Skip to main content

About Absolute

Absolute Secure Endpoint (formerly Absolute Visibility / Persistence) is endpoint resilience and security software for laptops, desktops, and Chromebooks. The Serval Absolute integration connects to your Secure Endpoint Console using an asymmetric API token. Serval signs each API call with your EC P-256 private key and sends it to the regional Absolute API host you select. There is no browser sign-in and no long-lived bearer token stored in workflows. Authentication: Asymmetric API token (Token ID + EC P-256 private key PEM). Serval constructs a JSON Web Signature for every request and posts it to Absolute’s /jws/validate endpoint on your configured API domain. Data sync: On demand only. Workflows call the Absolute API when they run; there is no background sync or asset ingestion.

What the Absolute integration enables

CapabilityDescription
Absolute API requestTyped access to the Absolute v3 REST API from custom workflows — devices, device groups, users, applications, freeze/unfreeze, messaging, geofences, and other Secure Endpoint operations supported by your token’s permissions.
Regional API routingChoose the API domain that matches your Secure Endpoint Console login URL (Global, US, EU, India, or US Gov). Serval only sends signed requests to the five supported Absolute API hosts.
Anything defined in the Absolute API documentation for your region can be accessed through Serval, subject to the permissions on your API token.

Get your credentials

Serval needs four values from Absolute Secure Endpoint Console: an instance name (for your own labeling), the matching API domain, a Token ID, and the PEM-encoded EC P-256 private key that pairs with the public key uploaded when the token was created.
1

Sign in to Secure Endpoint Console

Open the console URL your organization uses (for example https://secure.absolute.com or a regional variant) and sign in with an account that can manage API tokens.
2

Create an asymmetric API token

In Secure Endpoint Console, create a new API token using Absolute’s asymmetric (public/private key) flow. Upload an EC P-256 public key in PEM format when prompted.
3

Copy the Token ID

When the token is created, copy its Token ID. Serval uses this as the JWS key identifier (kid) on every signed request.
4

Keep the matching private key

Use the EC P-256 private key PEM that corresponds to the public key you uploaded. Serval stores it encrypted and uses it only server-side to sign requests — it is never exposed to workflow code.
5

Note your API domain

Match the API domain to the console region you use. The connect form offers Global (api.absolute.com), US (api.us.absolute.com), EU (api.eu2.absolute.com), India (api.in1.absolute.com), and US Gov (api.fr1.absolutegov.com).
If you rotate or replace the token in Absolute, update both the Token ID and private key in Serval. A mismatched key pair fails every API call with an authentication error.

Connect in Serval

1

Open the Absolute connect form

In Serval, add the Absolute integration.
2

Instance Name (required)

Enter a label for this connection (for example Production or Corporate). This helps your team distinguish multiple Absolute installs.
3

API Domain (required)

Select the regional API host that matches your Secure Endpoint Console login URL.
4

Token ID (required)

Paste the Token ID from the asymmetric API token you created in Absolute.
5

Private Key (required)

Paste the full PEM-encoded EC P-256 private key, including the -----BEGIN / -----END lines.
6

Save the connection

Submit the form. Serval stores the private key encrypted and configures signing for your selected API domain.
When editing an existing connection, the stored private key is shown obfuscated. Re-paste the full PEM to rotate credentials; leave other fields unchanged to keep their stored values.

Gotchas and troubleshooting

Serval only attaches credentials to requests bound for the five supported Absolute API hosts. Choosing the wrong region causes authentication failures even when the Token ID and private key are correct.
Absolute asymmetric tokens require an Elliptic Curve key on the NIST P-256 curve. PKCS#8 or SEC1 PEM encodings are both accepted. Other key types are rejected at signing time.
The API token’s permission set in Absolute determines which endpoints succeed. A 403 from a workflow usually means the token lacks the privilege for that resource — adjust the token in Secure Endpoint Console, not Serval.
If your token has an IP allowlist in Absolute, ensure Serval’s outbound addresses are permitted or the allowlist is disabled for this token.

Need help? Contact support@serval.com for assistance with your Absolute integration.