iPod touch, 4th gen

22 – iPad 2

28 – iPhone 4s

ClientValue: deprecated.

EAS_BLOCK_IPHONE_JAILBR Whether an iOS device has been Value:

OKEN compromised (jailbroken).
true – the device has been
compromised.

false – the device has not been

compromised.

ClientValue: deprecated.

144
MobileIron Confidential
Security policy rule <type> field Description Values

EAS_BLOCK_IPHONE_OS The iOS version below which Value: An iOS version number.
MobileIron takes an action.
Example: 3.0

ClientValue: deprecated.

EAS_BLOCK_OOC_DAYS The number of days a device Value: A number.

cannot connect to MobileIron
before MobileIron takes an action. ClientValue: deprecated.

EAS_BLOCK_POLICY_DAYS The specified number of days after Value: A number.

which MobileIron takes an action
when it detects that a device has ClientValue: deprecated.
not met policy requirements.

SEC_NCA_ANDROID_DATA_EN The action to take when data Value:

C encryption is disabled on an
Android device. 0 – No action.

1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

145
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_ANDROID_DEVICE_ The action to take when the device Value:

ADMIN_DEACTIVE administrator is removed from an
Android device. 0 – No action.

1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

146
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_ANDROID_ROOTED The action to take when an Android Value:

device that has
been “rooted,” that is, root access 0 – No action.
has been given to an app. A rooted
Android device is also called 1 – Send alert.
compromised.
2 – Block ActiveSync and send
alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

147
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_ANDROID_SW The action to take when the Value:

version of Android on a device is
less than a specified version. 0 – No action.

1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

148
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_APP_CONTROL The action to take when a device Value:

has violated app control rules.
No value – No action.

1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

149
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_IOS_DATA_ENC The action to take when data Value:

encryption is disabled on an iOS
device. 0 – No action.

1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

150
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_IOS_HW The action to take when an iOS Value:

device is disallowed.
See EAS_BLOCK_IPHONE_HW for 0 – No action.
the list of disallowed devices.
1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

151
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_IOS_JAILBROKEN The action to take when an iOS Value:

device has been compromised
(jailbroken). 0 – No action.

1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

152
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_IOS_MDM_DEACTIV The action to take when Value:

E MobileIron detects that the MDM
profile has been removed from an 0 – No action.
iOS device.
1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

153
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_IOS_SW The action to take when the iOS Value:

version is below a specified level.
0 – No action.

1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive numbers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned a
number to the action when the
MobileIron Core administrator
created the action.

ClientValue: deprecated.

154
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_OOC_DAYS The action to take when the device Value:

has not connected to MobileIron in
a specified number of days. 0 – No action.

1 – Send alert.

2 – Block ActiveSync and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

155
MobileIron Confidential
Security policy rule <type> field Description Values

SEC_NCA_POLICY_DAYS The action to take when Value:

MobileIron detects that a device
has not met policy requirements 0 – No action.
for the specified number of days.
1 – Send alert.

2 – Block ActiveSynch and send

alert.

Other positive integers –

Corresponds to a compliance
action the MobileIron Core
administrator created to disable
or quarantine the device.
MobileIron Core assigned an
integer value to the action when
the MobileIron Core
administrator created the
action.

ClientValue: deprecated.

SECURITY_AV_BLOCK_DEVIC Whether to run anti-virus scanning Value: off

ES on the files of the device.
ClientValue: deprecated.
Applicable only to Blackberry
devices.

156
MobileIron Confidential
Security policy rule <type> field Description Values

SECURITY_BLACK_WHITE_BM A list of App Control Rules of type A comma-separated list of

W_ACLS Allowed or Disallowed that are numbers that correspond to App
enabled in the security policy. The Control Rules. MobileIron Core
type Allowed (white-listed) or
assigned a number to the App
Disallowed (black-listed) is
specified by the value of Control Rule when the
SECURITY_BLACK_WHITE_BMW_O MobileIron Core administrator
PTION. created the rule. The list can be
empty.

For example:

3,6

ClientValue: deprecated.

SECURITY_BLACK_WHITE_BM Whether App Control Rules listed in Value:

W_OPTION SECURITY_BLACK_WHITE_BMW_A
CLS are of type Allowed (white- WHITE – the App Control Rules
listed) or Disallowed (black-listed). are of type Allowed.

BLACK – the App Control Rules

are of type Disallowed.

ClientValue: deprecated.

SECURITY_ENCRYPT_DATA_T Whether the policy requires data Contains a <resourceDTOs>

YPE encryption for each of these data element for each data type.
types: Email, PIM, and documents.
<resourceDTOs>
<name>PIM</name>
<resourceType>PIM</resourceType>
<value>on</value>
</resourceDTOs>

Possible values for <name> and

<resourceType>: Email, PIM,
MY_DOCUMENTS.

Possible values for <value>: on,

off.

157
MobileIron Confidential
Security policy rule <type> field Description Values

SECURITY_ENCRYPT_DEVICE Whether the security policy Value:

requires device encryption.
on – Device encryption is
required.

off – Device encryption is not

required.

ClientValue: deprecated.

SECURITY_ENCRYPT_FILE_T Specifies which file types require A <resourceDTOs> element is

YPE data encryption. The possible file specified for each of .doc, .xls,
types are .doc, .xls, .pdf, .txt, media .pdf, .txt. and media files.
files, and others specified by the
administrator. The <name> and
<resourceType> field values of
each <resourceDTOs> element
is either doc, xls, pdf, txt,
MEDIA_FILES, or
OTHER_FILE_TYPES.

The <value> field of each

<resourceDTOs> element except
OTHER_FILE_TYPES is either on
or off.

The <value> field of each the

OTHER_FILE_TYPE
<resourceDTOs> element is a
space-separated list of other file
types.

ClientValue: deprecated.

158
MobileIron Confidential
Security policy rule <type> field Description Values

SECURITY_ENCRYPT_SDCARD Whether SD card encryption is Value:

required on the device.
on – SD card encryption
required.

off – SD card encryption not

required.

ClientValue: deprecated.

SECURITY_GRACE_PERIOD The period of time during which Value: The number of minutes.
the user is still able to enter the
correct password after the device ClientValue: deprecated.
has been locked.
Note that this field is applicable
only if the password is
mandatory, the maximum
inactivity timeout is 0, and the
device is an iOS device.

SECURITY_INACTIVITY_TIM The maximum amount of time Value:

EOUT to allow as an inactivity timeout.
A string describing the time.
Possible values are:

0 minute
1 minute
2 minutes
3 minutes
4 minutes
5 minutes
15 minutes
30 minutes
1 hour
1.5 hours
2 hours
12 hours
24 hours

ClientValue: deprecated.

159
MobileIron Confidential
Security policy rule <type> field Description Values

SECURITY_MANDATORY_BMW_ The list of App Control Rules of A comma-separated list of

ACLS type Required that are enabled in numbers that correspond to App
the security policy. Control Rules of type Required.
MobileIron Core assigned a
number to the App Control Rule
when the MobileIron Core
administrator created the rule.
The list can be empty.

For example:

3,6

ClientValue: deprecated.

SECURITY_PWD_HISTORY The number of passwords Value: A number

remembered to ensure that users
define a different password. ClientValue: deprecated.

Note that this field is applicable

only if the password is
mandatory.

SECURITY_PWD_LENGTH The minimum length for the Value: A number

password.
ClientValue: deprecated.

Note that this field is applicable

only if the password is
mandatory.

SECURITY_PWD_MAX_AGE The numbers of days after which Value: The number of days.
the password will expire. 0
indicates no limit. ClientValue: deprecated.

160
MobileIron Confidential
Security policy rule <type> field Description Values

SECURITY_PWD_MAX_FAILED The maximum number of times the Value: A number.

_ATTEMPTS user can enter an incorrect
password before the device is ClientValue: deprecated.
wiped.
Note that this field is applicable
only if the password is
mandatory.

SECURITY_PWD_MIN_COMPLE The minimum number of special Value: A number

X_CHAR characters that must be included in
a password. ClientValue: deprecated.

SECURITY_PWD_TYPE Whether a mandatory password Value:

should be simple numeric input, be
restricted to alphanumeric alphanumeric - restricted to
characters, or neither (that is, alphanumeric characters.
Don’t Care).
simple - restricted to simple
numeric characters.

simple,alphanumeric -
restricted to either simple or
alphanumeric characters.

nc – no restrictions apply to the

password characters.

ClientValue: deprecated.

Note that this field is applicable

only if the password is
mandatory.

SECURITY_QUARANTINE_DEV Deprecated. Deprecated.

ICES

161
MobileIron Confidential
Security policy rule <type> field Description Values

SECURITY_REQUIRE_PWD Whether the user must enter a Value:

password before being able to
access the device. on – a password is mandatory

off – a password is optional

ClientValue: deprecated.

SECURITY_REQUIRE_VPN Deprecated. Deprecated.

SECURITY_VPN_PROFILE Deprecated. Deprecated.

SECURITY_WIPE The number of days before Value: A number.

removing all data from the device if
the MobileIron Client does not ClientValue: deprecated.
connect to the MobileIron Server.

11.4.2 Lockdown policy rules

The following table shows the rules for lockdown policies, listed alphabetically by the name of the
<type> field.

Note: Not all the lockdown rules apply to all device types.

For information about lockdown policies, see the MobileIron® Administration Guide.

Lockdown policy rule Description Values

<type> field

LOCKDOWN_BLUETOO Whether Bluetooth should be disabled in on – Bluetooth audio and data

TH the event that device access must be should not be disabled.
restricted.
audio - Bluetooth audio should
not be disabled, but Bluetooth data
should be disabled.

off – Bluetooth audio and data

should be disabled.

ClientValue: deprecated.

162
MobileIron Confidential
Lockdown policy rule Description Values
<type> field

LOCKDOWN_CAMERA Whether the camera should be disabled in on – the camera should not be
the event that device access must be disabled.
restricted.
off – the camera should be
disabled.

ClientValue: deprecated.

LOCKDOWN_IRDA Whether infrared should be disabled in on – infrared should not be

the event that device access must be disabled.
restricted.
off – infrared should be disabled.

ClientValue: deprecated.

LOCKDOWN_SDCARD Whether the SD card should be disabled in on – the SD card should not be
the event that device access must be disabled.
restricted.
off – the SD card should be
disabled.

ClientValue: deprecated.

LOCKDOWN_WIFI Whether WIFI should be disabled in the on – WIFI should not be disabled.
event that device access must be
restricted. off – WIFI should be disabled.

ClientValue: deprecated.

11.4.3 Sync policy rules

The following table shows the rules for sync policies, listed alphabetically by the name of the <type>
field..

Note: Not all the sync rules apply to all device types.

For information about sync policies, see the MobileIron® Administration Guide.

163
MobileIron Confidential
Sync policy rule <type> field Description Values

SYNC_ALWAYS_CONNECTED Whether the MobileIron client app on – Remain connected.

should remain connected to
MobileIron Core during the sync off – Do not remain connected.
interval.
ClientValue: deprecated.

SYNC_APN_HOME_NETWORK Whether an Access Point Name on – Use an APN connection type.

(APN) connection type should be
used in a Blackberry’s home off – Do not use an APN
network. connection type.

ClientValue: deprecated.

SYNC_APN_ROAMING_NETWO Whether an Access Point Name on – Use an APN connection type.

RK (APN) connection type should be
used in a Blackberry’s roaming off – Do not use an APN
network. connection type.

ClientValue: deprecated.

SYNC_BIS_HOME_NETWORK Whether a Blackberry Internet on – Use a BIS connection type.

Service (BIS) connection type
should be used in a Blackberry’s off – Do not use a BIS connection
home network. type.

ClientValue: deprecated.

SYNC_BIS_ROAMING_NETWO Whether a Blackberry Internet on – Use a BIS connection type.

RK Service (BIS) connection type
should be used in a Blackberry’s off – Do not use a BIS connection
roaming network. type.

ClientValue: deprecated.

164
MobileIron Confidential
Sync policy rule <type> field Description Values

SYNC_BLOCK_WHEN_ROAMIN Whether to synch when the device on – Synchronization of all

G is roaming. activity and content occurs even
when roaming.

mai – Synchronization of only

voice, SMS, and data traffic occurs
when roaming.

roamingStatus –
Synchronization is blocked when
roaming. Sync only new country
notification when roaming.

off – Synchronization of all

activity and content is blocked
when roaming.

ClientValue: deprecated.

SYNC_FULL_BG_MODE Deprecated. Deprecated.

SYNC_HEARTBEAT_INTERVA The maximum amount of time that A number in minutes.
L the MobileIron client app will wait
before sending a request to the For example:
MobileIron server to confirm that
the client and server are 14
connected.
ClientValue: deprecated.

SYNC_INTERVAL The frequency for starting A number in minutes.

the synchronization process
between the device and the For example: 240
MobileIron server.
ClientValue: deprecated.

SYNC_MIN_BATTERY_POWER The percentage of battery power at A number.

which to synchronize files between
the device and the MobileIron For example:
Server.
20

165
MobileIron Confidential
Sync policy rule <type> field Description Values

SYNC_MIN_FILE_UPLOAD_B The minimum battery level A percentage.

ATTERY_POWER (%) to use for writing data from the
device to MobileIron Core during For example:
the synchronization process.
60

ClientValue: deprecated.

SYNC_MULTITASK_INVERVA The minimum duration between A number in minutes.

L attempts to send iOS device details
to MobileIron Core. For example:

15

ClientValue: deprecated.

SYNC_REQUIRE_TLS Whether to use Transport on – Using TLS is required.

Layer Security for interactions
between MobileIron Core and the off – Using TLS is not required.
MobileIron client app on the
device. ClientValue: deprecated.

SYNC_SDCARD Whether to include files from on – Include files from

removable storage devices, such as removable storage.
SD cards, when synchronizing files
between the device and MobileIron off – do not include files from
Core. removable storage.

ClientValue: deprecated.

SYNC_SERVERIP The IP address or host name of For example:

MobileIron Core that
the MobileIron client someServerName.mydomain
communicates with. .com

ClientValue: deprecated.

11.4.4 Privacy policy rules

The following table shows the rules for privacy policies, listed alphabetically by the name of the <type>
field..

166
MobileIron Confidential
Not all the privacy rules apply to all device types.

For information about privacy policies, see the MobileIron® Administration Guide.

Privacy policy rule <type> field Description Values

PRIVACY_APP_MULTITASK Whether the iOS MobileIron on – Periodically wakes up.

client periodically performs
functions without user off – Does not periodically wake up.
interaction.
ClientValue: deprecated.

PRIVACY_EXCLUDE_DIR The file folders that are Contains a <resourceDTOs>

excluded from element for each excluded folder.
synchronization.
For example:

<resourceDTOs>
<name> /Windows</name>
resourceType>DIR</resourceType>
<value>on</value>
</resourceDTOs>

<name> - lists the excluded

directory.

<resourceType> - always has

value DIR.

<value> - always has value on.

PRIVACY_LOG_APP_ACTIVITY Deprecated. Deprecated.

PRIVACY_LOG_FILE_ACTIVIT Deprecated. Deprecated.

Y

PRIVACY_LOG_WEBSITE_ACTI Deprecated. Deprecated.

VITY

PRIVACY_SYNC_APPS Whether to sync information track – Sync apps.

about the installed apps.
off – Do not sync apps.

ClientValue: deprecated.

PRIVACY_SYNC_BOOKMARKS Deprecated. Deprecated.

167
MobileIron Confidential
Privacy policy rule <type> field Description Values

PRIVACY_SYNC_CALLLOGS Whether to collect statistics store – Collect voice call statistics.

on voice calls.
off – Do not collect voice call
statistics.

ClientValue: deprecated.

PRIVACY_SYNC_CONTACTS Whether to sync contacts. store – Sync contacts.

off – Do not sync contacts.

ClientValue: deprecated.

PRIVACY_SYNC_DATA_LOG Whether to sync data traffic track – Sync data traffic.

statistics.
off - Do not sync data traffic.

PRIVACY_SYNC_DOCUMENTS Whether to sync documents. store – Sync documents.

off – Do not sync documents.

ClientValue: deprecated.

PRIVACY_SYNC_LOCATION Whether to sync the location celltower – Sync cell tower

to the cell tower, the device’s data.
GPS position, or not at all.
gps – Sync GPS data.

off – Do not sync location data.

PRIVACY_SYNC_MUSIC Whether to sync music files. store – Sync music files.

off – Do not sync music files.

ClientValue: deprecated.

168
MobileIron Confidential
Privacy policy rule <type> field Description Values

PRIVACY_SYNC_OTHER_MEDIA Whether to sync other files The file extensions of the types of
not specified by other privacy files not to sync, as a comma-
settings. separated list. For example:

ram,wav

No <value> element means sync

files of all types not specified by
other privacy settings.

PRIVACY_SYNC_PICTURES Whether to sync pictures. store – Sync pictures.

off – Do not sync pictures.

ClientValue: deprecated.

PRIVACY_SYNC_SMSLOGS Whether to collect SMS track – Collect SMS statistics.

statistics, collect SMS
statistics and store SMS data store – Collect SMS statistics and
on the MobileIron server, or store SMS data.
do neither.
off – Do not collect SMS statistics or
store SMS data.

ClientValue: deprecated.

PRIVACY_SYNC_VIDEO Whether to sync video files. store – Sync video files.

off – Do not sync video files.

ClientValue: deprecated.

169
MobileIron Confidential
12 Application Settings
12.1 Get all Application Settings
This API returns the list of all application settings across all devices in the MobileIron system.

Example:

https://mycore.mobileiron.com/api/v1/appsettings

URI: Returns list of all appsettings.

https://{host-name}/api/v1/appsettings
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Request:
type This will allow the user to filter
the Application settings by type.
Application settings types -
EXCHANGE, WIFI, BOOKMARK,
EMAIL, VPN, GENERAL, CALDAV,
SUBCAL, WEBCLIP, SCEP, APN,
RESTRICTION, CERTIFICATE,
MDM, PROVISIONING, CARDDAV,
CONFIGURATION, OTHER

Note: SCEP is the type used for

all Certificate Enrollment
settings.
Response:
<appSettingsWebServiceResponse>
<messages>
<message> 1 application settting(s) returned.</message> Status Message.
Appsettings count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
170
MobileIron Confidential
<appsettings>
<appsetting id="-4">
<name> System - iOS MDM CA Certificate</name> Application setting name.
<description>This CA Certificate is distributed in Description.
conjunction with the system MDM profile. It is the certificate that
the mobile device will trust for the purpose of accepting OTA MDM
requests.</description>
<appType>CERTIFICATE</appType> Application type
<deviceCount>2</deviceCount> Number of devices for which the
app setting is applied.
<pendingCount>1</pendingCount> Number of devices for which the
app setting is pending.
<quarantinedCount>0</quarantinedCount> The number of devices that have
had the corresponding
configuration (i.e., profile)
removed due to policy violations.
<type>SYSTEM</type> System or Admin generated.
<clearCertificateCacheForSCEPSetting>false</clearCertificateCacheF Not currently used.
orSCEPSetting>
<labels>-4</labels> The ID of a label to which this
app setting is assigned. This entry
appears once for each label to
which the app setting is assigned.
<labelNames>iOS</labelNames> The displayed name of a label to
which this app setting is assigned.
This entry appears once for each
label to which the app setting is
assigned.
<properties> Configuration properties for the
appsetting
<entry>
<key>CERT_SERIAL_NUMBER0</key>
<value>10863527040561121251</value>
</entry>
<entry>
<key>CERTPATH0</key>

<value>/mi/files/groups/9002/99415d0e64ca8708/b34aab3122e34
10e98a2ef5a078806ce</value>
</entry>
…. Can have multiple entries.
</properties>
</appsetting>
171
MobileIron Confidential
 </appsettings>
</appSettingsWebServiceResponse>

12.2 Get Application Settings by Device UUID

This API returns the list of all application settings for a given device uuid in the MobileIron system.

Example:

https://mycore.mobileiron.com/api/v1/appsettings/devices/12849438-0d74-3c30-
6b7d-121a3da8645d

URI: Returns list of all appsettings by

https://{host-name}/api/v1/appsettings/devices/{deviceuuid} device uuid.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Response:
<appSettingsWebServiceResponse>
<messages>
<message> 1 application settting(s) returned.</message> Status Message.
Appsettings count is shown if the
method execution is successful.
A descriptive error message is
shown if the method execution
failed.
</messages>
<appsettings>
<appsetting id="-4">
<name> System - iOS MDM CA Certificate</name> Application setting name.
<description>This CA Certificate is distributed in Description.
conjunction with the system MDM profile. It is the certificate that
the mobile device will trust for the purpose of accepting OTA MDM
requests.</description>
<appType>CERTIFICATE</appType> Application type
<deviceCount>0</deviceCount> This field is not applicable for this
request.
<pendingCount>0</pendingCount> This field is not applicable for this
request.
<type>SYSTEM</type> System or Admin generated.
172
MobileIron Confidential
<clearCertificateCacheForSCEPSetting>false</clearCertificateCacheF
orSCEPSetting>
<properties> Configuration properties for the
appsetting
<entry>
<key>CERT_SERIAL_NUMBER0</key>
<value>10863527040561121251</value>
</entry>
<entry>
<key>CERTPATH0</key>

<value>/mi/files/groups/9002/99415d0e64ca8708/b34aab3122e34
10e98a2ef5a078806ce</value>
</entry>
…. Can have mulitiple entires.
</properties>
</appsetting>
</appsettings>
</appSettingsWebServiceResponse>

13 AppConnect for iOS and Android Analytics

13.1 Get Analytics for AppConnect Apps
This API returns a ZIP file that contains AppConnect analytics for a specified AppConnect app. The ZIP file
contains CSV files, one for each device on which the AppConnect app has run. Each CSV file provides
statistics about AppConnect app usage on a device.

The ZIP file has the following folder structure:

<app ID>
<first device ID>
CSV file
version.txt file
<second device ID>
CSV file
version.txt file

173
MobileIron Confidential
Each CSV file contains one row per app session. Each row contains:

• the start time of the foreground session, given in seconds since January 1, 1970 (Unix time).

Example: 1381268056367

• the duration of the session, given in seconds

Example: 35

• the timezone where the session occurred, given in minutes from Greenwich Mean Time.

Example for Pacific Daylight Time: -420

• the number of bytes the app transferred during the session (under construction)

Each version.txt file contains the version number of the AppConnect app.

Examples:

https://mycore.mobileiron.com/api/v1/apps/appconnect/analytics?appid=com.myco
mpany.myapp

URI: Returns ZIP file containing usage

https://{host-name}/api/v1/apps/appconnect/analytics statistics for the specified app.
Http Method: GET
Format: xml, json

Response Status Code:

‘404 – No Data Found’ There is no data.
‘200 – OK’ Data is present and the response
is returned.
Request:
appid Required.

The app ID of the AppConnect

app for which you want the
analytics CSV files.

For iOS AppConnect apps, the

app ID is the bundle ID. For
Android AppConnect apps, it is
the package name.
174
MobileIron Confidential
14 Testing from a browser
If you use a browser to send one of the web services HTTP requests, URL encode the requests. For
example, replace any white space with %20. For a plus sign (+), use %2B. For example, URL-encode
Email+ as Email%2B.

For details about URL-encoding, see http://www.w3schools.com/tags/ref_urlencode.asp.

15 Test Client
A sample http test client implemented in Java is provided below. You can access this client on the
MobileIron support site: https://support.mobileiron.com/support/clients/mobileiron-api-httpclient.zip.

1. Unzip the file, mobileiron-api-httpclient.zip . Below is the directory structure of the test client.

client
|-- pom.xml
`-- src
|-- main
| |-- java
| | `-- com
| | `-- mobileiron
| | |-- rs
| | | `-- client
| | `-- ws
| | `-- client
| | `-- http
| | |-- AlertWebServiceHttpClient.java
| | |-- AppStoreWebServiceHttpClient.java
| | |-- DMWebServiceHttpClient.java
| | |-- EASWebServiceHttpClient.java
| | |-- MAIWebServiceHttpClient.java
| | |-- SMWebServiceHttpClient.java
| | `-- WebServiceHttpClientBase.java
| `-- resources
| |-- applicationContext-miws-client.xml
| |-- miws-client.properties
| `-- miws-v1.wadl
`-- test
|-- java
| `-- com
| `-- mobileiron
| |-- rs
| `-- ws
| `-- client
| `-- http
| `-- WebServiceHttpClientTest.java
175
MobileIron Confidential
 `-- resources
`-- log4j.xml

2. Edit the properties in miws-client.properties under src/main/resources.

webservice.hostname=<your mobileiron appliance host name or IP

Address>
webservice.url=/api
webservice.version=/v1
user name who has the ‘API’ role assigned. See Chapter- 2
Authentication
webservice.username=miadmin
Password of the above user.
webservice.password=<password>

3. Change directory to client and execute maven to build and run the test client.

cd client
mvn clean install

The above mvn command will do a clean build and execute the test client. The output of the tests
are printed on the console and to a file named miws-test.log in the ‘client’ directory.

16 Change Log
16.1 Changes made for February 26, 2016 version of document
The following change was made to this document. This version of the document is for MobileIron Core
9.0:

• Added note that some v1 APIs are being deprecated and replaced by v2 API counterparts.

16.2 Changes made for February 9, 2016 version of document

The following change was made to this document. This version of the document is for MobileIron Core
8.5.

• Added instructions for url-encoding the plus sign (+).

16.3 Changes made for October 29, 2015 version of document

The following changes were made to this document. This version of the document is for MobileIron Core
8.5.

• Removed the <platformType> return field for all GET /api/v1/dm/devices-related calls.

176
MobileIron Confidential
16.4 Changes made for July 1, 2015 version of document
The following changes were made to this document. This version of the document is for MobileIron Core
8.0.

• The password for users must be between 8 and 20 characters. See 7.1 Update Password for a
User and 7.7 Authenticate a User.
• Certificate Enrollment settings have the type SCEP in 11.1 Get all Application Settings.
• Updated Windows terminology to Windows devices and Windows Phone devices.
• Changed app distribution library to App Catalog.

16.5 Changes made for May 6, 2015 version of document

The following changes were made to this document. This version of the document is for MobileIron Core
7.5.1.

• Added compliance code 0x08000 (Logged Out) to 5.2 Compliance, quarantinedStatus, and
blockReason values.

16.6 Changes made for March 19, 2015 version of document

The following changes were made to this document. This version of the document is for MobileIron Core
7.5.1.

• Added “Get Profiles for a Device”.

• Added “Re-push Profiles for a Device”.

16.7 Changes made for November 17, 2014 version of document

The following changes were made to this document. This version of the document is for MobileIron Core
7.5.

• Corrected response field name from appId to bundle in 9.1 Get Application Inventory.
• Corrected version field description in 9.1 Get Application Inventory.
• Added fields longVersion, shortVersion, versionInt, and appVersion in 9.1 Get Application
Inventory.
• The parameter UpdatedWithin does not return Windows devices in 5.3 Get Devices by Status.

16.8 Changes made for August 19, 2014 version of document

The following changes were made to this document. This version of the document is for MobileIron Core
7.0.

177
MobileIron Confidential
 • Corrected parameters and their values and descriptions in 9.4 Add Application to the App
Storefront.
• Updated 7.1 Update Password for a User and 7.7 Authenticate a User to include sensitive query
parameters in HTTP request body.

16.9 Changes made for June 18, 2014 version of document

The following changes were made to this document since the May 28, 2013 version of this document,
which was for MobileIron Core 6.0. This version is for MobileIron Core 7.0.

• Added 9.8 Get all apps for a platform type in App Catalog.
• Added 9.9 Associate or dissociate a category with an app.
• Added 9.10 Add a new app category.
• Added 9.11 Rename an app category.
• Changed the term VSP to MobileIron Core or just Core.
• Removed references to WinMo and Symbian, which MobileIron Core no longer supports.
• Added Registered On to the list of fields exported in 5.3.4 Exporting Device Information to a
CSV.
• Added list of platform values in responses to 9.1 Get Application Inventory and 9.2 Get Device
Application Inventory.

16.10 Changes made for May 28, 2014 version of document

The following changes were made in response to requests for additional or corrected information.

• Obsolete Mobile Activity Intelligence material was removed.

• The decimal value for a quarantine status was corrected.
• An example in the Get Devices by Status section was clarified.
• Obsolete information was removed from the Retire Device section.
• The call required for sending bulk push notification messages was clarified.
• EAS calls were clarified and detail was added.
• The Search LDAP Users example was corrected to include the userid parameter.

16.11 Changes made for Dec 19, 2013 version of document

The following changes were made to this document since the August 14, 2013 version of this document,
which was for VSP 5.7.1. This version is for VSP 5.9.

• Added 9.6 Get all app categories.

• Added 9.7 Delete an app category.
• Changed 12 AppConnect for iOS and Android Analytics
178
MobileIron Confidential
 179
MobileIron Confidential