POST /organizations/:organizationId/mdm/windows/enterprise/enrollment-tokens

POST

https://api.applivery.io/v1/organizations/{organizationId}/mdm/windows/enterprise/enrollment-tokens

curl -X POST "https://api.applivery.io/v1/organizations/{organizationId}/mdm/windows/enterprise/enrollment-tokens" \
  -H "Authorization: Bearer <YOUR_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
  "type": "object",
  "children": {
    "sendEmail": {},
    "displayName": {},
    "tags": {},
    "duration": {},
    "language": {},
    "emailText": {},
    "winPolicyId": {},
    "winPolicyAssignments": {},
    "segmentId": {}
  },
  "mdmUserId": "698efa6ed851667d9c0aec88"
}'

const response = await fetch("https://api.applivery.io/v1/organizations/{organizationId}/mdm/windows/enterprise/enrollment-tokens", {
  method: "POST",
  headers: {
    Authorization: "Bearer <YOUR_API_KEY>",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    "type": "object",
    "children": {
      "sendEmail": {},
      "displayName": {},
      "tags": {},
      "duration": {},
      "language": {},
      "emailText": {},
      "winPolicyId": {},
      "winPolicyAssignments": {},
      "segmentId": {}
    },
    "mdmUserId": "698efa6ed851667d9c0aec88"
  }),
});

const data = await response.json();

import requests

response = requests.post(
    "https://api.applivery.io/v1/organizations/{organizationId}/mdm/windows/enterprise/enrollment-tokens",
    headers={"Authorization": "Bearer <YOUR_API_KEY>"},
    json={
      "type": "object",
      "children": {
        "sendEmail": {},
        "displayName": {},
        "tags": {},
        "duration": {},
        "language": {},
        "emailText": {},
        "winPolicyId": {},
        "winPolicyAssignments": {},
        "segmentId": {}
      },
      "mdmUserId": "698efa6ed851667d9c0aec88"
    },
)

data = response.json()

Request

Send your API key in the request header authorization

Example: Authorization: Bearer <token>

organizationId string

required

Match pattern: ^(([a-fA-F0-9]{24})|([a-zA-Z0-9\\-]{3,}))$

Body Params application/json

type string optional

object

children object optional

sendEmail object optional

type string optional

boolean

flags object optional

truthy boolean optional

falsy boolean optional

displayName object optional

type string optional

string

valids string optional

rules object optional

tags object optional

type string optional

array

flags object optional

items object optional

duration object optional

type string optional

number

flags object optional

invalids number optional

Format: float

null

rules object optional

language object optional

type string optional

string

flags object optional

valids string optional

es

invalids string optional

emailText object optional

type string optional

string

valids string optional

winPolicyId object optional

type string optional

string

valids string optional

rules object optional

winPolicyAssignments object optional

type string optional

array

flags object optional

items object optional

segmentId object optional

type string optional

number

flags object optional

invalids number optional

Format: float

null

rules object optional

mdmUserId string required

MDM user identifier establishing device ownership upon enrollment determining access permissions, policy scope, and administrative responsibility for enrolled endpoints.

Match pattern: ^[a-fA-F0-9]{24}$

{
    "type": "object",
    "children": {
        "sendEmail": {
            "type": "boolean",
            "flags": {
                "insensitive": true,
                "presence": "required"
            },
            "truthy": true,
            "falsy": true
        },
        "displayName": {
            "type": "string",
            "valids": "",
            "rules": {
                "name": "max",
                "arg": 128
            }
        },
        "tags": {
            "type": "array",
            "flags": {
                "sparse": true
            },
            "items": {
                "type": "string",
                "valids": "",
                "rules": {
                    "name": "max",
                    "arg": 128
                }
            }
        },
        "duration": {
            "type": "number",
            "flags": {
                "unsafe": true
            },
            "invalids": null,
            "rules": {
                "name": "integer"
            }
        },
        "language": {
            "type": "string",
            "flags": {
                "allowOnly": true
            },
            "valids": "es",
            "invalids": ""
        },
        "emailText": {
            "type": "string",
            "valids": ""
        },
        "winPolicyId": {
            "type": "string",
            "valids": "",
            "rules": {
                "name": "regex",
                "arg": {
                    "pattern": "string"
                }
            }
        },
        "winPolicyAssignments": {
            "type": "array",
            "flags": {
                "sparse": true
            },
            "items": {
                "type": "object",
                "children": {
                    "winPolicyId": {
                        "type": "string",
                        "invalids": "",
                        "rules": {
                            "name": "regex",
                            "arg": {
                                "pattern": "string"
                            }
                        }
                    },
                    "priority": {
                        "type": "number",
                        "flags": {
                            "unsafe": true,
                            "presence": "required"
                        },
                        "invalids": null,
                        "rules": {
                            "name": "integer"
                        }
                    }
                }
            }
        },
        "segmentId": {
            "type": "number",
            "flags": {
                "unsafe": true
            },
            "invalids": null,
            "rules": {
                "name": "integer"
            }
        }
    },
    "mdmUserId": "698efa6ed851667d9c0aec88"
}

Responses

200 Response application/json

status boolean optional

data object optional

id string optional

Unique enrollment token identifier assigned at creation used throughout platform for referencing token in device registration workflows, admin interfaces, and audit logs.

Match pattern: ^[a-fA-F0-9]{24}$

organizationId string optional

Organization workspace owning this token determining access permissions, billing attribution, and device association enabling multi-tenant isolation and administrative boundaries.

Match pattern: ^[a-fA-F0-9]{24}$

winEnterpriseId string optional

Windows enterprise configuration defining MDM server endpoints, authentication certificates, and enrollment protocols governing device registration and management communication.

Match pattern: ^[a-fA-F0-9]{24}$

winDeviceId string optional

Windows device completing enrollment using this token establishing ownership relationship and enabling tracking which tokens provisioned which devices for audit purposes.

Match pattern: ^[a-fA-F0-9]{24}$

mdmUser object optional

MDM user account receiving token ownership establishing device responsibility, determining permission scope, and enabling user-specific policy application and communication.

id string optional

MDM user account identifier linking enrolled devices to responsible individuals for ownership tracking and administrative accountability.

Match pattern: ^[a-fA-F0-9]{24}$

email string optional

User email address enabling enrollment invitation delivery, account identification, and serving as primary communication channel for device management notifications.

≤ 128 characters

displayName string optional

Human-readable token label appearing in administrative interfaces, email notifications, and management reports helping administrators identify token purpose and target users.

≤ 128 characters

tags array [string] optional

Classification tags automatically applied to enrolled devices enabling organizational grouping, policy targeting, and fleet segmentation for streamlined device management workflows.

state string optional

Token lifecycle status tracking usage and availability with PENDING indicating unused token, DONE after enrollment completion, DELETED when revoked, EXPIRED when time-limited validity elapsed.

PENDING DONE DELETED EXPIRED

config object optional

Platform-specific enrollment configuration parameters containing advanced settings, custom workflows, and integration options tailored to organizational deployment requirements.

type string optional

Token category classification determining enrollment workflow behavior, permission requirements, and processing logic differentiating standard enrollment from specialized provisioning scenarios.

≤ 128 characters

subType string optional

Token variant providing additional workflow context enabling fine-grained categorization and specialized handling for different enrollment scenarios within organization.

≤ 128 characters

updatedAt string optional

Most recent modification timestamp recorded in ISO-8601 format tracking configuration changes, policy updates, and administrative edits for audit compliance and change history.

Format: date-time

createdAt string optional

Token creation timestamp in ISO-8601 format marking generation moment used for calculating age, enforcing retention policies, and providing audit trail foundation.

Format: date-time

expireAt string optional

Token expiration timestamp blocking device enrollment after specified time enforcing time-limited provisioning for security compliance, null value indicating permanent validity without expiration.

Format: date-time

enrollmentLink string optional

Complete enrollment URL sent to end users via email or messaging enabling one-click device registration by embedding authentication credentials and configuration parameters.

≤ 500 characters

enrollCode string optional

Short alphanumeric code facilitating manual token entry during enrollment serving as accessible alternative when link clicking impractical or for phone-based configuration entry.

≤ 128 characters

winPolicyId string optional

Legacy single policy reference maintained for backward compatibility with deprecated enrollment workflows, superseded by winPolicyAssignments enabling multi-policy composition.

Match pattern: ^[a-fA-F0-9]{24}$

winPolicyAssignments array [object] optional

Policy composition assignments including full embedded policy objects with priority values enabling complete configuration preview and conflict resolution analysis.

winPolicyId string optional

Match pattern: ^[a-fA-F0-9]{24}$

winPolicy object optional

priority integer optional

≥ 0

summary object optional

Computed metadata aggregating token status information for UI display, dashboard visualization, and business logic evaluation without requiring field-by-field calculations.

expirationTimestamp string optional

Calculated expiration time combining creation timestamp and duration for streamlined validity checks and countdown displays in administrative interfaces.

Format: date-time

sendEmail boolean optional

Automated enrollment invitation email delivery flag triggering immediate notification to MDM user upon token creation containing enrollment instructions and access credentials.

emailText string optional

Custom message body embedded in enrollment invitation email providing personalized instructions, organizational context, and user-specific guidance enhancing onboarding experience.

segmentId integer optional

Segment identifier for scoping enrollment token into an specific segment

≥ 0

{
    "status": true,
    "data": {
        "id": "698efa6ed851667d9c0aec88",
        "organizationId": "698efa6ed851667d9c0aec88",
        "winEnterpriseId": "698efa6ed851667d9c0aec88",
        "winDeviceId": "698efa6ed851667d9c0aec88",
        "mdmUser": {
            "id": "698efa6ed851667d9c0aec88",
            "email": "[email protected]"
        },
        "displayName": "Engineering Laptop - John Doe",
        "tags": [
            "engineering",
            "laptop",
            "corporate"
        ],
        "state": "PENDING",
        "config": {},
        "type": "enrollment",
        "subType": "standard",
        "updatedAt": "2026-02-10T12: 00:00Z",
        "createdAt": "2026-01-15T09: 30:00Z",
        "expireAt": "2026-03-15T09: 30:00Z",
        "enrollmentLink": "https://mdm.company.com/enroll?token=abc123def456",
        "enrollCode": "ABC123",
        "winPolicyId": "698efa6ed851667d9c0aec88",
        "winPolicyAssignments": [
            {
                "winPolicyId": "698efa6ed851667d9c0aec88",
                "winPolicy": {
                    "id": "698efa6ed851667d9c0aec88",
                    "name": "Corporate Security Policy"
                },
                "priority": 100
            }
        ],
        "summary": {
            "expirationTimestamp": "2026-03-15T09: 30:00Z"
        },
        "sendEmail": true,
        "emailText": "Welcome to the corporate device management program. Click the link to enroll your device.",
        "segmentId": "1"
    }
}

400 Response application/json

status boolean optional

false

error object optional

code number optional

5145

message string optional

Error creating winEnrollmentToken

{
    "status": false,
    "error": {
        "code": 5050,
        "message": "Feature not allowed for you billing plan"
    }
}

401 Response application/json

status boolean optional

false

error object optional

code number optional

4004

message string optional

Invalid Token

{
    "status": false,
    "error": {
        "code": 4002,
        "message": "No auth token"
    }
}

404 Response application/json

status boolean optional

false

error object optional

code number optional

3001

message string optional

Entity not found

{
    "status": false,
    "error": {
        "code": 3001,
        "message": "Entity not found"
    }
}

Request

Authorization

Path Params1

Request Body

Responses