How to Upload Packages or APKs to SOTI MobiControl via API Using Curl
Summary
Related SOTI ONE Platform Products
Related Device OS
Situation
Uploading application packages (.apk) or configuration packages (.pcg) to the SOTI MobiControl API allows for remote device management and deployment.
This guide outlines the required steps to perform this action.
Prerequisites
-
Familiarity with making HTTP API requests (e.g., using curl, Postman, or scripting languages).
-
A valid API Bearer Token generated through SOTI's authentication flow.
-
If you're not familiar with generating an access token, refer to the How to get access to a token article.
Note:This process involves a POST request, which directly affects the SOTI server environment you're targeting.
Environment
SOTI MobiControl 14.0.0 and later
Process Description
Before uploading your package, complete the following steps:
1. Confirm the API Endpoint
Make sure you are targeting the correct SOTI MobiControl upload endpoint:
2. Obtain a Valid OAuth Bearer Token
- The access token is valid for one hour.
- If expired, API calls will return HTTP error codes:
-
-
401 Unauthorized
-
403 Forbidden
-
- Include the token in all API requests using the following header:
3. Create a Valid metadata.json File
This file must describe the package being uploaded. Example structure:
{ "DeviceFamily": "AndroidPlus",
"PackageName": "org.mozilla.firefox",
"PackageVersion": "109.1.1"
}
Constructing and Running the Upload Request
Use the following curl examples to construct a multipart upload request for either a .pcg or .apk file.
Update the file paths, filenames, and metadata as needed.
Instructions for request for packages (.pcg) and request for applications (.apk):
Request for packages (.pcg)
(
printf -- '--soti_pack\r\n'
printf 'Content-Type: application/vnd.soti.mobicontrol.package.metadata+json\r\n\r\n'
# Path to your metadata.json
cat /c/path/to/file/metadata.json
printf '\r\n--soti_pack\r\n'
printf 'Content-Type: application/vnd.soti.mobicontrol.package\r\n'
# File name of your .pcg package
printf 'Content-Disposition: attachment; filename="org.mozilla.firefox"\r\n'
printf 'Content-Transfer-Encoding: binary\r\n\r\n'
# Path to your actual .pcg package
cat /c/path/to/file/org.mozilla.firefox_109.1.1.pcg
printf '\r\n--soti_pack--\r\n'
) | curl -v POST "https://your-mobicontrol-server/api/v1/apps/upload" \
-H "Bearer $TOKEN" \
-H "Content-Type: multipart/related; boundary=soti_pack" \
--data-binary @
Request for applications .(apk)
(
printf -- '--soti_pack\r\n'
printf 'Content-Type: application/vnd.android.application.metadata+json\r\n\r\n'
# Path to your metadata.json
cat /c/Path/to/file/metadata.json
printf '\r\n--soti_pack\r\n'
printf 'Content-Type: application/vnd.android.application\r\n'
# Name of the APK file (must end with .apk)
printf 'Content-Disposition: attachment; filename="WhatsApp.apk"\r\n'
printf 'Content-Transfer-Encoding: binary\r\n\r\n'
# Path to your actual .apk file
cat /c/Path/to/file/WhatsApp.apk
printf '\r\n--soti_pack--\r\n'
) | curl -v POST "https://your-mobicontrol-server/api/v1/apps/upload" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: multipart/related; boundary=soti_pack" \
--data-binary @-
Note: Troubleshoot using curl -v to inspect request and response headers.
Verification and Validation
The following is an example of the output when the upload is completed successfully (as confirmed by the HTTP 200 OK response):
Post-Upload Validation
After receiving a successful response (HTTP 200 OK), it is important to validate the integrity of the uploaded file:
1. Log in to the MobiControl Console.
2. Navigate to the Packages section.
3. Locate the uploaded .apk or .pcg package.
4. Confirm that the package name and version appear correctly and its working properly.
Was this helpful?
Thanks for your feedback