{"id":110387,"date":"2024-05-16T13:01:00","date_gmt":"2024-05-16T17:01:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=110387"},"modified":"2024-05-17T11:17:32","modified_gmt":"2024-05-17T15:17:32","slug":"set-temporary-elevated-device-privileges-using-the-api","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api","title":{"rendered":"Set Temporary Elevated Device Privileges Using the API"},"content":{"rendered":"\n<p>This article explains how to use the JumpCloud API to set temporary elevated device privileges for a user in your org. To perform these functions, use the <strong>Access Requests<\/strong> API endpoint. See <a href=\"https:\/\/docs.jumpcloud.com\/api\/2.0\/index.html#tag\/Systems\/operation\/AccessRequestApi_CreateAccessRequest\" target=\"_blank\" rel=\"noreferrer noopener\">the API docs<\/a>. By using various API calls (GET, POST, PUT) you can create, query, modify, or revoke existing access requests. <\/p>\n\n\n\n<p>The <strong>access requests<\/strong> endpoint accepts these API calls to perform various functions: <\/p>\n\n\n\n<ul>\n<li>POST\n<ul>\n<li>Create an access request.<\/li>\n\n\n\n<li>Revoke an existing access request by inputting its accessID.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>GET\n<ul>\n<li>Query an existing access request by inputting its accessID.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>PUT\n<ul>\n<li>Modify the expiration time of an existing access request by its accessID.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>JumpCloud API Key\n<ul>\n<li>See <a href=\"https:\/\/jumpcloud.com\/support\/jumpcloud-apis#accessing-your-api-key\" target=\"_blank\" rel=\"noreferrer noopener\">Accessing Your API Key<\/a>. <\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>JumpCloud Org ID \n<ul>\n<li>See <a href=\"https:\/\/jumpcloud.com\/support\/settings-in-admin-portal#general\" target=\"_blank\" rel=\"noreferrer noopener\">Access your Organization ID<\/a>. <\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>User ID\n<ul>\n<li>See <a href=\"https:\/\/jumpcloud.com\/support\/retrieve-object-ids-from-the-api#locating-the-user%E2%80%99s-userid\" target=\"_blank\" rel=\"noreferrer noopener\">Locating the User\u2019s User ID from the API<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Device or System ID \n<ul>\n<li>See <a href=\"https:\/\/jumpcloud.com\/support\/retrieve-object-ids-from-the-api#locating-the-device%E2%80%99s-systemid\" target=\"_blank\" rel=\"noreferrer noopener\">Locating the Device\u2019s System ID<\/a>. <\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Operation ID\n<ul>\n<li>This is a static value specific to temporary elevated device privileges. Enter <kbd>ff487bda-e18f-42ed-9d6c-5c7cafd6adf9<\/kbd>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>The following examples are presented in cURL, but you can also use an app like Postman to manage your API requests. See <a href=\"https:\/\/jumpcloud.com\/support\/configure-jumpcloud-api-endpoints-in-postman\" target=\"_blank\" rel=\"noreferrer noopener\">Configure JumpCloud API Endpoints in Postman<\/a>. <\/li>\n\n\n\n<li>Creating an access request generates an <strong>accessID<\/strong> specific to that request. This <kbd>$ACCESS_ID<\/kbd> value is required for querying, updating, or revoking an existing request. <\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Running an Access Request Command<\/h2>\n\n\n\n<p>The following is a sample command to create an access request. This will grant the user temporary admin privileges on the specified device that will be automatically revoked at the expiry time. <\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl –location ‘https:\/\/console.jumpcloud.com\/api\/v2\/accessrequests’ \\<br>–header ‘x-api-key: $JC_API_KEY’ \\<br>–header ‘X-Org-Id: $JC_ORG_ID’ \\<br>–header ‘Content-Type: application\/json’ \\<br>–data ‘{<br> “requestorId”: “$JC_User_ID”,<br> “resourceId”: “$JC_Device_ID”,<br> “resourceType”: “device”,<br> “remarks”: “”,<br> “expiry”: “2024-05-10T13:57:45.497Z”,<br> “operationId”: “ff487bda-e18f-42ed-9d6c-5c7cafd6adf9”,<br> “additionalAttributes”: {<br> “sudo”: {<br> “enabled”: true,<br> “withoutPassword”: false<br> }<br> }<br>}’<\/p>\n<\/div><\/div>\n\n\n\n<p>You\u2019ll need to enter the relevant information into the following fields to create the access request:<\/p>\n\n\n\n<ul>\n<li><kbd>x-api-key<\/kbd>\n<ul>\n<li>Your API key.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><kbd>X-Org-Id<\/kbd>\n<ul>\n<li>Your JumpCloud Organizational ID.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><kbd>requestorId<\/kbd>\n<ul>\n<li>The objectID of the user you\u2019re granting temporary elevated privileges.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><kbd>resourceId<\/kbd>\n<ul>\n<li>The objectID of the user\u2019s device.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><kbd>resourceType<\/kbd>\n<ul>\n<li>This is defined as \u201cdevice\u201d for this request.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><kbd>expiry<\/kbd>\n<ul>\n<li>The time in UTC when the user\u2019s temporary elevated privileges will expire.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Successful completion of the command will create the access request and return an accessID which can be used to query, update, or revoke it ahead of expiration.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>{<br> “id”: “$ACCESS_ID”<br>}<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Querying an Access Request<\/h2>\n\n\n\n<p>You can use the accessID returned in the previous step to query the status of the access request. Replace the <kbd>$ACCESS_ID<\/kbd> below with the returned value.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl –location ‘https:\/\/console.jumpcloud.com\/api\/v2\/accessrequests\/$ACCESS_ID\u2019 \\<br>–header ‘Accept: application\/json’ \\<br>–header ‘x-api-key: $JC_API_KEY<\/p>\n<\/div><\/div>\n\n\n\n<p>This will return details of the access request:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>{<br> “id”: 16839,<br> “applicationIntId”: “”,<br> “accessId”: “ACCESS_ID”,<br> “onBehalfOfUserId”: “redacted”,<br> “requestorId”: “$JC_User_ID”,<br> “tempGroupId”: “”,<br> “resourceId”: “$JC_Device_ID”,<br> “resourceType”: “device”,<br> “accessState”: “granted”,<br> “remarks”: “”,<br> “expiry”: “2024-05-10T13:57:45Z”,<br> “version”: 0,<br> “createdBy”: “redacted”,<br> “updatedBy”: “redacted”,<br> “operationId”: “ff487bda-e18f-42ed-9d6c-5c7cafd6adf9”,<br> “additionalAttributes”: “eyJzdWRvIjogeyJlbmFibGVkIjogdHJ1ZSwgIndpdGhvdXRQYXNzd29yZCI6IGZhbHNlfX0=”,<br> “duration”: 148664,<br> “metadata”: “”,<br> “jobId”: “ZjvjIVIlzQABNQxS”,<br> “companyId”: “YkX0p4k4MlRDoC8n”<br>}<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Updating an Access Request<\/h2>\n\n\n\n<p>You can also use the accessID to update an existing access request. For example, you can extend the duration of the user\u2019s temporary admin access. This example extends the expiry 1 day past the original command from 2024-05-10 to 2024-05-11.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl –location –request PUT ‘https:\/\/console.jumpcloud.com\/api\/v2\/accessrequests\/$ACCESS_ID’ \\<br>–header ‘Content-Type: application\/json’ \\<br>–header ‘Accept: application\/json’ \\<br>–header ‘x-api-key: $JC_API_KEY’ \\<br>–data ‘{<br> “additionalAttributes”: {},<br> “expiry”: “2024-05-11T19:42:30.404Z”,<br> “organizationObjectId”: “$JC_Device_ID”,<br> “requestorId”: “redacted”,<br> “remarks”: “<string>”<br>}’<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Revoking an Access Request<\/h2>\n\n\n\n<p>To revoke an access request and remove a user\u2019s temporary admin access ahead of the expiration, use the following command. Replace the <kbd>$ACCESS_ID<\/kbd> below with the returned value in the first step after creating the access request:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl –location –request POST ‘https:\/\/console.jumpcloud.com\/api\/v2\/accessrequests\/$ACCESS_ID\/revoke’ \\<br>–header ‘Accept: application\/json’ \\<br>–header ‘x-api-key: $JC_API_KEY’<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>This article explains how to use the JumpCloud API to set temporary elevated device privileges for a user in your […]<\/p>\n","protected":false},"author":218,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"2normal","inline_featured_image":false,"footnotes":""},"support_category":[2917,2856,3003,2850],"support_tag":[],"coauthors":[3011],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Set Temporary Elevated Device Privileges Using the API<\/title>\n<meta name=\"description\" content=\"Learn how to use the access requests JumpCloud API endpoint to set, modify, and revoke user temporary admin\/sudo access on devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Set Temporary Elevated Device Privileges Using the API\" \/>\n<meta property=\"og:description\" content=\"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-17T15:17:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"nickconrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api\",\"url\":\"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api\",\"name\":\"Set Temporary Elevated Device Privileges Using the API\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2024-05-16T17:01:00+00:00\",\"dateModified\":\"2024-05-17T15:17:32+00:00\",\"description\":\"Learn how to use the access requests JumpCloud API endpoint to set, modify, and revoke user temporary admin\/sudo access on devices.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Set Temporary Elevated Device Privileges Using the API\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Set Temporary Elevated Device Privileges Using the API","description":"Learn how to use the access requests JumpCloud API endpoint to set, modify, and revoke user temporary admin\/sudo access on devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api","og_locale":"en_US","og_type":"article","og_title":"Set Temporary Elevated Device Privileges Using the API","og_description":"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api","og_site_name":"JumpCloud","article_modified_time":"2024-05-17T15:17:32+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"nickconrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api","url":"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api","name":"Set Temporary Elevated Device Privileges Using the API","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2024-05-16T17:01:00+00:00","dateModified":"2024-05-17T15:17:32+00:00","description":"Learn how to use the access requests JumpCloud API endpoint to set, modify, and revoke user temporary admin\/sudo access on devices.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/set-temporary-elevated-device-privileges-using-the-api#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Set Temporary Elevated Device Privileges Using the API"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110387"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/218"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110387\/revisions"}],"predecessor-version":[{"id":110498,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110387\/revisions\/110498"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=110387"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=110387"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=110387"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=110387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}