netalertx/netalertx-authentication-tokens
.github/skills/authentication/SKILL.md
Manage and troubleshoot API tokens and authentication-related secrets. Use this when you need to find, rotate, verify, or debug authentication issues (401/403) in NetAlertX.
$ install --global
skillsauthnpx skillsauth add netalertx/netalertx netalertx-authentication-tokensInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 9, 2026, 2:41 AM6.2s1 file scanned
SKILL.md
- name:
- netalertx-authentication-tokens
- description:
- Manage and troubleshoot API tokens and authentication-related secrets. Use this when you need to find, rotate, verify, or debug authentication issues (401/403) in NetAlertX.
Authentication
Purpose ✅
Explain how to locate, validate, rotate, and troubleshoot API tokens and related authentication settings used by NetAlertX.
Pre-Flight Check (MANDATORY) ⚠️
- Ensure the backend is running (use devcontainer services or
ps/systemd checks). - Verify the
API_TOKENsetting can be read with Python (see below). - If a token-related error occurs, gather logs (
/tmp/log/app.log, nginx logs) before changing secrets.
Retrieve the API token (Python — preferred) 🐍
Always use Python helpers to read secrets to avoid accidental exposure in shells or logs:
from helper import get_setting_value
token = get_setting_value("API_TOKEN")
If you must inspect from a running container (read-only), use:
docker exec <CONTAINER_ID> python3 -c "from helper import get_setting_value; print(get_setting_value('API_TOKEN'))"
You can also check the runtime config file:
docker exec <CONTAINER_ID> grep API_TOKEN /data/config/app.conf
Rotate / Generate a new token 🔁
- Preferred: Use the web UI (Settings / System) and click Generate for the
API_TOKENfield — this updates the value safely and immediately. - Manual: Edit
/data/config/app.confand restart the backend if required (use the existing devcontainer service tasks). - After rotation: verify the value with
get_setting_value('API_TOKEN')and update any clients or sync nodes to use the new token.
Troubleshooting 401 / 403 Errors 🔍
- Confirm backend is running and reachable.
- Confirm
get_setting_value('API_TOKEN')returns a non-empty value. - Ensure client requests send the header exactly:
Authorization: Bearer <API_TOKEN>. - Check
/tmp/log/app.logand plugin logs (e.g., sync plugin) for "Incorrect API Token" messages. - If using multiple nodes, ensure the token matches across nodes for sync operations.
- If token appears missing or incorrect, rotate via UI or update
app.confand re-verify.
Best Practices & Security 🔐
- Never commit tokens to source control or paste them in public issues. Redact tokens when sharing logs.
- Rotate tokens when a secret leak is suspected or per your security policy.
- Use
get_setting_value()in tests and scripts — do not hardcode secrets.
Related Skills & Docs 📚
testing-workflow— how to useAPI_TOKENin testssettings-management— where settings live and how they are managed- Docs:
docs/API.md,docs/API_OLD.md,docs/API_SSE.md
Last updated: 2026-01-23
Related Skills
netalertx/netalertx-settings-management
tools
VerifiedTrustedCommunity
Manage NetAlertX configuration settings. Use this when asked to add setting, read config, get_setting_value, ccd, or configure options.
5,989SKILL.mdUpdated Apr 9, 2026
netalertx/netalertx-sample-data
development
VerifiedTrustedCommunity
Load synthetic device data into the devcontainer. Use this when asked to load sample devices, seed data, import test devices, populate database, or generate test data.
5,989SKILL.mdUpdated Apr 9, 2026
netalertx/netalertx-plugin-run-development
tools
VerifiedTrustedCommunity
Create and run NetAlertX plugins. Use this when asked to create plugin, run plugin, test plugin, plugin development, or execute plugin script.
5,989SKILL.mdUpdated Apr 9, 2026
netalertx/netalertx-docker-prune
devops
VerifiedTrustedCommunity
Clean up unused Docker resources. Use this when asked to prune docker, clean docker, remove unused images, free disk space, or docker cleanup. DANGEROUS operation. Requires human confirmation.
5,989SKILL.mdUpdated Apr 9, 2026