Technical documentation for integrating with Endpoint Solutions MDM/DLP platform
Endpoint Solutions provides a comprehensive BYOD security platform combining Mobile Device Management (MDM), Data Loss Prevention (DLP), and Endpoint Detection & Response (EDR) capabilities. This documentation covers the technical protocols for communication between the Endpoint agent and the management server.
The Endpoint Solutions architecture follows a zero-trust security model with end-to-end encryption:
# System Architecture
┌─────────────────┐ ┌──────────────────┐
│ Endpoint Agent │◄────────┤ Management │
│ (macOS) │ WSS │ Server │
└─────────────────┘ └──────────────────┘
│ │
▼ ▼
┌─────────────────┐ ┌──────────────────┐
│ DLP Engine │ │ SIEM Platform │
│ (Local) │ │ (Remote) │
└─────────────────┘ └──────────────────┘Devices enroll through a QR-based registration flow ensuring secure initial trust establishment:
POST /endpoint/register
Content-Type: application/json
{
"qr_data": "base64_encoded_registration_token",
"device_info": {
"hostname": "user-macbook.local",
"os_version": "14.0",
"hardware_id": "UUID",
"mdm_capable": true
},
"certificates": {
"device_cert": "PEM_encoded_certificate",
"csr": "certificate_signing_request"
}
}{
"status": "registered",
"device_id": "dev_1234567890",
"websocket_url": "wss://endpoint.solutions/cable",
"mdm_profile": "base64_encoded_profile",
"dlp_policies": {
"scan_interval": 300,
"file_types": ["doc", "pdf", "xls"],
"classification_rules": [...]
}
}Real-time communication uses Action Cable WebSocket with the following message structure:
# WebSocket URL
wss://endpoint.solutions/cable
# Subscribe to EndpointChannel
{
"command": "subscribe",
"identifier": "{\"channel\":\"EndpointChannel\",\"device_id\":\"dev_1234567890\"}"
}| Type | Direction | Description |
|---|---|---|
heartbeat |
Agent → Server | Keep-alive with status data |
screenshot |
Agent → Server | Periodic screen capture (DLP) |
file_activity |
Agent → Server | File access/modification events |
mdm_command |
Server → Agent | Remote management commands |
policy_update |
Server → Agent | DLP/Security policy changes |
{
"action": "update_status",
"data": {
"timestamp": "2024-01-01T12:00:00Z",
"status": "active",
"compliance": {
"firewall": true,
"disk_encryption": true,
"screen_lock": true,
"mdm_enrolled": true
},
"metrics": {
"cpu_usage": 45.2,
"memory_usage": 62.8,
"disk_usage": 78.3
}
}
}Remote device management capabilities through the MDM protocol:
{
"command": "lock_device",
"parameters": {
"message": "Device locked by IT Administrator",
"phone_number": "+1-555-0100"
}
}{
"command": "wipe_device",
"parameters": {
"wipe_type": "selective", // or "full"
"preserve_accounts": false,
"confirmation_code": "WIPE-XXXX-XXXX"
}
}{
"command": "install_profile",
"parameters": {
"profile_type": "security",
"profile_data": "base64_encoded_mobileconfig",
"requires_restart": false
}
}Data Loss Prevention monitoring and classification protocols:
# DLP Event Structure
{
"event_type": "file_classification",
"timestamp": "2024-01-01T12:00:00Z",
"file_info": {
"path": "/Users/john/Documents/report.pdf",
"size": 1048576,
"hash": "sha256:abcdef123456...",
"mime_type": "application/pdf"
},
"classification": {
"sensitivity": "confidential",
"contains_pii": true,
"data_types": ["SSN", "credit_card", "email"],
"confidence": 0.95
},
"action_taken": "blocked" // or "allowed", "quarantined"
}{
"event_type": "screenshot",
"timestamp": "2024-01-01T12:00:00Z",
"image_data": "base64_encoded_png",
"metadata": {
"resolution": "2560x1440",
"displays": 1,
"active_window": "Google Chrome",
"ocr_enabled": true
},
"dlp_scan": {
"sensitive_content": false,
"matched_patterns": []
}
}All communications implement defense-in-depth security measures:
# Token refresh flow
POST /endpoint/refresh_token
Authorization: Bearer current_jwt_token
Response:
{
"access_token": "new_jwt_token",
"expires_in": 3600,
"refresh_token": "new_refresh_token"
}Complete REST API endpoints for management operations:
| Endpoint | Method | Description | Auth Required |
|---|---|---|---|
/endpoint/register |
POST | Device registration | QR Token |
/endpoint/status |
GET | Device status | Device Cert |
/endpoint/compliance |
GET | Compliance report | Device Cert |
/endpoint/events |
POST | Submit DLP events | Device Cert |
/endpoint/policies |
GET | Fetch current policies | Device Cert |
/endpoint/command |
POST | Execute MDM command | Admin Token |
{
"error": {
"code": "DEVICE_NOT_ENROLLED",
"message": "Device must be enrolled before accessing this endpoint",
"details": {
"enrollment_url": "/endpoint/register",
"documentation": "/docs#registration"
}
},
"timestamp": "2024-01-01T12:00:00Z"
}# Ruby Integration Example
require 'net/http'
require 'json'
require 'websocket-client-simple'
class EndpointClient
BASE_URL = 'https://endpoint.solutions'
def initialize(device_cert, private_key)
@cert = OpenSSL::X509::Certificate.new(device_cert)
@key = OpenSSL::PKey::RSA.new(private_key)
end
def register(qr_data)
uri = URI("#{BASE_URL}/endpoint/register")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.cert = @cert
http.key = @key
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request.body = {
qr_data: qr_data,
device_info: gather_device_info
}.to_json
response = http.request(request)
JSON.parse(response.body)
end
def connect_websocket(device_id)
ws = WebSocket::Client::Simple.connect "wss://endpoint.solutions/cable"
ws.on :open do
ws.send({
command: 'subscribe',
identifier: {
channel: 'EndpointChannel',
device_id: device_id
}.to_json
}.to_json)
end
ws.on :message do |msg|
handle_message(JSON.parse(msg.data))
end
ws
end
private
def gather_device_info
{
hostname: `hostname`.strip,
os_version: `sw_vers -productVersion`.strip,
hardware_id: `system_profiler SPHardwareDataType | grep UUID`.split(':').last.strip
}
end
end# Python Integration Example
import requests
import websocket
import json
import ssl
import platform
class EndpointClient:
BASE_URL = 'https://endpoint.solutions'
def __init__(self, cert_path, key_path):
self.cert = (cert_path, key_path)
def register(self, qr_data):
url = f'{self.BASE_URL}/endpoint/register'
payload = {
'qr_data': qr_data,
'device_info': self._gather_device_info()
}
response = requests.post(
url,
json=payload,
cert=self.cert,
verify=True
)
return response.json()
def connect_websocket(self, device_id):
ws_url = 'wss://endpoint.solutions/cable'
ws = websocket.WebSocketApp(
ws_url,
on_open=lambda ws: self._on_open(ws, device_id),
on_message=self._on_message,
on_error=self._on_error
)
ws.run_forever(sslopt={
'certfile': self.cert[0],
'keyfile': self.cert[1]
})
def _on_open(self, ws, device_id):
subscribe_msg = {
'command': 'subscribe',
'identifier': json.dumps({
'channel': 'EndpointChannel',
'device_id': device_id
})
}
ws.send(json.dumps(subscribe_msg))
def _on_message(self, ws, message):
data = json.loads(message)
self._handle_message(data)
def _gather_device_info(self):
return {
'hostname': platform.node(),
'os_version': platform.mac_ver()[0],
'hardware_id': self._get_hardware_id()
}
def _get_hardware_id(self):
import subprocess
result = subprocess.run(
['system_profiler', 'SPHardwareDataType'],
capture_output=True,
text=True
)
for line in result.stdout.split('\n'):
if 'Hardware UUID' in line:
return line.split(':')[1].strip()
return None// Swift Integration Example
import Foundation
import Network
import CryptoKit
class EndpointClient {
let baseURL = "https://endpoint.solutions"
let certificate: SecCertificate
let privateKey: SecKey
init(certificate: SecCertificate, privateKey: SecKey) {
self.certificate = certificate
self.privateKey = privateKey
}
func register(qrData: String) async throws -> RegistrationResponse {
let url = URL(string: "\(baseURL)/endpoint/register")!
var request = URLRequest(url: url)
request.httpMethod = "POST"
request.setValue("application/json", forHTTPHeaderField: "Content-Type")
let payload = RegistrationRequest(
qrData: qrData,
deviceInfo: gatherDeviceInfo()
)
request.httpBody = try JSONEncoder().encode(payload)
let (data, _) = try await URLSession.shared.data(for: request)
return try JSONDecoder().decode(RegistrationResponse.self, from: data)
}
func connectWebSocket(deviceId: String) {
let url = URL(string: "wss://endpoint.solutions/cable")!
let request = URLRequest(url: url)
let ws = URLSession.shared.webSocketTask(with: request)
ws.resume()
let subscribeMessage = [
"command": "subscribe",
"identifier": try! JSONEncoder().encode([
"channel": "EndpointChannel",
"device_id": deviceId
])
]
ws.send(.string(String(data: try! JSONSerialization.data(withJSONObject: subscribeMessage), encoding: .utf8)!)) { _ in
self.receiveMessage(from: ws)
}
}
private func gatherDeviceInfo() -> DeviceInfo {
var systemInfo = utsname()
uname(&systemInfo)
return DeviceInfo(
hostname: ProcessInfo.processInfo.hostName,
osVersion: ProcessInfo.processInfo.operatingSystemVersionString,
hardwareId: getHardwareUUID()
)
}
private func getHardwareUUID() -> String {
let service = IOServiceGetMatchingService(
kIOMasterPortDefault,
IOServiceMatching("IOPlatformExpertDevice")
)
let cfUUID = IORegistryEntryCreateCFProperty(
service,
kIOPlatformUUIDKey as CFString,
kCFAllocatorDefault,
0
)
IOObjectRelease(service)
return cfUUID?.takeRetainedValue() as? String ?? ""
}
}Need help with integration? Our enterprise support team is available 24/7.
Enterprise Support:
Email: enterprise@endpoint.solutions
Phone: Available to enterprise customers via support portal
Resources:
API Status
Change Log