# NinjaOne RMM

Monitor all your managed devices, organizations, and alerts across your MSP clients with real-time AI-powered insights.

Connect Weavestream to NinjaOne RMM to monitor:

• 💻 Devices - All managed endpoints with detailed system info
• 🏢 Organizations - Your complete MSP client list
• 🚨 Alerts - Real-time monitoring alerts and notifications
• 🔗 Relationships - Devices linked to organizations, alerts linked to devices
• 📊 System Details - OS, memory, disk space, uptime, and more

Estimated Setup Time: 15-20 minutes

• NinjaOne account with API access
• Admin or appropriate role permissions
• At least one organization with managed devices
• Weavestream installed on your Mac

1. Go to https://app.ninjarmm.com
2. Sign in with your NinjaOne account

1. Click Administration in the left sidebar
2. Select Apps → API
3. Click "Add" or "Create Application"

Fill in the application details:

Application Name:

Weavestream Monitor

Description:

API integration for Weavestream unified monitoring dashboard

Redirect URI:

http://localhost:8080/callback

(This is required for OAuth flow - Weavestream will handle the redirect)

Scopes: Select the following permissions:

• ✅ Monitoring (read access to devices, alerts, organizations)
• ✅ Management (optional - only if you want to manage devices from Weavestream later)

Grant Type:

• Select "Authorization Code" (for OAuth 2.0 flow)

Click "Save" or "Create"

After creation, you'll see:

📋 Client ID

• Example: nj_abc123def456ghi789
• Copy this value

📋 Client Secret

• Example: secret_XyZ789AbC123DeF456...
• ⚠️ IMPORTANT: Copy this immediately - you won't see it again!

Save these credentials securely - you'll need them for Weavestream.

1. Open Weavestream
2. Click the "+" button in the sidebar
3. Select "Add Source"
4. Fill in the source details:
   • Name: NinjaOne
   • Base URL: https://app.ninjarmm.com/api/v2
   • Auth Type: OAuth
   • OAuth Flow Type: Authorization Code
   • Authorization URL: https://app.ninjarmm.com/ws/oauth/authorize
   • Token URL: https://app.ninjarmm.com/ws/oauth/token
   • Client ID: Paste your Client ID
   • Client Secret: Paste your Client Secret
   • Scopes: monitoring
   • Redirect Port: 8080
   • Use Basic Auth: Yes (checked)
   • Icon: Select shield.checkered or use custom ninjaone icon if available
   • Color: Choose your preference (suggested: #7ED321 - NinjaOne green, or #0052CC - blue)
   • Refresh Interval: 15 minutes (for real-time monitoring)
5. Click "Add" or "Save"
6. OAuth Authorization Flow:
   • A browser window will open
   • Sign into NinjaOne if prompted
   • Click "Authorize" to grant access
   • Browser will redirect back to Weavestream
   • You should see "Authorization successful"

Now we'll add endpoints to monitor different aspects of your NinjaOne environment.

Monitor all your MSP client organizations.

Configuration:

• Name: Organizations
• Path: /organizations
• Method: GET
• Query Parameters: (none needed)

Field Mapping:

• ID Field: id
• Title Field: name
• Date Field: (none - use sync time)
• Summary Fields: description
• Status Field: (none)

Retention Mode: Delete on Sync (organizations don't change often)

Relationships: None

Get detailed information about all managed devices across all organizations.

Configuration:

• Name: Devices
• Path: /devices-detailed
• Method: GET
• Query Parameters: (none needed)

Optional Query Parameters:

• df: class,system,os,memory (specify detail fields)
• pageSize: 1000 (results per page)

Field Mapping:

• ID Field: uid (or id)
• Title Field: name (fallback to displayName or systemName)
• Date Field: created
• Summary Fields: os.name, nodeClass, memory.capacity
• Status Field: offline
  • Important: Enable "Invert Status Boolean"
  • This maps offline: false → ok and offline: true → critical

Retention Mode: Keep All (preserve device history)

Relationships:

• Link to Organizations endpoint
• Source Field: organizationId
• Target Endpoint: Organizations
• Target ID Field: id
• Fields to Include: name (organization name)

Monitor all active alerts across your managed devices.

Configuration:

• Name: Alerts
• Path: /alerts
• Method: GET
• Query Parameters: (none needed)

Optional Query Parameters:

• status: OPEN (only open alerts)
• severity: CRITICAL (only critical alerts)
• pageSize: 1000

Field Mapping:

• ID Field: uid
• Title Field: subject
• Date Field: createTime
• Summary Fields: message, severity
• Status Field: severity
  • Map CRITICAL → critical
  • Map WARNING → warning
  • Map INFO → info

Retention Mode: Keep All (preserve alert history)

Relationships:

• Link to Devices endpoint
• Source Field: deviceId
• Target Endpoint: Devices
• Target ID Field: id
• Fields to Include: systemName, os.name, deviceType, nodeClass

This allows AI to answer: "Which device triggered this alert?" and "Show me device details for this alert"

Quickly identify devices that are currently offline.

Configuration:

• Name: Offline Devices
• Path: /devices-detailed
• Method: GET

Query Parameters:

• df: class,system,os
• pageSize: 1000

Note: You'll need to create a Smart Filter instead (see Part 4).

Alternative: Use Smart Filter on Devices endpoint:

• Condition: offline equals true

Track installed software on a specific device.

Configuration:

• Name: Software - [Device Name]
• Path: /device/{deviceId}/software
• Method: GET

Replace {deviceId} with actual device ID from Devices endpoint.

Field Mapping:

• ID Field: id
• Title Field: name
• Summary Fields: version, publisher

Use Case: Create separate endpoints for key servers/workstations to track software inventory.

Track activities/events on a specific device.

Configuration:

• Name: Activities - [Device Name]
• Path: /device/{deviceId}/activities
• Method: GET

Query Parameters:

• pageSize: 100
• olderThan: (timestamp for pagination)

Field Mapping:

• ID Field: id
• Title Field: activityType
• Date Field: activityTime
• Summary Fields: status, user

When you sync devices, you'll get data like:

{
  "id": 123,
  "uid": "abc-123-def-456",
  "organizationId": 456,
  "name": "WORKSTATION-01",
  "displayName": "John's Workstation",
  "systemName": "WORKSTATION-01.domain.com",
  "nodeClass": "WINDOWS_WORKSTATION",
  "deviceType": "LAPTOP",
  "offline": false,
  "created": "2024-01-15T10:00:00Z",
  "lastContact": "2024-01-26T14:30:00Z",
  "os": {
    "name": "Windows 11 Pro",
    "version": "10.0.22621"
  },
  "memory": {
    "capacity": 34359738368
  },
  "cpu": {
    "name": "Intel Core i7-12700"
  },
  "disks": [
    {
      "name": "C:",
      "freeSpace": 483183820800,
      "size": 1000204886016
    }
  ]
}

{
  "uid": "alert-123",
  "deviceId": 123,
  "subject": "Disk space low on C:",
  "message": "C: drive has less than 10% free space",
  "severity": "CRITICAL",
  "status": "OPEN",
  "createTime": "2024-01-26T14:00:00Z"
}

{
  "id": 456,
  "name": "Acme Corporation",
  "description": "Main office and 3 satellite locations",
  "nodeApprovalMode": "AUTOMATIC",
  "created": "2023-06-01T00:00:00Z"
}

1. Under NinjaOne source, click "+" → "New Filter"
2. Name: Offline Devices
3. Select Endpoint: Devices
4. Add Condition:
   • Field: offline
   • Type: Boolean (or use raw field)
   • Operator: is true (or equals)
   • Value: true
5. Logic: Match ALL conditions (AND)
6. Save

1. Create new filter
2. Name: Critical Alerts - 24h
3. Select Endpoint: Alerts
4. Add Conditions:
   • Field: severity
   • Operator: equals
   • Value: CRITICAL
   • AND
   • Field: createTime
   • Operator: in last
   • Value: 24 hours
5. Logic: Match ALL (AND)
6. Save

1. Create new filter
2. Name: Windows Workstations
3. Select Endpoint: Devices
4. Add Conditions:
   • Field: nodeClass
   • Operator: contains
   • Value: WINDOWS_WORKSTATION
5. Save

1. Create new filter
2. Name: Stale Devices (7+ days)
3. Select Endpoint: Devices
4. Add Condition:
   • Field: lastContact
   • Operator: not in last
   • Value: 7 days
5. Save

1. Create new filter
2. Name: [Client Name] Devices
3. Select Endpoint: Devices
4. Add Condition:
   • Field: organizationId
   • Operator: equals
   • Value: [Organization ID number] (get from Organizations endpoint)
5. Save

Pro Tip: Create one filter per VIP client for quick access.

1. Create new filter
2. Name: Low Disk Space (<10%)
3. Select Endpoint: Devices
4. Add Condition:
   • Field: disks[0].freeSpacePercent (you may need to check raw JSON for exact path)
   • Operator: less than
   • Value: 10
5. Save

Now you can ask intelligent questions about your NinjaOne environment!

Device Status:

• "How many devices are offline right now?"
• "Which clients have offline devices?"
• "Show me all Windows 11 devices"
• "What devices haven't checked in this week?"

Alert Management:

• "What critical alerts do I have?"
• "Show me all disk space alerts"
• "Which device has the most alerts?"
• "Summarize today's alerts by severity"

Organization Overview:

• "How many devices does Acme Corp have?"
• "Which organization has the most devices?"
• "List all my clients and their device counts"

System Analysis:

• "Show me all devices running Windows 10"
• "Which workstations have low memory?"
• "Find laptops vs desktops across all clients"
• "What's the most common OS version?"

Troubleshooting:

• "Why is WORKSTATION-01 offline?"
• "Show me the alert history for server XYZ"
• "Which devices went offline today?"
• "Find devices with critical alerts"

Reporting:

• "Generate a health report for Acme Corp"
• "Summarize my entire MSP fleet"
• "Create a weekly alert summary"
• "Show me device trends across all organizations"

Relationship Queries (Powered by linked data):

• "What organization does this device belong to?"
• "Show me all alerts for Acme Corp devices"
• "Which device triggered this alert?"

NinjaOne API supports various query parameters:

Pagination:

pageSize: 1000        - Results per page
after: 123           - Cursor for next page

Detail Fields (devices-detailed):

df: class,system,os,memory,disks,cpu,network

Available detail categories:

• class - Device classification
• system - System info
• os - Operating system details
• memory - RAM information
• disks - Disk/storage details
• cpu - Processor information
• network - Network adapters
• bios - BIOS/UEFI info
• antivirus - AV status

Alert Filtering:

status: OPEN          - Only open alerts
severity: CRITICAL    - Only critical
lang: en-US          - Language for messages

NinjaOne uses various status representations:

Device Status (offline field):

• offline: false → Device is online → Map to ok
• offline: true → Device is offline → Map to critical
• Important: Enable "Invert Status Boolean" in Weavestream

Alert Severity:

• CRITICAL → critical
• WARNING → warning
• INFO → info

Node Class (Device Types):

• WINDOWS_WORKSTATION
• WINDOWS_SERVER
• MAC
• LINUX_SERVER
• VMWARE_VM_GUEST
• HYPER_V_VM_GUEST
• CLOUD_MONITOR_TARGET
• NMS_DEVICE (network devices)

Weavestream's relationship feature lets AI understand connections between data.

Example: Devices → Organizations

When you link devices to organizations:

• AI can answer: "Which organization owns this device?"
• Can query: "Show me all devices for Acme Corp"
• Enriches device data with org name

Configuration:

• Source Field: organizationId (in Devices)
• Target Endpoint: Organizations
• Target ID Field: id (in Organizations)
• Fields to Include: name, description

Example: Alerts → Devices

When you link alerts to devices:

• AI can answer: "Which device triggered this alert?"
• Can query: "Show me device details for alert XYZ"
• Enriches alerts with device info (OS, memory, etc.)

Configuration:

• Source Field: deviceId (in Alerts)
• Target Endpoint: Devices
• Target ID Field: id (in Devices)
• Fields to Include: systemName, os.name, deviceType

For MSPs managing many clients:

Setup:

• One "Devices" endpoint for all organizations
• Create Smart Filters per organization
• Filter condition: organizationId equals [ORG_ID]

Pros:

• Simple setup
• Easy cross-client queries
• One place for all device data

Cons:

• All devices in one large list
• Can't customize refresh per client

Setup:

• Multiple device endpoints with org-specific paths (if API supports)
• Or use query parameters to filter by org
• Each client gets dedicated endpoint

Pros:

• Clean separation in UI
• Can prioritize VIP clients (faster refresh)
• Better performance for large fleets

Cons:

• More complex setup
• More API calls
• Harder to query across all clients

Recommendation: Start with Approach 1, consider Approach 2 if you have 50+ organizations.

Solution:

1. Verify Authorization URL is https://app.ninjarmm.com/ws/oauth/authorize
2. Check Token URL is https://app.ninjarmm.com/ws/oauth/token
3. Ensure redirect URI in NinjaOne matches: http://localhost:8080/callback
4. Verify "Use Basic Auth" is checked
5. Make sure API app has "monitoring" scope enabled
6. Try revoking and re-authorizing

Solution:

1. Verify you have managed devices in NinjaOne
2. Check API permissions include device read access
3. Try /devices endpoint first (simpler than /devices-detailed)
4. Ensure your NinjaOne user role has device visibility

Solution:

1. OAuth tokens expire - Weavestream should auto-refresh
2. Check refresh token is being stored correctly
3. Try re-authorizing OAuth flow
4. Verify API application is still active in NinjaOne

Solution:

1. Enable "Invert Status Boolean" in device endpoint mapping
2. This converts offline: false to ok status
3. Check raw JSON to verify field name is exactly offline

Solution:

1. Ensure both endpoints (source and target) are syncing successfully
2. Verify relationship source field exists in data (e.g., organizationId)
3. Check target ID field matches (e.g., organization id)
4. Make sure target endpoint is synced before source endpoint

Solution:

1. Increase refresh interval (15 min → 30 min)
2. Remove detail fields (df parameter) to reduce payload
3. Reduce pageSize if hitting timeouts
4. Stagger sync times for multiple endpoints
5. Check NinjaOne API rate limits for your plan

NinjaOne API limits vary by plan:

• Standard: 100-200 requests per minute
• Enterprise: Higher limits

Best practices:

• Don't set refresh below 15 minutes for multiple endpoints
• Use pageSize to balance between API calls and data freshness
• Monitor API usage in NinjaOne dashboard (Administration → API)

• Use "monitoring" scope only (read-only)
• Rotate Client Secret every 90 days
• Create separate API apps for each integration
• Use OAuth Authorization Code flow (not Client Credentials)
• Monitor API access logs regularly
• Store credentials securely (Weavestream uses macOS Keychain)

• Grant "management" scope unless needed for automation
• Share Client Secret with anyone
• Use the same API app for multiple integrations
• Store credentials in plain text
• Leave inactive API apps enabled

Here are more endpoints you can add:

Path: /policies

List all monitoring policies and configurations.

Path: /scripts

Get automation scripts available in your NinjaOne environment.

Path: /jobs

Track script execution jobs and their status.

Path: /ticketing/tickets

Monitor PSA tickets if you have NinjaOne ticketing enabled.

Path: /groups

Device groups for organizing managed endpoints.

Path: /webhooks

List configured webhooks for external integrations.

NinjaOne works great alongside:

Action1:

• Cross-reference devices between RMM platforms
• Compare endpoint coverage
• Validate monitoring completeness

Azure AD / Microsoft 365:

• Match devices to Azure AD joined devices
• Verify domain membership
• Cross-reference with Intune management

PSA Tools (ConnectWise, Autotask):

• Link alerts to tickets
• Track device assignments to clients
• Generate billing reports

Backup Solutions (Veeam, Acronis):

• Verify backup coverage across all devices
• Identify devices missing from backup
• Cross-check backup status with device health

Before you finish, verify:

• ✅ NinjaOne API application created with monitoring scope
• ✅ OAuth authorization completed successfully
• ✅ NinjaOne source added to Weavestream
• ✅ Devices endpoint syncing (with offline status inverted)
• ✅ Organizations endpoint syncing
• ✅ Alerts endpoint syncing
• ✅ Relationships configured (Devices→Orgs, Alerts→Devices)
• ✅ Smart filters created for offline devices, critical alerts
• ✅ Tested AI questions about your NinjaOne environment

You're all set! Monitor your entire MSP fleet with intelligent AI insights. 🚀

Tip 1: Morning Dashboard Ask AI: "Summarize overnight alerts and offline devices"

Tip 2: Client Health Checks Create filters per VIP client with 5-min refresh for real-time status

Tip 3: Trending Analysis Weekly question: "What were the most common alerts this week?"

Tip 4: Proactive Monitoring Set up filters for:

• Devices offline >4 hours
• Critical alerts not resolved in 2 hours
• Devices with >5 warnings

Tip 5: Client Reporting Monthly: "Generate device health summary for [Client Name]"

Tip 6: Cross-Platform Validation If using multiple RMMs: "Compare device counts between NinjaOne and Action1"

Last updated: February 2026 NinjaOne API version: v2