Skip to main content

Improved Apple VPP 2.0 Protocol

What

Starting from FileWave version 14.6.0 we added support for a new Apple API for App and Book Management within the Apple Volume Purchase Program. The main difference compared to the previous version is that the new API is asynchronous. When we send a request to create / update / retire users or associate / disassociate assets we get a unique event identifier in response, which we use in the scheduler task to retrieve the status of an asynchronous event. With the first iteration, we will continue to poll the Web server to retrieve status, but the Web server supports subscribing to notifications, which we will implement later.  There are no visual changes in your environment, except that the new API is more reliable, and expandable.

When/Why

In short, the new VPP 2.0 protocol is better, but out of an abundance of caution, it was not enabled by default on FileWave version 14.6.0 or 14.7.0 but this article will be updated when this becomes the default.  

How

The new implementation is not yet turned on by default, as of 14.7.0. To turn it on you need to add a line to your /usr/local/filewave/django/filewave/settings_custom.py and after that restart server. If you are a hosted customer you will not have the ability to edit this file directly so submit a support case.

VPP_V2 = True

If you enable it then to make sure that your server is using the new API, you can check filewave_django.log. Lines with 'Sync VPP v2' is the confirmation that the new API is activated. Another quick way would be in the Native Admin to go to Preferences → VPP & DEP and if the Enable VPP Notifications item can be enabled then VPP 2.0 is active (14.7+ only). It will be greyed out otherwise, and the checkbox will not be selectable. 

One important change in the new API is that when we create a user we need to specify an email address. For BYOD devices we are using Managed Apple ID, for DEP devices - Device Assigner Email (it is not available when option 'Create VPP users for newly enrolled devices' is checked), if before mentioned is not available, we use Organization Email Address, and as last resort - 'email.not.set@<your_mdm_host>'.