Pradeo Security API

Appearance

Device Groups

Device groups organize your devices and apply consistent security policies across your fleet. This page covers creating, configuring, and managing device groups.

Overview

Device groups provide:

  • Logical Organization: Group by department, location, device type, or security level
  • Unified Policies: All devices in a group inherit the same security settings
  • Agent Configuration: Define monitoring, detection, and response strategies
  • Bulk Management: Update settings for multiple devices simultaneously

Managing Device Groups

List Device Groups

Retrieve all device groups in your organization:

bash
curl -X GET "https://api.<tenant>.pradeo-security.com/v2/device-groups" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY"

Query parameters:

  • take (number): Items per page (default: 50, max: 500)
  • skip (number): Pagination offset (default: 0)
  • search (string): Filter by group name

Response:

json
{
  "total": 5,
  "items": [
    {
      "id": "<device-group-id>",
      "name": "Corporate Devices",
      "description": "All corporate-owned devices",
      "deviceCount": 150,
      "parentGroupId": null,
      "createdAt": "2024-01-01T10:00:00Z",
      "updatedAt": "2024-01-15T10:00:00Z"
    }
  ]
}

Create Device Group

Create a new device group:

bash
curl -X POST "https://api.<tenant>.pradeo-security.com/v2/device-groups" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Sales Department",
    "detectionPolicyId": "<detection-policy-id>",
  }'

Response:

json
{
  "id": "<device-group-id>",
  "name": "Sales Department",
  "createdAt": "2024-01-15T10:00:00Z",
  "company": { ... },
  "detectionPolicy": { ... }
}

Delete Device Group

Remove a device group:

bash
curl -X DELETE "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY"

⚠️ Note: Ensure all devices are removed from the group before deletion.

Configuring Group Agent Settings

Agent configuration defines security and monitoring behavior for all devices in the group.

Get Current Agent Configuration

bash
curl -X GET "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>/agent-configuration" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY"

Set Agent Configuration

Configure security and monitoring settings for the group:

bash
curl -X PUT "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>/agent-configuration" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "useSamsungKnoxAPI": "Off",
    "displayApplicationReports": "On",
    "activatePhishingProtectionForiOS": "Off",
    "activatePhishingProtectionForAndroid": "Off",
    "askOverlayAndUsageStatisticsPermission": "Off",
    "askDozeModePermission": "On",
    "securityCoverages": [
      "application",
      "network",
      "system"
    ],
    "displayableScreens": [
      "application",
      "network",
      "system"
    ],
    "purgeInactiveDevices": "Off",
    "delayBeforePurgingInactiveDevices": 0,
    "uploadNativeApplicationStrategy": "WifiOnly",
    "uploadNativeApplicationWifiDelay": 3600,
    "uploadNonNativeApplicationStrategy": "WifiOnly",
    "uploadNonNativeApplicationWifiDelay": 3600,
    "activateCallsProtectionForAndroid": "Off",
    "activateCallsProtectionForiOS": "Off",
    "activateContentVerification": "Off",
    "pradeoMDM": "Off"
  }'

Device Management

List Devices in Group

Retrieve all devices assigned to a group:

bash
curl -X GET "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>/devices" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY"

Response:

json
{
  "total": 42,
  "items": [
    {
      "id": "<device-id>",
      "name": "John Doe - iPhone",
      "deviceGroupId": "<device-group-id>",
      ...
    }
  ]
}

Add Devices to Group

Add devices to a group:

bash
curl -X POST "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>/devices" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "deviceIds": ["<device-id>", "<device-id>"]
  }'

Enrollment Codes

Enrollment codes allow multiple devices to join a group using a shared code.

Generate Enrollment Code

Create an enrollment code for users to join the device group:

bash
curl -X GET "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>/enrollment-code" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY"

Response:

json
{
  "id": "...",
  "enrollmentCode": "....",
  "expirationDate": "2026-03-06T10:05:45.066Z",
  "name": "string",
  "enrollmentLink": "smart-ns:conf?..."
}

This QR code is for enroll a device not provisioned. On agent side, you shall scan the QR code based on the enrollmentLink.

Revoke Enrollment Code

Invalidate an enrollment code:

bash
curl -X DELETE "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>/enrollment-code" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY"

Group Communication

Send Message to Group

Send a message to all devices in a group:

bash
curl -X POST "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>/messages" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Security Policy Update",
    "content": "New security policy requires VPN usage. Please review at your convenience.",
  }'

Device Group Hierarchies

For complex organizations with multiple departments:

bash
curl -X GET "https://api.<tenant>.pradeo-security.com/v2/device-groups-hierarchies" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY"

Returns a hierarchical view of all device groups with parent-child relationships.

Best Practices

Group Organization

  • Use descriptive names - "Sales EMEA", "Support Team US-East"
  • Group logically - By department, location, security level, or device type
  • Separate policies - Create different groups for different security requirements

Policy Management

  • Start restrictive - Apply stricter policies initially, relax if needed
  • Test before rollout - Validate policy changes with a test group
  • Document policies - Keep notes on why each group has specific settings
  • Review regularly - Audit group policies quarterly

Device Management

  • Monitor enrollment - Check enrollment code usage and effectiveness
  • Remove inactive - Clean up devices that haven't reported in 30+ days
  • Update systematically - Use groups to push updates efficiently

Troubleshooting

Cannot delete group

  • Cause: Devices still assigned to group
  • Solution: Move all devices to different group first

Policy changes not applying

  • Cause: Agent configuration not updated or devices not synced
  • Solution: Verify agent configuration is set and trigger device sync

Enrollment code expired

  • Cause: Code validity period has passed
  • Solution: Generate new enrollment code

Next Steps