GET /organizations/:organizationId/mdm/windows/enterprise/enrollment-tokens

GET

https://api.applivery.io/v1/organizations/{organizationId}/mdm/windows/enterprise/enrollment-tokens

curl -X GET "https://api.applivery.io/v1/organizations/{organizationId}/mdm/windows/enterprise/enrollment-tokens" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

const response = await fetch("https://api.applivery.io/v1/organizations/{organizationId}/mdm/windows/enterprise/enrollment-tokens", {
  method: "GET",
  headers: {
    Authorization: "Bearer <YOUR_API_KEY>",
  },
});

const data = await response.json();

import requests

response = requests.get(
    "https://api.applivery.io/v1/organizations/{organizationId}/mdm/windows/enterprise/enrollment-tokens",
    headers={"Authorization": "Bearer <YOUR_API_KEY>"},
)

data = response.json()

Request

Send your API key in the request header authorization

Example: Authorization: Bearer <token>

organizationId string

required

Match pattern: ^(([a-fA-F0-9]{24})|([a-zA-Z0-9\\-]{3,}))$

page integer

optional

Page number for paginated results starting from 1 enabling efficient navigation through large token datasets reducing API response sizes and improving performance.

limit integer

optional

Maximum enrollment tokens returned per page controlling response size and enabling customized list views balancing data completeness against loading performance.

sort string

optional

Ordering criteria using a field-to-direction mapping to organize results based on specific attributes like creation date, name, or status.

Match pattern: ^[\w.]*((:asc)|(:desc))?$

mdm-user string

optional

MDM user identifier filtering token list to display only tokens associated with specific user enabling user-focused management and ownership tracking.

Match pattern: ^[a-fA-F0-9]{24}$

win-policy string

optional

Windows policy identifier filtering tokens to show only those assigning specified policy enabling policy-centric auditing and deployment verification workflows.

Match pattern: ^[a-fA-F0-9]{24}$

show-deleted boolean

optional

Include revoked tokens in query results when enabled revealing historical deletion actions and enabling recovery workflows or compliance auditing of removed tokens.

Responses

200 Response application/json

status boolean optional

data object optional

items array [object] optional

id string optional

Unique enrollment token identifier assigned at creation used throughout platform for referencing token in device registration workflows, admin interfaces, and audit logs.

Match pattern: ^[a-fA-F0-9]{24}$

organizationId string optional

Organization workspace owning this token determining access permissions, billing attribution, and device association enabling multi-tenant isolation and administrative boundaries.

Match pattern: ^[a-fA-F0-9]{24}$

winEnterpriseId string optional

Windows enterprise configuration defining MDM server endpoints, authentication certificates, and enrollment protocols governing device registration and management communication.

Match pattern: ^[a-fA-F0-9]{24}$

winDeviceId string optional

Windows device completing enrollment using this token establishing ownership relationship and enabling tracking which tokens provisioned which devices for audit purposes.

Match pattern: ^[a-fA-F0-9]{24}$

mdmUser object optional

MDM user account receiving token ownership establishing device responsibility, determining permission scope, and enabling user-specific policy application and communication.

displayName string optional

Human-readable token label appearing in administrative interfaces, email notifications, and management reports helping administrators identify token purpose and target users.

≤ 128 characters

tags array [string] optional

Classification tags automatically applied to enrolled devices enabling organizational grouping, policy targeting, and fleet segmentation for streamlined device management workflows.

state string optional

Token lifecycle status tracking usage and availability with PENDING indicating unused token, DONE after enrollment completion, DELETED when revoked, EXPIRED when time-limited validity elapsed.

PENDING DONE DELETED EXPIRED

config object optional

Platform-specific enrollment configuration parameters containing advanced settings, custom workflows, and integration options tailored to organizational deployment requirements.

type string optional

Token category classification determining enrollment workflow behavior, permission requirements, and processing logic differentiating standard enrollment from specialized provisioning scenarios.

≤ 128 characters

subType string optional

Token variant providing additional workflow context enabling fine-grained categorization and specialized handling for different enrollment scenarios within organization.

≤ 128 characters

updatedAt string optional

Most recent modification timestamp recorded in ISO-8601 format tracking configuration changes, policy updates, and administrative edits for audit compliance and change history.

Format: date-time

createdAt string optional

Token creation timestamp in ISO-8601 format marking generation moment used for calculating age, enforcing retention policies, and providing audit trail foundation.

Format: date-time

expireAt string optional

Token expiration timestamp blocking device enrollment after specified time enforcing time-limited provisioning for security compliance, null value indicating permanent validity without expiration.

Format: date-time

enrollmentLink string optional

Complete enrollment URL sent to end users via email or messaging enabling one-click device registration by embedding authentication credentials and configuration parameters.

≤ 500 characters

enrollCode string optional

Short alphanumeric code facilitating manual token entry during enrollment serving as accessible alternative when link clicking impractical or for phone-based configuration entry.

≤ 128 characters

winPolicyId string optional

Legacy single policy reference maintained for backward compatibility with deprecated enrollment workflows, superseded by winPolicyAssignments enabling multi-policy composition.

Match pattern: ^[a-fA-F0-9]{24}$

winPolicyAssignments array [object] optional

Policy composition assignments including full embedded policy objects with priority values enabling complete configuration preview and conflict resolution analysis.

summary object optional

Computed metadata aggregating token status information for UI display, dashboard visualization, and business logic evaluation without requiring field-by-field calculations.

sendEmail boolean optional

Automated enrollment invitation email delivery flag triggering immediate notification to MDM user upon token creation containing enrollment instructions and access credentials.

emailText string optional

Custom message body embedded in enrollment invitation email providing personalized instructions, organizational context, and user-specific guidance enhancing onboarding experience.

segmentId integer optional

Segment identifier for scoping enrollment token into an specific segment

≥ 0

totalDocs integer optional

limit integer optional

hasPrevPage boolean optional

hasNextPage boolean optional

page integer optional

totalPages integer optional

prevPage integer optional

nextPage integer optional

lean boolean optional

{
    "status": true,
    "data": {
        "items": [
            {
                "id": "698efa6ed851667d9c0aec88",
                "organizationId": "698efa6ed851667d9c0aec88",
                "winEnterpriseId": "698efa6ed851667d9c0aec88",
                "winDeviceId": "698efa6ed851667d9c0aec88",
                "mdmUser": {
                    "id": "698efa6ed851667d9c0aec88",
                    "email": "[email protected]"
                },
                "displayName": "Engineering Laptop - John Doe",
                "tags": [
                    "engineering",
                    "laptop",
                    "corporate"
                ],
                "state": "PENDING",
                "config": {},
                "type": "enrollment",
                "subType": "standard",
                "updatedAt": "2026-02-10T12: 00:00Z",
                "createdAt": "2026-01-15T09: 30:00Z",
                "expireAt": "2026-03-15T09: 30:00Z",
                "enrollmentLink": "https://mdm.company.com/enroll?token=abc123def456",
                "enrollCode": "ABC123",
                "winPolicyId": "698efa6ed851667d9c0aec88",
                "winPolicyAssignments": [
                    {
                        "winPolicyId": "698efa6ed851667d9c0aec88",
                        "winPolicy": {
                            "id": "698efa6ed851667d9c0aec88",
                            "name": "Corporate Security Policy"
                        },
                        "priority": 100
                    }
                ],
                "summary": {
                    "expirationTimestamp": "2026-03-15T09: 30:00Z"
                },
                "sendEmail": true,
                "emailText": "Welcome to the corporate device management program. Click the link to enroll your device.",
                "segmentId": "1"
            }
        ],
        "totalDocs": 0,
        "limit": 0,
        "hasPrevPage": true,
        "hasNextPage": true,
        "page": 0,
        "totalPages": 0,
        "prevPage": 0,
        "nextPage": 0,
        "lean": true
    }
}

401 Response application/json

status boolean optional

false

error object optional

code number optional

4004

message string optional

Invalid Token

{
    "status": false,
    "error": {
        "code": 4002,
        "message": "No auth token"
    }
}

404 Response application/json

status boolean optional

false

error object optional

code number optional

3001

message string optional

Entity not found

{
    "status": false,
    "error": {
        "code": 3001,
        "message": "Entity not found"
    }
}

Request

Authorization

Path Params1

Query Params6

Responses