Skip to main content
Snipe-IT provides a comprehensive REST API that allows you to programmatically interact with your IT asset management system. The API supports all major CRUD operations for assets, users, accessories, components, consumables, and more.

Getting Started

Base URL

All API requests are made to: 
https://your-snipe-it-instance.com/api/v1/
Replace your-snipe-it-instance.com with your actual Snipe-IT domain.

Authentication

The Snipe-IT API uses Bearer token authentication. You need to include your API token in the Authorization header of every request.

Generating an API Token

  1. Log into your Snipe-IT instance
  2. Navigate to your user profile (top right corner)
  3. Go to API Keys tab
  4. Click Create New Token
  5. Give your token a descriptive name
  6. Copy the generated token immediately (it won’t be shown again)
API tokens have the same permissions as the user who created them. Store tokens securely and never commit them to version control.

Making API Requests

Include your API token in the Authorization header: 
curl -X GET https://your-snipe-it-instance.com/api/v1/hardware \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Accept: application/json"

import requests

url = "https://your-snipe-it-instance.com/api/v1/hardware"
headers = {
    "Authorization": "Bearer YOUR_API_TOKEN",
    "Accept": "application/json"
}

response = requests.get(url, headers=headers)
data = response.json()

API Rate Limiting

By default, the Snipe-IT API is rate-limited to prevent abuse. The default limit is configured in your .env file:
.env
API_THROTTLE_PER_MINUTE=120
If you exceed the rate limit, you’ll receive a 429 Too Many Requests response.

Common API Endpoints

Assets (Hardware)

EndpointMethodDescription
/api/v1/hardwareGETList all assets
/api/v1/hardwarePOSTCreate a new asset
/api/v1/hardware/{id}GETGet a specific asset
/api/v1/hardware/{asset}PATCH/PUTUpdate an asset
/api/v1/hardware/{id}DELETEDelete an asset
/api/v1/hardware/{id}/checkoutPOSTCheck out an asset
/api/v1/hardware/{id}/checkinPOSTCheck in an asset
/api/v1/hardware/bytag/{tag}GETGet asset by asset tag
/api/v1/hardware/byserial/{serial}GETGet asset by serial number
/api/v1/hardware/{asset}/auditPOSTAudit an asset

Users

EndpointMethodDescription
/api/v1/usersGETList all users
/api/v1/usersPOSTCreate a new user
/api/v1/users/{id}GETGet a specific user
/api/v1/users/{user}PATCH/PUTUpdate a user
/api/v1/users/{id}DELETEDelete a user
/api/v1/users/{user}/assetsGETGet assets assigned to user
/api/v1/users/{user}/accessoriesGETGet accessories assigned to user
/api/v1/users/{user}/licensesGETGet licenses assigned to user

Accessories

EndpointMethodDescription
/api/v1/accessoriesGETList all accessories
/api/v1/accessoriesPOSTCreate an accessory
/api/v1/accessories/{id}GETGet a specific accessory
/api/v1/accessories/{accessory}PATCH/PUTUpdate an accessory
/api/v1/accessories/{accessory}/checkoutPOSTCheck out an accessory
/api/v1/accessories/{accessory}/checkinPOSTCheck in an accessory

Components

EndpointMethodDescription
/api/v1/componentsGETList all components
/api/v1/componentsPOSTCreate a component
/api/v1/components/{id}GETGet a specific component
/api/v1/components/{id}/checkoutPOSTCheck out a component
/api/v1/components/{id}/checkinPOSTCheck in a component

Other Resources

The API also supports:
  • Categories (/api/v1/categories)
  • Companies (/api/v1/companies)
  • Departments (/api/v1/departments)
  • Consumables (/api/v1/consumables)
  • Licenses (/api/v1/licenses)
  • Locations (/api/v1/locations)
  • Manufacturers (/api/v1/manufacturers)
  • Models (/api/v1/models)
  • Status Labels (/api/v1/statuslabels)
  • Suppliers (/api/v1/suppliers)

Response Format

All API responses are returned in JSON format.

Success Response

{
  "total": 100,
  "rows": [
    {
      "id": 1,
      "name": "MacBook Pro",
      "asset_tag": "ASSET-001",
      "serial": "C02XK1ABCD",
      "model": {
        "id": 5,
        "name": "MacBook Pro 16\" 2021"
      },
      "status_label": {
        "id": 2,
        "name": "Ready to Deploy"
      },
      "assigned_to": null,
      "created_at": {
        "datetime": "2024-01-15 10:30:00",
        "formatted": "Jan 15, 2024"
      }
    }
  ]
}

Error Response

{
  "status": "error",
  "message": "Asset not found",
  "payload": null
}
Common HTTP status codes:
  • 200 - Success
  • 201 - Created
  • 400 - Bad Request
  • 401 - Unauthorized (invalid token)
  • 403 - Forbidden (insufficient permissions)
  • 404 - Not Found
  • 422 - Validation Error
  • 429 - Too Many Requests (rate limited)
  • 500 - Server Error

Pagination

List endpoints support pagination using the following parameters:
  • limit - Number of results per page (default: 50, max: determined by MAX_RESULTS setting)
  • offset - Number of results to skip
curl -X GET "https://your-snipe-it-instance.com/api/v1/hardware?limit=20&offset=0" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Filtering and Searching

Many endpoints support filtering and searching:
  • search - Search across multiple fields
  • sort - Column to sort by
  • order - Sort order (asc or desc)
# Search for assets
curl -X GET "https://your-snipe-it-instance.com/api/v1/hardware?search=macbook" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

# Sort by name ascending
curl -X GET "https://your-snipe-it-instance.com/api/v1/hardware?sort=name&order=asc" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Personal Access Tokens

Users can manage their own API tokens programmatically: 
# Create a personal access token
curl -X POST https://your-snipe-it-instance.com/api/v1/account/personal-access-tokens \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "My Integration Token"}'

# List personal access tokens
curl -X GET https://your-snipe-it-instance.com/api/v1/account/personal-access-tokens \
  -H "Authorization: Bearer YOUR_API_TOKEN"

# Delete a personal access token
curl -X DELETE https://your-snipe-it-instance.com/api/v1/account/personal-access-tokens/{tokenId} \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Best Practices

Create dedicated API users with only the permissions needed for your integration. Don’t use admin tokens unless absolutely necessary.
Implement exponential backoff when you receive 429 responses. Respect the rate limits to ensure system stability.
Always check HTTP status codes and validate response data before processing. Handle errors appropriately.
When possible, use search and filter parameters to retrieve only the data you need instead of fetching all records.
Store API tokens in environment variables or secure credential stores. Never hardcode them in your application code.

Next Steps

Full API Reference

Complete API documentation with all endpoints and parameters

LDAP Integration

Sync users from Active Directory or LDAP

SAML SSO

Configure single sign-on with SAML providers

Webhooks

Set up notifications for Slack, Teams, and more

Build docs developers (and LLMs) love

Get started for freeTalk to us