Skip to main content
Question

Jamf2Snipe: API Authentication Compatibility Issue

  • November 7, 2025
  • 1 reply
  • 36 views
coolitthings

Has anyone gotten jamf2snipe working with Jamf Pro Cloud API Roles & Clients (OAuth client ID/secret)? All documentation I see is for Classic API, which is blocked here

1 reply

h1431532403240
Forum|alt.badge.img+6

Hi coolitthings,

Great news! The latest version of jamf2snipe (from the grokability/jamf2snipe repository) already supports OAuth API Roles & Clients authentication. The documentation has been updated to use client_id and client_secret instead of the legacy username/password approach.

Configuration for OAuth API Roles & Clients

In your settings.conf file, configure the [jamf] section as follows:

[jamf]
url = https://your_jamf_instance.jamfcloud.com
client_id = your-api-client-id
client_secret = your-api-client-secret

Setting Up API Roles & Clients in Jamf Pro

  1. Create an API Role:
    • Go to Settings > System > API Roles and Clients
    • Click the API Roles tab
    • Click + New
    • Name: jamf2snipe-role
    • Add the following privileges:
      • Computers: Read, Update
      • Mobile Devices: Read, Update
      • Users: Read, Update
    • Click Save
  2. Create an API Client:
    • Click the API Clients tab
    • Click + New
    • Display Name: jamf2snipe-client
    • API Roles: Select the role you created above
    • Access Token Lifetime: 1800 (30 minutes) or your preference
    • Click Enable API Client
    • Click Save
  3. Generate Client Secret:
    • After saving, click Generate Secret
    • Copy the secret immediately — it's only shown once!
    • Store securely in a password manager

How It Works Under the Hood

The jamf2snipe script uses the OAuth 2.0 Client Credentials flow to obtain a Bearer Token:

 

The token is then used for all subsequent API calls.

Important Notes:

  1. Token Expiration: Unlike Bearer Tokens obtained via Basic Auth, OAuth tokens cannot be refreshed using keep-alive. jamf2snipe automatically obtains a new token when needed.
  2. Scope Changes: If you modify the API Role assigned to your API Client, you must regenerate the Client Secret for changes to take effect.
  3. Classic API Still Works: jamf2snipe uses the Classic API endpoints, which are fully supported with OAuth authentication since Jamf Pro 10.49.
  4. If You're on an Older Version: Make sure you're running the latest jamf2snipe from the main branch:
git clone https://github.com/grokability/jamf2snipe.git
# or update existing
cd jamf2snipe && git pull

Testing Your Configuration

Run a dry-run to verify connectivity:

python3 jamf2snipe --dryrun -v

This will test connections to both Jamf Pro and Snipe-IT without making any changes.

References:

Hope this helps get you up and running!

Terms & ConditionsCookie settingsAccessibility statement