Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/grokability/snipe-it/llms.txt

Use this file to discover all available pages before exploring further.

The Snipe-IT API uses Laravel Passport for authentication via personal access tokens. All API requests must include a valid bearer token in the Authorization header.

Base URL

All API endpoints are prefixed with /api/v1: 
https://your-snipe-it-instance.com/api/v1

Authentication Methods

Personal Access Tokens

Snipe-IT uses OAuth 2.0 personal access tokens for API authentication. These tokens allow you to authenticate API requests without exposing your password.

Generating a Token

You can generate a personal access token using the API itself (requires initial authentication) or through the web interface. Via API: 
curl -X POST https://your-snipe-it-instance.com/api/v1/account/personal-access-tokens \
  -H "Authorization: Bearer YOUR_EXISTING_TOKEN" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "name": "My API Token"
  }'
Save the token immediately! For security reasons, the full token is only displayed once during creation. If you lose it, you’ll need to generate a new one.

Listing Your Tokens

Retrieve all active personal access tokens for the authenticated user: 
curl https://your-snipe-it-instance.com/api/v1/account/personal-access-tokens \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Accept: application/json"

Deleting a Token

Revoke a personal access token when it’s no longer needed: 
curl -X DELETE https://your-snipe-it-instance.com/api/v1/account/personal-access-tokens/{tokenId} \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Accept: application/json"
tokenId
string
required
The UUID of the token to delete (e.g., 9a8f7e6d-5c4b-3a2b-1c0d-9e8f7a6b5c4d)
A successful deletion returns HTTP status 204 No Content.

Using Your Token

Include your personal access token in the Authorization header of every API request using the Bearer authentication scheme: 
Authorization: Bearer YOUR_ACCESS_TOKEN

Example Request

curl https://your-snipe-it-instance.com/api/v1/hardware \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..." \
  -H "Accept: application/json"

Token Expiration

By default, personal access tokens expire after 15 years from creation. You can customize this expiration period using the API_TOKEN_EXPIRATION_YEARS environment variable:
.env
API_TOKEN_EXPIRATION_YEARS=15

Content Type Headers

Always include the Accept: application/json header in your requests to ensure you receive JSON responses.
For POST, PUT, and PATCH requests, also include: 
Content-Type: application/json

Authentication Errors

Unauthenticated (401)

Returned when no valid token is provided: 
{
  "status": "error",
  "message": "Unauthenticated.",
  "payload": null
}

Forbidden (403)

Returned when the authenticated user lacks permissions: 
{
  "status": "error",
  "message": "Insufficient permissions.",
  "payload": null
}

Invalid Token

If your token is malformed or expired: 
{
  "status": "error",
  "message": "The token is invalid or has expired.",
  "payload": null
}

Security Best Practices

  • Never commit tokens to version control
  • Use environment variables or secure secret management systems
  • Treat tokens like passwords
Always use HTTPS to prevent token interception. Configure your Snipe-IT instance with:
.env
APP_FORCE_TLS=true
SECURE_COOKIES=true
Periodically delete old tokens and generate new ones, especially:
  • When team members leave
  • If you suspect a token has been compromised
  • As part of regular security maintenance
Name your tokens based on their purpose or application:
  • “Production Monitoring Script”
  • “Mobile App Integration”
  • “Backup Automation”
Create separate tokens for different applications or purposes rather than sharing a single token across multiple systems.

Testing Authentication

Verify your authentication setup by retrieving your user profile: 
curl https://your-snipe-it-instance.com/api/v1/users/me \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Accept: application/json"
If you receive your user details, your authentication is working correctly!

Next Steps

Rate Limits

Learn about API rate limiting and quotas

Assets

Start working with asset endpoints