Retrieve enrollment token details

GET

/v1/organizations/:organizationId/mdm/apple/enterprise/enrollment-tokens/:admEnrollmentTokenId

Retrieve enrollment token details

Required Permission: mdm.apple.enrollmentToken.get

Retrieves detailed configuration and status information for a specific enrollment token by identifier.

Request

Add parameter in header authorization

Example: Authorization: Bearer <token>

organizationId string

required

Match pattern: ^(([a-fA-F0-9]{24})|([a-zA-Z0-9\\-]{3,}))$

admEnrollmentTokenId string

required

Unique identifier for Apple enrollment token credentials within organizational MDM deployment system.

Match pattern: ^[a-fA-F0-9]{24}$

Responses

200 Response application/json

status boolean optional

data object optional

id string optional

Unique identifier for Apple enrollment token credentials within organizational MDM deployment system.

Match pattern: ^[a-fA-F0-9]{24}$

organization string optional

Unique identifier for organization managing Apple enrollment tokens and device registration workflows.

Match pattern: ^[a-fA-F0-9]{24}$

admEnterprise string optional

Apple Device Management enterprise identifier linking enrollment token to MDM server configuration.

Match pattern: ^[a-fA-F0-9]{24}$

admDevice string optional

Apple device identifier for enrollment token once device completes registration using token credentials.

Match pattern: ^[a-fA-F0-9]{24}$

mdmUser object optional

MDM user information associating enrollment token with specific user for device ownership tracking.

id string optional

MDM user unique identifier linking enrollment token to specific user account for device assignment.

Match pattern: ^[a-fA-F0-9]{24}$

email string optional

User email address for enrollment token recipient receiving device registration instructions and credentials.

≤ 128 characters

displayName string optional

Human-readable enrollment token name for identification and organization in administrative interfaces.

≤ 128 characters

tags array [string] optional

Classification tags for organizing and filtering enrollment tokens by department, device type, or purpose.

state string optional

Enrollment token lifecycle status indicating availability, usage, expiration, or deletion state.

PENDING DONE DELETED EXPIRED

config object optional

Token configuration object containing device setup parameters and enrollment-specific settings.

enroll object optional

Enrollment metadata containing token expiration and configuration signing status for device registration.

serverExpirationDate string optional

Timestamp when enrollment token expires and becomes invalid for device registration workflows.

Format: date-time

mobileConfigSigned boolean optional

Flag indicating whether mobile configuration profile is cryptographically signed for security verification.

type string optional

Enrollment token type classification defining registration method or device ownership model.

≤ 128 characters

subType string optional

Enrollment token subtype providing additional categorization for specialized registration workflows.

≤ 128 characters

updatedAt string optional

Timestamp indicating when enrollment token configuration was last modified or synchronized.

Format: date-time

createdAt string optional

Timestamp indicating when enrollment token credentials were initially generated in system.

Format: date-time

expireAt string optional

Timestamp defining enrollment token expiration deadline after which registration attempts will fail.

Format: date-time

enrollmentLink string optional

Direct URL for device enrollment combining token credentials and configuration for simplified registration workflow.

≤ 500 characters

enrollCode string optional

Short alphanumeric enrollment code for manual token entry during device setup process.

≤ 128 characters

admPolicy object optional

Apple Device Management policy configuration object defining device restrictions and security settings.

id string optional

Unique Apple device policy identifier used to track configuration rules and security settings throughout lifecycle.

Match pattern: ^[a-fA-F0-9]{24}$

organization string optional

Organization identifier owning this Apple device policy and managing enrolled iOS iPadOS and macOS devices.

Match pattern: ^[a-fA-F0-9]{24}$

admEnterprise string optional

Apple enterprise account identifier linked to Apple Business Manager or Apple School Manager for device management.

Match pattern: ^[a-fA-F0-9]{24}$

targetType string optional

Policy application scope defining whether configurations apply to entire device or device user context only.

device deviceUser

attachedProfile object optional

Automatically attached configuration profile containing essential MDM settings applied independently of policy assignments and priorities.

name string optional

Human-readable policy name displayed in dashboard for administrative identification and organizational purposes throughout device management.

≤ 256 characters

profiles array [object] optional

List of Apple configuration profiles containing device restrictions security settings and feature configurations applied by policy.

id string optional

Match pattern: ^[a-fA-F0-9]{24}$

organization string optional

Match pattern: ^[a-fA-F0-9]{24}$

admEnterprise string optional

Match pattern: ^[a-fA-F0-9]{24}$

admPolicy string optional

Match pattern: ^[a-fA-F0-9]{24}$

targetType string optional

device deviceUser

name string optional

≤ 256 characters

config object optional

certificates array [object] optional

mdmAssetId string optional

Match pattern: ^[a-fA-F0-9]{24}$

format object optional

location string optional

≤ 256 characters

password string optional

≤ 256 characters

allowAllAppsAccess boolean optional

keyIsExtractable boolean optional

type string optional

attached single

UUID string optional

≤ 128 characters

version integer optional

≥ 0

updatedAt string optional

Format: date-time

createdAt string optional

Format: date-time

assignedTo object optional

policies array [object] optional

devices array [object] optional

useCustomFileVaultCertificates boolean optional

parentAdmProfileId string optional

Match pattern: ^[a-fA-F0-9]{24}$

applications array [object] optional

List of application assignments defining managed apps with VPP licensing installation actions and configuration settings.

admApplication string required

Match pattern: ^[a-fA-F0-9]{24}$

managed boolean optional

vpp boolean optional

iOSApp boolean optional

configuration object optional

action string optional

forceInstall available requiredForSetup

actionStatus string optional

forceInstall available requiredForSetup available-install

scripts object optional

preInstall string optional

postInstall string optional

audit string optional

enforce string optional

runner string optional

updatePolicy object optional

applicationsInfo array [object] optional

Enriched application metadata including app names icons versions and store information for dashboard display purposes.

books array [object] optional

List of book assignments for distributing VPP-purchased books or PDF documents to managed Apple devices.

type string optional

asset store

id string optional

≤ 128 characters

booksInfo array [object] optional

Enriched book metadata including titles authors cover images and store information for dashboard display purposes.

scripts array [object] optional

List of script assignments for executing automated tasks compliance checks and configuration enforcement on macOS devices.

type string optional

once loop onDemand

id string optional

≤ 128 characters

loopTime integer optional

≥ 0

resetDate string optional

Format: date-time

arguments string optional

argumentsProcessed string optional

name string optional

≤ 256 characters

description string optional

≤ 500 characters

runner string optional

≤ 256 characters

scriptsInfo array [object] optional

Enriched script metadata including execution history last run timestamps and success rates for monitoring purposes.

bookmarks array [object] optional

List of bookmark assignments for deploying web application shortcuts and internal portal links to device home screens.

title string optional

≤ 256 characters

description string optional

≤ 500 characters

url string optional

≤ 500 characters

iconBase64 string optional

iconUrl string optional

≤ 500 characters

assets array [object] optional

List of asset assignments for deploying files certificates configuration data and resources to managed macOS devices.

mdmAssetId string optional

Match pattern: ^[a-fA-F0-9]{24}$

location string optional

≤ 256 characters

assetName string optional

≤ 256 characters

scope string optional

user system all-users

assetsInfo array [object] optional

Enriched asset metadata including file sizes deployment status and version information for monitoring and auditing purposes.

version integer optional

Policy version number incremented with each modification for tracking configuration changes and rollback capabilities.

≥ 0

updatedAt string optional

ISO timestamp of last policy modification for change tracking synchronization and audit trail purposes.

Format: date-time

createdAt string optional

ISO timestamp when policy was created in system for lifecycle tracking and compliance reporting purposes.

Format: date-time

agentConfiguration object optional

MDM agent behavior settings controlling location tracking app monitoring data collection and application enforcement actions.

allowLocation boolean optional

Flag enabling location tracking for iOS and iPadOS devices through MDM agent for geofencing and asset management.

allowLocationMacos boolean optional

Flag enabling location tracking for macOS devices through MDM agent requiring user privacy consent and system permissions.

allowPackageTime boolean optional

Flag enabling application usage time tracking for monitoring employee productivity and application license optimization purposes.

allowPackageTransfer boolean optional

Flag enabling network data transfer monitoring per application for bandwidth analysis and security threat detection.

allowDeviceInfoBatteryUsage boolean optional

Flag enabling battery usage statistics collection per application for power consumption analysis and device health monitoring.

allowDeviceInfoBluetooth boolean optional

Flag enabling Bluetooth device discovery and connection monitoring for peripheral inventory and security compliance tracking.

allowDeviceInfoSystemInfo boolean optional

Flag enabling comprehensive system information collection including hardware specifications OS versions and installed software inventory.

appBlacklist array [object] optional

List of unauthorized applications to block or remove from managed devices for security compliance and acceptable use enforcement.

bundleId string optional

Application bundle identifier matching installed app for blacklist enforcement on iOS iPadOS and macOS platforms.

≤ 256 characters

action string optional

Enforcement action defining whether to block app launch or automatically remove application from managed device.

block remove

segmentId integer optional

Segment identifier for scoping policy into an specific segment

≥ 0

admPolicyAssignments array [object] optional

Array of policy assignments with priority ordering applied to devices enrolled using this token.

admPolicyId string optional

Policy identifier for multi-policy assignment specifying device configuration and security requirements.

Match pattern: ^[a-fA-F0-9]{24}$

admPolicy object optional

Complete policy configuration object embedded for reference containing device restrictions and settings.

id string optional

Unique Apple device policy identifier used to track configuration rules and security settings throughout lifecycle.

Match pattern: ^[a-fA-F0-9]{24}$

organization string optional

Organization identifier owning this Apple device policy and managing enrolled iOS iPadOS and macOS devices.

Match pattern: ^[a-fA-F0-9]{24}$

admEnterprise string optional

Apple enterprise account identifier linked to Apple Business Manager or Apple School Manager for device management.

Match pattern: ^[a-fA-F0-9]{24}$

targetType string optional

Policy application scope defining whether configurations apply to entire device or device user context only.

device deviceUser

attachedProfile object optional

Automatically attached configuration profile containing essential MDM settings applied independently of policy assignments and priorities.

name string optional

Human-readable policy name displayed in dashboard for administrative identification and organizational purposes throughout device management.

≤ 256 characters

profiles array [object] optional

List of Apple configuration profiles containing device restrictions security settings and feature configurations applied by policy.

id string optional

Match pattern: ^[a-fA-F0-9]{24}$

organization string optional

Match pattern: ^[a-fA-F0-9]{24}$

admEnterprise string optional

Match pattern: ^[a-fA-F0-9]{24}$

admPolicy string optional

Match pattern: ^[a-fA-F0-9]{24}$

targetType string optional

device deviceUser

name string optional

≤ 256 characters

config object optional

certificates array [object] optional

type string optional

attached single

UUID string optional

≤ 128 characters

version integer optional

≥ 0

updatedAt string optional

Format: date-time

createdAt string optional

Format: date-time

assignedTo object optional

useCustomFileVaultCertificates boolean optional

parentAdmProfileId string optional

Match pattern: ^[a-fA-F0-9]{24}$

applications array [object] optional

List of application assignments defining managed apps with VPP licensing installation actions and configuration settings.

admApplication string required

Match pattern: ^[a-fA-F0-9]{24}$

managed boolean optional

vpp boolean optional

iOSApp boolean optional

configuration object optional

action string optional

forceInstall available requiredForSetup

actionStatus string optional

forceInstall available requiredForSetup available-install

scripts object optional

updatePolicy object optional

applicationsInfo array [object] optional

Enriched application metadata including app names icons versions and store information for dashboard display purposes.

books array [object] optional

List of book assignments for distributing VPP-purchased books or PDF documents to managed Apple devices.

type string optional

asset store

id string optional

≤ 128 characters

booksInfo array [object] optional

Enriched book metadata including titles authors cover images and store information for dashboard display purposes.

scripts array [object] optional

List of script assignments for executing automated tasks compliance checks and configuration enforcement on macOS devices.

type string optional

once loop onDemand

id string optional

≤ 128 characters

loopTime integer optional

≥ 0

resetDate string optional

Format: date-time

arguments string optional

argumentsProcessed string optional

name string optional

≤ 256 characters

description string optional

≤ 500 characters

runner string optional

≤ 256 characters

scriptsInfo array [object] optional

Enriched script metadata including execution history last run timestamps and success rates for monitoring purposes.

bookmarks array [object] optional

List of bookmark assignments for deploying web application shortcuts and internal portal links to device home screens.

title string optional

≤ 256 characters

description string optional

≤ 500 characters

url string optional

≤ 500 characters

iconBase64 string optional

iconUrl string optional

≤ 500 characters

assets array [object] optional

List of asset assignments for deploying files certificates configuration data and resources to managed macOS devices.

mdmAssetId string optional

Match pattern: ^[a-fA-F0-9]{24}$

location string optional

≤ 256 characters

assetName string optional

≤ 256 characters

scope string optional

user system all-users

assetsInfo array [object] optional

Enriched asset metadata including file sizes deployment status and version information for monitoring and auditing purposes.

version integer optional

Policy version number incremented with each modification for tracking configuration changes and rollback capabilities.

≥ 0

updatedAt string optional

ISO timestamp of last policy modification for change tracking synchronization and audit trail purposes.

Format: date-time

createdAt string optional

ISO timestamp when policy was created in system for lifecycle tracking and compliance reporting purposes.

Format: date-time

agentConfiguration object optional

MDM agent behavior settings controlling location tracking app monitoring data collection and application enforcement actions.

allowLocation boolean optional

Flag enabling location tracking for iOS and iPadOS devices through MDM agent for geofencing and asset management.

allowLocationMacos boolean optional

Flag enabling location tracking for macOS devices through MDM agent requiring user privacy consent and system permissions.

allowPackageTime boolean optional

Flag enabling application usage time tracking for monitoring employee productivity and application license optimization purposes.

allowPackageTransfer boolean optional

Flag enabling network data transfer monitoring per application for bandwidth analysis and security threat detection.

allowDeviceInfoBatteryUsage boolean optional

Flag enabling battery usage statistics collection per application for power consumption analysis and device health monitoring.

allowDeviceInfoBluetooth boolean optional

Flag enabling Bluetooth device discovery and connection monitoring for peripheral inventory and security compliance tracking.

allowDeviceInfoSystemInfo boolean optional

Flag enabling comprehensive system information collection including hardware specifications OS versions and installed software inventory.

appBlacklist array [object] optional

List of unauthorized applications to block or remove from managed devices for security compliance and acceptable use enforcement.

segmentId integer optional

Segment identifier for scoping policy into an specific segment

≥ 0

priority integer optional

Numeric priority value determining policy application order when multiple policies target same device.

≥ 0

admVppLocation object optional

Volume Purchase Program location metadata for automatic app assignment during device enrollment.

id string optional

Volume Purchase Program location unique identifier within Apple Business Manager organization.

Match pattern: ^[a-fA-F0-9]{24}$

name string optional

Human-readable VPP location name identifying app purchase and distribution settings.

≤ 256 characters

config object optional

VPP location configuration settings defining regional app purchasing and distribution parameters.

countryISO2ACode string optional

ISO 3166-1 alpha-2 country code defining VPP location regional app availability and pricing.

≤ 256 characters

defaultPlatform string optional

Default device platform type for VPP app purchases and license distribution.

≤ 256 characters

locationName string optional

VPP location identifier name registered in Apple Business Manager for app purchasing.

≤ 256 characters

summary object optional

Summary information providing quick access to enrollment token key metrics and expiration details.

expirationTimestamp string optional

Unix timestamp representation of enrollment token expiration for programmatic deadline calculation.

Format: date-time

profiles array [object] optional

Array of configuration profiles automatically installed on devices during enrollment using this token.

id string optional

Match pattern: ^[a-fA-F0-9]{24}$

organization string optional

Match pattern: ^[a-fA-F0-9]{24}$

admEnterprise string optional

Match pattern: ^[a-fA-F0-9]{24}$

admPolicy string optional

Match pattern: ^[a-fA-F0-9]{24}$

targetType string optional

device deviceUser

name string optional

≤ 256 characters

config object optional

certificates array [object] optional

mdmAssetId string optional

Match pattern: ^[a-fA-F0-9]{24}$

format object optional

uuid string optional

uuid

base64 string optional

base64

location string optional

≤ 256 characters

password string optional

≤ 256 characters

allowAllAppsAccess boolean optional

keyIsExtractable boolean optional

type string optional

attached single

UUID string optional

≤ 128 characters

version integer optional

≥ 0

updatedAt string optional

Format: date-time

createdAt string optional

Format: date-time

assignedTo object optional

policies array [object] optional

id string optional

Match pattern: ^[a-fA-F0-9]{24}$

name string optional

≤ 256 characters

devices array [object] optional

id string optional

Match pattern: ^[a-fA-F0-9]{24}$

displayName string optional

≤ 256 characters

useCustomFileVaultCertificates boolean optional

parentAdmProfileId string optional

Match pattern: ^[a-fA-F0-9]{24}$

applications array [object] optional

Array of application assignments automatically deployed to devices during enrollment using this token.

admApplication string required

Match pattern: ^[a-fA-F0-9]{24}$

managed boolean optional

vpp boolean optional

iOSApp boolean optional

configuration object optional

action string optional

forceInstall available requiredForSetup

actionStatus string optional

forceInstall available requiredForSetup available-install

scripts object optional

preInstall string optional

postInstall string optional

audit string optional

enforce string optional

runner string optional

updatePolicy object optional

sendEmail boolean optional

Flag enabling automatic enrollment notification email delivery to user with token credentials and instructions.

emailText string optional

Custom message text appended to enrollment notification email providing additional context or instructions.

configuration object optional

Enrollment configuration settings controlling device setup workflow behavior and user data collection.

skipPersonalInfo boolean optional

Flag bypassing personal information collection during enrollment for corporate-owned device registration.

segmentId integer optional

Segment identifier for scoping enrollment token into an specific segment

≥ 0

{
    "status": true,
    "data": {
        "id": "698f3bde457fafa13d088791",
        "organization": "698f3bde457fafa13d088791",
        "admEnterprise": "698f3bde457fafa13d088791",
        "admDevice": "698f3bde457fafa13d088791",
        "mdmUser": {
            "id": "698f3bde457fafa13d088791",
            "email": "[email protected]"
        },
        "displayName": "John Doe - iPhone 15 Pro",
        "tags": [
            "sales",
            "executive",
            "iphone"
        ],
        "state": "PENDING",
        "config": {},
        "enroll": {
            "serverExpirationDate": "2026-03-15T23: 59:59Z",
            "mobileConfigSigned": true
        },
        "type": "user",
        "subType": "standard",
        "updatedAt": "2026-02-10T14: 22:00Z",
        "createdAt": "2026-01-15T10: 30:00Z",
        "expireAt": "2026-02-20T10: 30:00Z",
        "enrollmentLink": "https://app.applivery.com/enroll/apple/ABC123DEF456",
        "enrollCode": "ABC123DEF",
        "admPolicy": null,
        "admPolicyAssignments": [
            {
                "admPolicyId": "698f3bde457fafa13d088791",
                "admPolicy": {},
                "priority": 10
            }
        ],
        "admVppLocation": {
            "id": "698f3bde457fafa13d088791",
            "name": "US Corporate VPP",
            "config": {
                "countryISO2ACode": "US",
                "defaultPlatform": "ios",
                "locationName": "US Corporate Location"
            }
        },
        "summary": {
            "expirationTimestamp": "2026-02-20T10: 30:00Z"
        },
        "profiles": [
            {
                "id": "string",
                "organization": "string",
                "admEnterprise": "string",
                "admPolicy": "string",
                "targetType": "device",
                "name": "string",
                "config": {},
                "certificates": [
                    {
                        "mdmAssetId": "string",
                        "format": {
                            "uuid": "uuid",
                            "base64": "base64"
                        },
                        "location": "string",
                        "password": "string",
                        "allowAllAppsAccess": true,
                        "keyIsExtractable": true
                    }
                ],
                "type": "attached",
                "UUID": "string",
                "version": 0,
                "updatedAt": "2024-01-01T00: 00:00Z",
                "createdAt": "2024-01-01T00: 00:00Z",
                "assignedTo": {
                    "policies": [
                        {
                            "id": "string",
                            "name": "string"
                        }
                    ],
                    "devices": [
                        {
                            "id": "string",
                            "displayName": "string"
                        }
                    ]
                },
                "useCustomFileVaultCertificates": true,
                "parentAdmProfileId": "string"
            }
        ],
        "applications": [
            {
                "admApplication": "string",
                "managed": true,
                "vpp": true,
                "iOSApp": true,
                "configuration": {},
                "action": "forceInstall",
                "actionStatus": "forceInstall",
                "scripts": {
                    "preInstall": "string",
                    "postInstall": "string",
                    "audit": "string",
                    "enforce": "string",
                    "runner": "string"
                },
                "updatePolicy": {}
            }
        ],
        "sendEmail": true,
        "emailText": "Please enroll your device by following the instructions in this email.",
        "configuration": {
            "skipPersonalInfo": true
        },
        "segmentId": "1"
    }
}

401 Response application/json

status boolean optional

false

error object optional

code number optional

4004

message string optional

Invalid Token

{
    "status": false,
    "error": {
        "code": 4002,
        "message": "No auth token"
    }
}

404 Response application/json

status boolean optional

false

error object optional

code number optional

3001

message string optional

Entity not found

{
    "status": false,
    "error": {
        "code": 3001,
        "message": "Entity not found"
    }
}