Guide

Working with PEM Keys

The PEM file is your Apple Business Manager API private key. ABM Warranty uses this key to generate a signed JWT client assertion, which is required to authenticate with Appleā€™s OAuth service before any device or coverage data can be retrieved.

The PEM file must meet the following requirements:

  • Elliptic Curve (EC) private key using the P-256 curve
  • Unencrypted private key format
  • Downloaded directly from Apple Business Manager
  • Must correspond exactly to the configured Client ID and Key ID

To configure a PEM key, open Settings, enter the Client ID and Key ID, then select the PEM file using the file picker. The key is validated immediately to confirm that it can be used to generate a client assertion.

ABM Warranty stores only a secure reference to the PEM file location. The private key itself is never copied, embedded, or transmitted outside the local system.

If the PEM file cannot be read or validated, ABM Warranty will:

  • Block authentication and API access
  • Surface credential warnings in the Status Dashboard
  • Record detailed diagnostic information in the Log window

Common PEM-related issues include selecting an encrypted private key, choosing a certificate instead of a private key, mismatched Key IDs, or file permission restrictions that prevent the app from accessing the key.

For managed environments, PEM files may be deployed automatically using managed preferences. Managed keys follow the same validation rules and are treated identically to manually imported keys once installed.

For security reasons, PEM files are never transmitted to Apple or any third party. Only the generated JWT assertion is sent as part of the OAuth authentication process.