Skip to content
Truto

Default · Beta

Kandji
API integration

Ship Default features without building the integration. Full Kandji API access via Proxy, normalized data through Unified APIs, and 10+ MCP-ready tools for AI agents — all extensible to your exact use case.

Built for specific customer use cases. Issues are resolved quickly.

Talk to us
Kandji

Use Cases

Why integrate with Kandji

Common scenarios for SaaS companies building Kandji integrations for their customers.

01

Automate SOC 2 and ISO 27001 evidence collection from Apple fleets

GRC and compliance platforms can continuously pull device library items, installed apps, and Blueprint enforcement statuses from Kandji to prove that encryption, EDR, and password policies are actively applied across every employee laptop — eliminating manual screenshot-based audits.

02

Sync Apple device inventory into IT asset management platforms

ITAM tools can pull the full Kandji device inventory — including serial numbers, OS versions, assigned users, and hardware models — to reconcile physical assets against procurement records and flag unmanaged or stale devices automatically.

03

Power zero-touch onboarding and secure offboarding from HRIS platforms

HR and People Ops tools can programmatically assign devices to Blueprints during onboarding and delete users and devices from Kandji when an employee is terminated, ensuring company access is revoked instantly without IT intervention.

04

Enforce device posture checks before granting application access

Zero Trust and SaaS management platforms can query Kandji at login time to verify that a user's device has the required apps installed, is running a compliant OS version, and is assigned to an approved Blueprint before granting access.

05

Automate threat response by quarantining compromised endpoints

Security orchestration platforms can look up a flagged device in Kandji by ID and immediately reassign it to a restricted quarantine Blueprint, isolating the endpoint without waiting for a human to take action.

What You Can Build

Ship these features with Truto + Kandji

Concrete product features your team can ship faster by leveraging Truto’s Kandji integration instead of building from scratch.

01

Real-time device compliance dashboard

Pull all Kandji devices and their library item statuses to surface a live view of which endpoints meet security policies and which are drifting out of compliance.

02

Automated employee offboarding workflow

Trigger Kandji user deletion and device removal directly from your app when an employee is terminated, ensuring MDM unenrollment and agent uninstall happen in seconds.

03

Blueprint assignment selector for IT admins

Fetch available Kandji Blueprints and present them in a dropdown so IT admins can assign the correct configuration profile to a new hire's device without leaving your product.

04

Installed software inventory with version tracking

List all apps installed on each Kandji-managed device to detect outdated software, missing security tools, or unauthorized applications across the fleet.

05

Cross-platform user directory sync

Use Truto's Unified User Directory API to sync Kandji user records — including names, emails, and statuses — alongside users from HRIS and identity providers into a single canonical view.

06

Device-to-identity mapping for access decisions

Match Kandji device records to user identities so your app can answer the question 'is this person accessing our service from a managed, compliant device?' at authentication time.

SuperAI

Kandji AI agent tools

Comprehensive AI agent toolset with fine-grained control. Integrates with MCP clients like Cursor and Claude, or frameworks like LangChain.

list_all_kandji_devices

Get a list of devices in Kandji. Returns fields including device_id, device_name, model, platform, os_version, serial_number, user, and tags.

get_single_kandji_device_by_id

Get device details for a specified device in Kandji. Requires device id. Returns device information including hardware, software, and status fields.

update_a_kandji_device_by_id

Update device information in Kandji using id. Supports updating user assignment, asset_tag, blueprint_id, and tags. Use null to clear asset_tag or user, and empty list to clear tags. Returns updated device fields.

delete_a_kandji_device_by_id

Delete a specific device in Kandji using id. This removes the device record, unenrolls it from MDM, and automatically uninstalls the agent on next check-in for macOS and Windows devices. Returns no content.

list_all_kandji_device_apps

Get a list of all installed apps for a specified device in Kandji. Requires device_id. The response includes app details, such as name and version.

list_all_kandji_device_library_items

Get all library items and their statuses for a specified device in Kandji. Returns fields including library item status indicating availability, installation state, and compatibility.

list_all_kandji_blueprints

Get a list of blueprints in Kandji. Returns blueprint records with details such as id and name.

get_single_kandji_blueprint_by_id

Get information about a specific blueprint in Kandji using id. Returns blueprint details including configuration and metadata.

list_all_kandji_users

List users in Kandji. Returns an array of users with key details such as id, email, name, active, archived, created_at, updated_at, department, job_title, device_count, and integration information.

get_single_kandji_user_by_id

Get details for a specific user in Kandji using id. Returns key fields including name, email, active status, department, job_title, device_count, and integration details such as id, name, and type.

delete_a_kandji_user_by_id

Delete a specific user in Kandji by id. Returns no content on success. If the user is still assigned to one or more devices, a 400 error with 'detail' explaining the assignment issue is returned.

Why Truto

Why use Truto’s MCP server for Kandji

Other MCP servers give you a static tool list for one app. Truto gives you a managed, multi-tenant MCP infrastructure across 650+ integrations.

01

Auto-generated, always up to date

Tools are dynamically generated from curated documentation — not hand-coded. As integrations evolve, tools stay current without manual maintenance.

02

Fine-grained access control

Scope each MCP server to read-only, write-only, specific methods, or tagged tool groups. Expose only what your AI agent needs — nothing more.

03

Multi-tenant by design

Each MCP server is scoped to a single connected account with its own credentials. The URL itself is the auth token — no shared secrets, no credential leaking across tenants.

04

Works with every MCP client

Standard JSON-RPC 2.0 protocol. Paste the URL into Claude, ChatGPT, Cursor, or any MCP-compatible agent framework — tools are discovered automatically.

05

Built-in auth, rate limits, and error handling

Tool calls execute through Truto’s proxy layer with automatic OAuth refresh, rate-limit handling, and normalized error responses. No raw API plumbing in your agent.

06

Expiring and auditable servers

Create time-limited MCP servers for contractors or automated workflows. Optional dual-auth requires both the URL and a Truto API token for high-security environments.

Unified APIs

Unified APIs for Kandji

Skip writing code for every integration. Use Truto’s category-specific Unified APIs out of the box or customize the mappings with AI.

Unified User Directory API

Users

The User object represents a User.

View Docs

Unified MDM API

Apps

Core resource which represents a software application installed on a managed device. Installed software is typically mapped to installed applications, installed programs, packages, or inventory items depending on the underlying product.

View Docs

Devices

Core resource which represents a managed device in an MDM or RMM system. Devices are typically mapped to endpoints, nodes, or assets depending on the underlying product.

View Docs

Users

Users represent the people using the underlying MDM or RMM system. They are usually called employees, contractors, admins, etc.

View Docs

How It Works

From zero to integrated

Go live with Kandji in under an hour. No boilerplate, no maintenance burden.

01

Link your customer’s Kandji account

Use Truto’s frontend SDK to connect your customer’s Kandji account. We handle all OAuth and API key flows — you don’t need to create the OAuth app.

02

We handle authentication

Don’t spend time refreshing access tokens or figuring out secure storage. We handle it and inject credentials into every API request.

03

Call our API, we call Kandji

Truto’s Proxy API is a 1-to-1 mapping of the Kandji API. You call us, we call Kandji, and pass the response back in the same cycle.

04

Unified response format

Every response follows a single format across all integrations. We translate Kandji’s pagination into unified cursor-based pagination. Data is always in the result attribute.

FAQs

Common questions about Kandji on Truto

Authentication, rate limits, data freshness, and everything else you need to know before you integrate.

What authentication method does Kandji use for API access?

Kandji uses API token-based authentication. Your end users generate a Bearer token from the Kandji admin console, and Truto handles storing and passing it securely on every request — no OAuth flow required.

What operations are supported — is it read-only or read/write?

Both. You can read devices, users, apps, library items, and Blueprints. You can also update device properties (such as asset tag, assigned user, or Blueprint), and delete devices and users programmatically via Truto.

Does Truto handle pagination for Kandji's device and user list endpoints?

Yes. Truto automatically manages pagination across all list endpoints — including devices, users, apps, library items, and Blueprints — so you receive complete result sets without writing pagination logic.

Which Truto Unified APIs map to Kandji?

Kandji is available through both the Unified User Directory API (for user records) and the Unified MDM API (for devices, apps, and users), letting you normalize Kandji data alongside other MDM and directory providers.

What happens if I try to delete a Kandji user who is still assigned to a device?

Kandji returns a 400 error if you attempt to delete a user who still has active device assignments. Your workflow should first unassign or delete associated devices before removing the user record.

Can I change which Blueprint a device is assigned to via the API?

Yes. Using the update device endpoint, you can change a device's blueprint_id to reassign it to a different configuration profile — useful for role changes, quarantining compromised devices, or onboarding workflows.

From the Blog

Kandji integration guides

Deep dives, architecture guides, and practical tutorials for building Kandji integrations.

Connect Kandji to ChatGPT: Automate Device Audits

Learn how to connect Kandji to ChatGPT using a managed MCP server. A step-by-step technical guide to automating MDM device audits, app compliance, and security logs.

Connect Kandji to Claude: Automate MDM Workflows

Learn how to connect Kandji to Claude using a managed MCP server. Automate device audits, query fleet telemetry, and execute MDM workflows without writing code.

Connect Kandji to AI Agents: Automate MDM Workflows & Audits

Learn how to connect Kandji to AI agents using Truto's /tools endpoint and LangChain—without hand-coding pagination schemas for every endpoint.

Kandji

Get Kandji integrated into your app

Our team understands what it takes to make a Kandji integration successful. A short, crisp 30 minute call with folks who understand the problem.

Talk to us