The transition from basic authentication to OAuth 2.0 in Workspace One UEM is mandatory — and for good reason. This guide walks through creating an OAuth client, configuring token endpoints, and securely storing credentials in the macOS Keychain so your API integrations are both functional and compliant.
Workspace One UEM has deprecated basic authentication for REST API access in favor of OAuth 2.0. If you’re still using username and password combinations in your API scripts or integrations, you need to migrate before access is cut off.
OAuth 2.0 provides several security advantages: tokens are short-lived and can be revoked, the client secret never travels with each request, and you can scope permissions to exactly what your integration needs.
This step-by-step guide covers creating an OAuth client in the Workspace One console, configuring the token endpoint URL, handling token refresh, and storing credentials securely in the macOS Keychain using the Security framework — the same approach used by WS One Power Admin.