// Manage and troubleshoot API tokens and authentication-related secrets. Use this when you need to find, rotate, verify, or debug authentication issues (401/403) in NetAlertX.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | netalertx-authentication-tokens |
| description | Manage and troubleshoot API tokens and authentication-related secrets. Use this when you need to find, rotate, verify, or debug authentication issues (401/403) in NetAlertX. |
Explain how to locate, validate, rotate, and troubleshoot API tokens and related authentication settings used by NetAlertX.
ps/systemd checks).API_TOKEN setting can be read with Python (see below)./tmp/log/app.log, nginx logs) before changing secrets.Always use Python helpers to read secrets to avoid accidental exposure in shells or logs:
from helper import get_setting_value
token = get_setting_value("API_TOKEN")
If you must inspect from a running container (read-only), use:
docker exec <CONTAINER_ID> python3 -c "from helper import get_setting_value; print(get_setting_value('API_TOKEN'))"
You can also check the runtime config file:
docker exec <CONTAINER_ID> grep API_TOKEN /data/config/app.conf
API_TOKEN field — this updates the value safely and immediately./data/config/app.conf and restart the backend if required (use the existing devcontainer service tasks).get_setting_value('API_TOKEN') and update any clients or sync nodes to use the new token.get_setting_value('API_TOKEN') returns a non-empty value.Authorization: Bearer <API_TOKEN>./tmp/log/app.log and plugin logs (e.g., sync plugin) for "Incorrect API Token" messages.app.conf and re-verify.get_setting_value() in tests and scripts — do not hardcode secrets.testing-workflow — how to use API_TOKEN in testssettings-management — where settings live and how they are manageddocs/API.md, docs/API_OLD.md, docs/API_SSE.mdLast updated: 2026-01-23