Resources/The Agent API Atlas/Security/JumpCloud

Everything an AI agent can do with the JumpCloud API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints33

API versionv1

Last updated23 June 2026

Orientation

How the JumpCloud API works.

The JumpCloud API is how an app or AI agent works with a company's directory: listing and updating enrolled devices, creating and deleting users, adding people to groups, and reading a record of who signed in to what. Access is granted through an API key tied to one admin, and the key inherits that admin's full role, so it reaches everything that admin can, with no narrower per-endpoint permission. There is no general webhook push; Directory Insights is the event source an integration queries for directory activity.

33Endpoints

10Capability groups

18Read

15Write

0Permissions

Authentication

Every call is authenticated with an API key sent in the x-api-key header. The key is tied to one admin and carries that admin's full role. Keys are prefixed with jca_, and for admins created after 15 July 2024 a new key defaults to a 90-day expiry, configurable from one hour to 365 days or no expiry. API access is off for admins by default and is enabled per admin. The hosted MCP server also accepts OAuth.

Permissions

JumpCloud has no granular, per-endpoint scopes. An API key inherits the whole role of the admin it belongs to, so a key made by a full administrator can reach everything that admin can, across devices, users, groups, commands, and applications. There is no way to grant a key read-only or single-resource access at the JumpCloud layer; the only lever is which admin role the key's owner has. This is the central reason to put a governing layer in front of it for AI agents.

Versioning

Two API generations run side by side. Version 1 answers at the console host and covers core objects like devices, users, and commands. Version 2 answers under a /v2 path and covers group membership and the associations between objects. Many integrations call both, picking v1 or v2 by the object, not by recency. Neither is a dated, header-pinned version scheme.

Data model

The directory is built from objects, like users, devices, user groups, device groups, applications, policies, and RADIUS servers, joined by associations. Group membership and most relationships are managed in version 2, while the objects themselves are read and written in version 1. There is no general webhook push; Directory Insights is the event source, queried for a record of activity across the directory.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to JumpCloud determines what it can reach. The directory exposes two API generations and a hosted MCP server, and each call is governed by the API key behind it and the admin role that key inherits.

Ways to connect

REST API (version 1)

Version 1 answers at https://console.jumpcloud.com/api and covers the core objects: devices, users, commands, and organization details. Each request carries the API key in the x-api-key header.

Best forConnecting an app or AI agent to JumpCloud's core objects.

Governed byThe API key and the admin role it inherits.

Docs ↗

REST API (version 2)

Version 2 answers at https://console.jumpcloud.com/api/v2 and covers group membership and the associations between objects, like which users belong to a group or which devices a policy applies to.

Best forConnecting an app or AI agent to group membership and object relationships.

Governed byThe API key and the admin role it inherits.

Docs ↗

MCP server (Model Context Protocol)

JumpCloud's hosted MCP server lets an agent manage the directory in natural language. The remote endpoint at https://mcp.jumpcloud.com/v1 supports API key and OAuth authentication and currently exposes tools only, not resources or prompts. It is available to all customers.

Best forConnecting an AI agent to JumpCloud through the Model Context Protocol.

Governed byAn org-scoped API key, or OAuth, and the admin role behind it.

Docs ↗

Directory Insights API

Directory Insights answers at https://api.jumpcloud.com through a single events endpoint. An app or AI agent queries it for a record of directory activity, since JumpCloud has no general webhook push system.

Best forReading a record of activity across the directory.

Governed byThe API key and the admin role it inherits.

Docs ↗

Authentication

API key (x-api-key)

A JumpCloud API key is sent in the x-api-key header and is tied to one admin. It carries that admin's full role, so it can reach everything the admin can, with no per-endpoint scope. Keys are prefixed with jca_ and default to a 90-day expiry for admins created after 15 July 2024.

TokenAdmin API key (jca_)

Best forConnecting an app or AI agent to JumpCloud

Docs ↗

Service account

A service account is an API-only identity, separate from a person's admin login, used so an integration's key is not tied to an individual. It still inherits an admin role rather than a narrower set of permissions.

TokenService account API key

Best forAn integration that should not use a person's own key

Docs ↗

OAuth (MCP server)

The hosted MCP server also accepts browser-based OAuth, which generates a token and enables MCP with the client. Some clients, like Claude, use OAuth only.

TokenOAuth token

Best forConnecting an AI client to the MCP server without pasting a key

Docs ↗

Capability map

What an AI agent can do in JumpCloud.

The JumpCloud API is split into areas an agent can act on, such as devices, users, groups, commands, and applications. Each area has its own methods, and some change real directory and device state.

Devices

4 endpoints

List the devices enrolled in the directory, read a single device, update a device, and remove a device.

Writes here change or remove real enrolled devices.

View endpoints →

Users

5 endpoints

List the people in the directory, read a single user, create a user, update a user, and delete a user.

Writes here create, change, or delete real user accounts.

View endpoints →

User groups

5 endpoints

List user groups, read and create a group, and add or remove people from a group's membership.

Writes here change who belongs to a group, and so what they can reach.

View endpoints →

Device groups

4 endpoints

List device groups, read and create a group, and add or remove devices from a group's membership.

Writes here change which devices a group covers, and so what gets applied to them.

View endpoints →

Commands

5 endpoints

List the commands defined in the directory, read a single command, create a command, update a command, and delete a command.

A command runs code on enrolled devices; writes here change what that code is.

View endpoints →

Applications (SSO)

3 endpoints

Read which users and user groups are bound to a single sign-on application, and change those bindings.

Writes here change who can sign in to a connected application.

View endpoints →

Policies

3 endpoints

List the configuration policies in the directory, read a single policy, and create a policy.

Writes here change device configuration policy that gets enforced on enrolled devices.

View endpoints →

RADIUS

2 endpoints

Read which users and user groups are bound to a RADIUS server, and change those bindings.

Writes here change who can authenticate through a network RADIUS server.

View endpoints →

Directory Insights

1 endpoint

Query a record of directory activity, like admin changes, user logins, and device events.

This area reads an audit record of activity across the whole directory.

View endpoints →

Organization

1 endpoint

Read the details and settings of the JumpCloud organization the key belongs to.

Reads organization-wide settings.

View endpoints →

Endpoint reference

Every JumpCloud API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Devices List the devices enrolled in the directory, read a single device, update a device, and remove a device.4
GET	`/systems`	List the devices enrolled in the directory.	read	—	Current
A v1 endpoint. The API key has no per-endpoint scope; it inherits the role of the admin it belongs to. Acts ondevice Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/systems/{id}`	Get a single enrolled device by its id.	read	—	Current
A v1 endpoint. The API key inherits the admin's role, so what it can read follows that admin's permissions. Acts ondevice Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/systems/{id}`	Update an enrolled device's settings.	write	—	Current
A v1 endpoint. JumpCloud has no granular per-endpoint scopes; the key carries the admin's full role. Acts ondevice Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/systems/{id}`	Delete an enrolled device from the directory.	write	—	Current
A v1 endpoint. Deleting a device unenrolls it. The key inherits the admin's role. Acts ondevice Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Users List the people in the directory, read a single user, create a user, update a user, and delete a user.5
GET	`/systemusers`	List the people in the directory.	read	—	Current
A v1 endpoint. JumpCloud calls a directory person a system user. The key inherits the admin's role. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/systemusers/{id}`	Get a single user by id.	read	—	Current
A v1 endpoint. Returns the person's profile and attributes. The key inherits the admin's role. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/systemusers`	Create a user in the directory.	write	—	Current
A v1 endpoint. JumpCloud has no granular per-endpoint scopes; the key carries the admin's full role. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/systemusers/{id}`	Update a user's profile or attributes.	write	—	Current
A v1 endpoint. The key inherits the admin's role. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/systemusers/{id}`	Delete a user from the directory.	write	—	Current
A v1 endpoint. Deleting a user removes their access across everything bound to them. The key inherits the admin's role. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
User groups List user groups, read and create a group, and add or remove people from a group's membership.5
GET	`/usergroups`	List all user groups.	read	—	Current
A v2 endpoint. Group membership and object relationships live in v2. The key inherits the admin's role. Acts onuser group Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/usergroups/{id}`	Get a single user group by id.	read	—	Current
A v2 endpoint. The key inherits the admin's role. Acts onuser group Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/usergroups`	Create a user group.	write	—	Current
A v2 endpoint. The key inherits the admin's role. Acts onuser group Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/usergroups/{group_id}/members`	List the members of a user group.	read	—	Current
A v2 endpoint. The key inherits the admin's role. Acts onuser group membership Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/usergroups/{group_id}/members`	Add or remove a person from a user group, sent as an add or remove operation.	write	—	Current
A v2 endpoint. One endpoint handles both adding and removing through an op field in the body. The key inherits the admin's role. Acts onuser group membership Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Device groups List device groups, read and create a group, and add or remove devices from a group's membership.4
GET	`/systemgroups`	List all device groups.	read	—	Current
A v2 endpoint. JumpCloud calls a device group a system group. The key inherits the admin's role. Acts ondevice group Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/systemgroups`	Create a device group.	write	—	Current
A v2 endpoint. The key inherits the admin's role. Acts ondevice group Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/systemgroups/{group_id}/members`	List the members of a device group.	read	—	Current
A v2 endpoint. The key inherits the admin's role. Acts ondevice group membership Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/systemgroups/{group_id}/members`	Add or remove a device from a device group, sent as an add or remove operation.	write	—	Current
A v2 endpoint. One endpoint handles both adding and removing through an op field in the body. The key inherits the admin's role. Acts ondevice group membership Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Commands List the commands defined in the directory, read a single command, create a command, update a command, and delete a command.5
GET	`/commands`	List the commands defined in the directory.	read	—	Current
A v1 endpoint. A command holds code that can run on enrolled devices. The key inherits the admin's role. Acts oncommand Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/commands/{id}`	Get a single command by id.	read	—	Current
A v1 endpoint. The key inherits the admin's role. Acts oncommand Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/commands`	Create a command.	write	—	Current
A v1 endpoint. Defines code that can later run on devices. The key inherits the admin's role. Acts oncommand Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/commands/{id}`	Update a command's definition.	write	—	Current
A v1 endpoint. Changing a command changes the code that runs on devices. The key inherits the admin's role. Acts oncommand Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/commands/{id}`	Delete a command.	write	—	Current
A v1 endpoint. The key inherits the admin's role. Acts oncommand Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Applications (SSO) Read which users and user groups are bound to a single sign-on application, and change those bindings.3
GET	`/applications/{application_id}/users`	List the users bound to a single sign-on application.	read	—	Current
A v2 endpoint. Shows who can sign in to the application. The key inherits the admin's role. Acts onapplication binding Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/applications/{application_id}/associations`	List the associations of a single sign-on application.	read	—	Current
A v2 endpoint. The key inherits the admin's role. Acts onapplication binding Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/applications/{application_id}/associations`	Add or remove an association on a single sign-on application, sent as an add or remove operation.	write	—	Current
A v2 endpoint. Changes who can sign in to the application. The key inherits the admin's role. Acts onapplication binding Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Policies List the configuration policies in the directory, read a single policy, and create a policy.3
GET	`/policies`	List the configuration policies in the directory.	read	—	Current
A v2 endpoint. A policy is configuration enforced on enrolled devices. The key inherits the admin's role. Acts onpolicy Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/policies/{id}`	Get a single policy by id.	read	—	Current
A v2 endpoint. The key inherits the admin's role. Acts onpolicy Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/policies`	Create a configuration policy.	write	—	Current
A v2 endpoint. Defines configuration that gets enforced on enrolled devices. The key inherits the admin's role. Acts onpolicy Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
RADIUS Read which users and user groups are bound to a RADIUS server, and change those bindings.2
GET	`/radiusservers/{radiusserver_id}/users`	List the users bound to a RADIUS server.	read	—	Current
A v2 endpoint. Shows who can authenticate through the network RADIUS server. The key inherits the admin's role. Acts onradius binding Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/radiusservers/{radiusserver_id}/associations`	Add or remove an association on a RADIUS server, sent as an add or remove operation.	write	—	Current
A v2 endpoint. Changes who can authenticate through the RADIUS server. The key inherits the admin's role. Acts onradius binding Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Directory Insights Query a record of directory activity, like admin changes, user logins, and device events.1
POST	`/insights/directory/v1/events`	Query a record of directory activity, like admin changes, user logins to the portal, RADIUS, LDAP and SSO apps, and device events.	read	—	Current
Served from api.jumpcloud.com, separate from the console host. The request is a POST that carries the query in its body, and it reads the activity record. The key inherits the admin's role. Acts onevent Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Organization Read the details and settings of the JumpCloud organization the key belongs to.1
GET	`/organizations`	Get the details of the JumpCloud organization the key belongs to.	read	—	Current
A v1 endpoint. Returns organization-wide settings. The key inherits the admin's role. Acts onorganization Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

JumpCloud has no general webhook system. Instead, Directory Insights is the event source: an app or AI agent queries it for a record of directory activity, like admin changes, user logins, and device events, rather than receiving pushed notifications.

Event	What it signals	Triggered by

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

JumpCloud limits how fast an app or AI agent can call, and a request over the limit returns a 429 response. Lists are paged with skip and limit parameters, and going over a limit calls for an exponential backoff before retrying.

Request rate

JumpCloud limits how fast an app or AI agent can call, and a request that goes over returns a 429 response, which the documentation classes as a temporary error. The best-practice guidance is to retry with an exponential backoff, doubling the wait each time, for example 30 seconds, then 60, then 120, then 240. The exact ceiling in requests per second is not published on the best-practices page, so an integration should treat 429 as the signal to slow down rather than assume a fixed number.

Pagination

List endpoints page with the skip and limit query parameters, where skip is how many records to step past and limit is how many to return. When stepping through a large list with skip, the guidance is to add sort set to _id so the order stays stable across pages. Directory Insights returns its own pagination token in a response header for fetching the next page of events.

Request size

Requests and responses are JSON. The best-practices page does not state a fixed payload or response size limit; large reads are handled through pagination rather than a single large response.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
401	`Unauthorized`	The API key is missing, invalid, or expired. JumpCloud treats this as a permanent error that retrying will not fix.	Send a valid, unexpired key in the x-api-key header, or regenerate the key if it has expired.
403	`Forbidden`	The key is valid but the admin it belongs to lacks the role needed for this action.	Use a key whose admin has the required role, since JumpCloud has no per-endpoint scopes to grant.
404	`Not Found`	The object does not exist, or the path is wrong.	Confirm the object id and the endpoint path before retrying.
409	`Conflict`	The request conflicts with the current state, such as creating an object that already exists.	Refetch the current state and resolve the conflict before retrying.
429	`Rate limit exceeded`	Too many requests were sent in a short window. JumpCloud treats this as a temporary error.	Back off and retry with an exponential delay, doubling the wait on each attempt.
500	`Internal Server Error`	A server-side fault. JumpCloud groups 5xx responses as temporary errors that may clear on their own.	Retry with an exponential backoff, and stop after a sensible number of attempts.

Versioning & freshness

Version history.

JumpCloud runs two API generations side by side. Version 1 covers devices, users, and commands, while version 2 covers group membership and the relationships between objects. Many integrations call both.

Version history

What changed, and when

Latest versionv1

v1Current version

Version 1: core directory objects

Version 1 is the original JumpCloud API, answering at the console host. It covers the core objects, like devices, users, commands, and organization details, with create, read, update, and delete operations. It is authenticated with the x-api-key header and remains in active use alongside version 2.

What changed

Devices (systems): list, get, update, delete
Users (system users): list, get, create, update, delete
Commands: list, get, create, update, delete
Organization: get organization details

Version 2: groups and associations

Version 2 answers under a /v2 path and was added to handle group membership and the associations between directory objects, the relationships version 1 did not model cleanly. It covers user groups, device groups, policies, and the bindings on applications and RADIUS servers. It uses the same x-api-key authentication, and integrations commonly call both generations.

What changed

User groups and device groups: list, get, create, and member add or remove
Policies: list, get, create
Applications and RADIUS servers: list and manage associations
Object-to-object associations and membership graph

An agent reaches version 1 for core objects and version 2 for group membership and associations.

JumpCloud API release notes ↗

Questions

JumpCloud API, answered.

Why is there a version 1 and a version 2, and which do I use?+

JumpCloud runs two API generations together. Version 1 handles the core objects, like devices, users, commands, and organization details. Version 2 handles group membership and the associations between objects, such as adding a user to a group or seeing which devices a policy covers. The choice is by object, not by which is newer: many integrations call both. List a user with version 1, then add that user to a group with version 2.

How does authentication work?+

Every request carries an API key in the x-api-key header. The key is tied to one admin and is prefixed with jca_. API access is disabled for admins by default and is turned on per admin. Keys created by admins made after 15 July 2024 default to a 90-day expiry, which can be set from one hour to 365 days or to no expiry, and a key is shown only once at creation. The hosted MCP server can also use OAuth.

Can I give an API key access to only some resources or read-only access?+

Not at the JumpCloud layer. A key has no per-endpoint scopes; it inherits the full role of the admin it belongs to. A key made by a full administrator can do anything that administrator can, and there is no native way to limit it to read-only or a single resource. The only built-in lever is which admin role the key's owner holds, which is why a governing layer in front of the key is the way to give an AI agent least-privilege access.

Does JumpCloud send webhooks when something changes?+

There is no general webhook push system. The event source is the Directory Insights API: an app or AI agent queries a single events endpoint for a record of activity, like admin changes, user logins to the portal, RADIUS, LDAP and SSO apps, and device events. It is a pull model, so an integration polls for new events rather than receiving pushed notifications.

What are the rate limits, and what happens when I hit one?+

Sending too many requests in a short window returns a 429 response, which JumpCloud classes as a temporary error. The best-practice guidance is to retry with an exponential backoff, doubling the wait each time, for example 30 seconds, then 60, then 120, then 240. The exact request-per-second ceiling is not published on the best-practices page, so the right approach is to treat a 429 as the signal to slow down.

How does pagination work?+

List endpoints use the skip and limit query parameters: skip steps past a number of records and limit sets how many to return. When paging through a large list with skip, JumpCloud advises adding sort set to _id so the ordering stays stable between pages. The Directory Insights events endpoint returns its own pagination token in a response header to fetch the next page.

Does JumpCloud have an official MCP server for AI agents?+

Yes. JumpCloud hosts a Model Context Protocol server at a remote endpoint, available to all customers, that lets an agent manage the directory in natural language, like finding users and devices, changing group membership, resetting passwords and MFA, or sending device commands. It authenticates with an org-scoped API key or OAuth and currently exposes tools only, not resources or prompts. It still inherits the admin role behind the key, so a governing layer is still what enforces least privilege per agent.

What is Bollard AI?

Control what every AI agent can do in JumpCloud.

Bollard AI sits between a team's AI agents and JumpCloud. Grant each agent exactly the access it needs, read or write, resource by resource, and every call is checked and logged.

Set read, write, or full access per agent, never a shared admin API key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control JumpCloud access in Bollard Browse all APIs →

JumpCloud

Onboarding Agent

Read users and devices ResourceOffReadFull use

Add a user to a group ActionOffReadFull use

Run device commands ActionOffReadFull use

Per-agent access, set in Bollard AI, not in JumpCloud

How the JumpCloud API works.

Connection & authentication methods.

REST API (version 1)

REST API (version 2)

MCP server (Model Context Protocol)

Directory Insights API

API key (x-api-key)

Service account

OAuth (MCP server)

What an AI agent can do in JumpCloud.

Devices

Users

User groups

Device groups

Commands

Applications (SSO)

Policies

RADIUS

Directory Insights

Organization

Every JumpCloud API method.

Devices

Users

User groups

Device groups

Commands

Applications (SSO)

Policies

RADIUS

Directory Insights

Organization

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

JumpCloud API, answered.

More security API guides for agents

Duo

WorkOS

Clerk

CrowdStrike

Okta

Microsoft Entra ID

Control what every AI agent can do in JumpCloud.