Using the 
BlackBerry Web Services
 REST APIs for SafetyNet attestation and status

The BlackBerry Web Services for BlackBerry UEM are a collection of REST APIs that you can use to execute administrative actions in 
BlackBerry UEM
 or to retrieve status information about 
UEM
 users, groups, devices, and the overall 
UEM
 domain. The 
BlackBerry Web Services
 version 12.10 and later provide REST APIs that you can use to both initiate and check the status of SafetyNet attestation.
For an introduction to the 
BlackBerry Web Services
 REST APIs, see the Getting started section in the REST API reference.
You can use the following APIs to initiate attestation for a specific 
BlackBerry Dynamics
 app or for a user’s device:
You can use the following APIs to retrieve the attestation status (as well as other status information) for all of a user’s devices, for a specific device, or for all of the apps on a specific device:
The returned status information provides the time that an attestation result was last reported. You can establish a trust window in which an attestation call is not required (for example, four hours). If you do use a REST API for an ATTEST call, you must get the attestation status later (asynchronously), as there is no notification that 
UEM
 has completed the attestation process.
You can use the REST APIs for various use cases. For example, if you have a server application that is used by your organization’s internal mobile apps, you could have the server application use the REST APIs noted above to check the app’s attestation status (or to initiate an attestation challenge) before releasing data to the app or accepting data from it.
Note the following about the communication channels for the REST APIs:
  • The REST APIs that attest the device or get status information for the device communicate with the 
    BlackBerry UEM Client
     over a direct device channel that doesn’t require user authentication.
  • The REST APIs that attest a specific 
    BlackBerry Dynamics
     app remain pending on the 
    UEM
     server until the app is running on the device. When the app starts and is authenticated, it connects to 
    UEM
     and the attestation challenge occurs.