How to configure Postman for ZCC API Calls

The Zscaler help documentation for the ZCC API call is located here: About the Zscaler Client Connector API | Zscaler.

Steps for creating the Public API are here: About API Key Management | Zscaler. If you do not see the Public API section in your mobile admin portal you will need to contact Zscaler support to enable the feature.

Below are the steps I completed in order to make the API calls via postman.

Getting Started
From Postman, create a new collection, I called mine ZCC API. Create a new POST request:

  • Click Collections
  • Click Create New
  • Set a Collection Name
  • Click Ellipses next to Collection Name
  • Click add request

collection

API Authentication
In order to complete API calls you will need to authenticate. This authentication will provide a JWTToken that will have a TTL as set in the ZCC portal when the API key was made.

  • Type = Post
  • URL = https://api-mobile.CLOUD.net/papi/auth/v1/login
  • The example tenant is on zscloud.
  • Create the following headers:
    -Content-Length with no value
    -Host with no value
    -Accept with a value of /
    -Content-Type with a value of application/json

In the body enter the apiKey and secretKey in the below format and replace string with the actual values (leave the quotation marks as shown in the image below):

{
“apiKey”: “string”,
“secretKey”: “string”
}

Note: You may need to type out the above syntax. Postman may not recognize the unicoding of the quotation marks and the call will fail as a result.

Click Save and send the call. You should receive a JWTToken in response and you will use this in your additional calls.

API Call-GetDevices
Now that you have the JWTToken you can complete additional calls. Create a new GET request under your ZCC API collection for GetDevices.

  • Set the request to a GET type
  • URL = https://mobileadmin.CLOUD.net/papi/public/v1/getDevices
  • Create a header of auth-token and enter your JWTToken as the Value
  • Click Save and Click Send
  • Your response will contain the device information from the ZCC portal, including the udid used in the GetOTP call

API Call-GetOTP
To get the OTP for a specific device you need that device’s UDID which is obtained by the GetDevices call completed previously.

  • Create New Request
  • URL = https://mobileadmin.CLOUD.net/papi/public/v1/getOtp
  • Create a Params of udid and enter the device udid as the value (this is provided by the GetDevices call)
  • Create a header of auth-token and enter your JWTToken as the Value
  • Click Save and Click Send

Additional available API calls for the ZCC mobile admin portal are available here: Public API Controller | Zscaler

2 Likes

@jlawrence , Great thanks for such step by step configuration. Really very helpful !!!

1 Like

This was super helpful! Only thing two things that I had to do differently:

-For the login portion, I only needed to set the Content-Type header. Leaving the others there caused 400 errors

-For the GET calls, I used the same base URL (api-mobile.CLOUD) instead of the mobileadmin.CLOUD

I also added a parameter in the GetDevices called “username” and populated it with a specific user to test. This grabbed only that user’s devices.