Enable field for API tokens #11850

New Issue

Closed

opened 2025-12-29 21:50:40 +01:00 by adam · 8 comments

adam commented 2025-12-29 21:50:40 +01:00

Owner

Copy Link

Originally created by @mr1716 on GitHub (Nov 19, 2025).

Originally assigned to: @pheus on GitHub.

NetBox version

v4.4.6

Feature type

New functionality

Proposed functionality

Have a button that users would be able to click which would enable and disable API Tokens.

At the time that the users create and edit the individual API Tokens, there would either be an Enable checkbox that checked means enabled this unchecked means disabled or a status drop-down that users can change.

Use case

If an API Token needs to be disabled or re-enabled, the only way to do that would be to change the Expiration Date or restrict the IPs. It’s less than ideal to be changing those values to simply enable or disable the tokens.

Database changes

A new field as either Status of either Enabled or Disabled or enabled: True for the API to do the comparison when authentication and use of an API Token is done. The idea being that if Enabled is set to True or Status is set to enabled, it would allow authentication. And this value would be able to be set by administrators at time of creation as well as part of normal work. Moreover, the value could be set to False or disabled when the Expiration Date passes.

External dependencies

Unsure.

Sorry if this is not useful, just thought it may be something that may help users with administering the tool

Originally created by @mr1716 on GitHub (Nov 19, 2025). Originally assigned to: @pheus on GitHub. ### NetBox version v4.4.6 ### Feature type New functionality ### Proposed functionality Have a button that users would be able to click which would enable and disable API Tokens. At the time that the users create and edit the individual API Tokens, there would either be an Enable checkbox that checked means enabled this unchecked means disabled or a status drop-down that users can change. ### Use case If an API Token needs to be disabled or re-enabled, the only way to do that would be to change the Expiration Date or restrict the IPs. It’s less than ideal to be changing those values to simply enable or disable the tokens. ### Database changes A new field as either Status of either Enabled or Disabled or enabled: True for the API to do the comparison when authentication and use of an API Token is done. The idea being that if Enabled is set to True or Status is set to enabled, it would allow authentication. And this value would be able to be set by administrators at time of creation as well as part of normal work. Moreover, the value could be set to False or disabled when the Expiration Date passes. ### External dependencies Unsure. Sorry if this is not useful, just thought it may be something that may help users with administering the tool

adam added the status: acceptedtype: featurenetboxcomplexity: low labels 2025-12-29 21:50:40 +01:00

adam closed this issue 2025-12-29 21:50:40 +01:00

adam commented 2025-12-29 21:50:40 +01:00

Author

Owner

Copy Link

@jnovinger commented on GitHub (Nov 19, 2025):

I think this is potentially useful, but as it stands, the FR doesn't seem to have enough detail to be actionable. If we need to persist a user's choice to enable/disable an API token, then database changes are definitely required. Similarly, this FR glosses over the expected behaviors (both in the Token edit view and in the API auth boundary) and the necessary changes to the related auth mechanism (and potentially other areas).

Per our contributing guide, a feature request must include a thorough description of the proposed functionality, including any database changes, new views or API endpoints, and so on. It must also include a detailed use case justifying its implementation. If you would like to elaborate on your proposal, please modify your post above. If sufficient detail is not added, this issue will be closed.

@jnovinger commented on GitHub (Nov 19, 2025): I think this is potentially useful, but as it stands, the FR doesn't seem to have enough detail to be actionable. If we need to persist a user's choice to enable/disable an API token, then database changes are definitely required. Similarly, this FR glosses over the expected behaviors (both in the Token edit view and in the API auth boundary) and the necessary changes to the related auth mechanism (and potentially other areas). Per our [contributing guide](https://github.com/netbox-community/netbox/blob/main/CONTRIBUTING.md), a feature request must include a thorough description of the proposed functionality, including any database changes, new views or API endpoints, and so on. It must also include a detailed use case justifying its implementation. If you would like to elaborate on your proposal, please modify your post above. If sufficient detail is not added, this issue will be closed.

adam commented 2025-12-29 21:50:41 +01:00

Author

Owner

Copy Link

@mr1716 commented on GitHub (Nov 19, 2025):

@jnovinger just made some changes and will make some additional changes later. May have missed a few things, but will edit later

@mr1716 commented on GitHub (Nov 19, 2025): @jnovinger just made some changes and will make some additional changes later. May have missed a few things, but will edit later

adam commented 2025-12-29 21:50:41 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Nov 20, 2025):

It sounds like what you want is to add an "enabled" boolean field on the Token model, as a control over whether the token can be used. This would present in the UI as a checkbox under the individual and bulk edit forms, rather than a button elsewhere. Does that capture your use case?

@jeremystretch commented on GitHub (Nov 20, 2025): It sounds like what you want is to add an "enabled" boolean field on the Token model, as a control over whether the token can be used. This would present in the UI as a checkbox under the individual and bulk edit forms, rather than a button elsewhere. Does that capture your use case?

adam commented 2025-12-29 21:50:41 +01:00

Author

Owner

Copy Link

@mr1716 commented on GitHub (Nov 20, 2025):

@jeremystretch, the idea is to have a way to ensure that there’s an easy way to enable and disable API Tokens. And the way Im proposing is the method you’re describing since I think there are other Netbox features that behave the same way in terms of enabling via the UI

@mr1716 commented on GitHub (Nov 20, 2025): @jeremystretch, the idea is to have a way to ensure that there’s an easy way to enable and disable API Tokens. And the way Im proposing is the method you’re describing since I think there are other Netbox features that behave the same way in terms of enabling via the UI

adam commented 2025-12-29 21:50:42 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Nov 20, 2025):

Opening this for v4.5. (Please submit any PRs to the feature branch.) Also, the default value for the enabled field should be true.

@jeremystretch commented on GitHub (Nov 20, 2025): Opening this for v4.5. (Please submit any PRs to the `feature` branch.) Also, the default value for the `enabled` field should be true.

adam commented 2025-12-29 21:50:42 +01:00

Author

Owner

Copy Link

@mr1716 commented on GitHub (Nov 20, 2025):

@jeremystretch thanks. May not have capacity for this at this time as Im busy

@mr1716 commented on GitHub (Nov 20, 2025): @jeremystretch thanks. May not have capacity for this at this time as Im busy

adam commented 2025-12-29 21:50:42 +01:00

Author

Owner

Copy Link

@pheus commented on GitHub (Nov 21, 2025):

I’d be happy to work on this enhancement. Could you please assign the issue to me? Thank you!

Note: I’m planning to wait for main to be merged into feature so I can pick up the changes from #20823 and help reduce potential merge conflicts.

@pheus commented on GitHub (Nov 21, 2025): I’d be happy to work on this enhancement. Could you please assign the issue to me? Thank you! _Note_: I’m planning to wait for `main` to be merged into `feature` so I can pick up the changes from #20823 and help reduce potential merge conflicts.

adam commented 2025-12-29 21:50:42 +01:00

Author

Owner

Copy Link

@mr1716 commented on GitHub (Nov 22, 2025):

Just realized that this does have security benefits as well. Not that it fixes a security vulnerability, but does benefit security around token administration

@mr1716 commented on GitHub (Nov 22, 2025): Just realized that this does have security benefits as well. Not that it fixes a security vulnerability, but does benefit security around token administration

adam referenced this issue 2025-12-29 23:21:17 +01:00

[PR #11954] [MERGED] Fixes #11850 - Fix loading of CSV files with BOM #13873

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

21050-device-oob-ip-may-become-orphaned

21102-fix-graphiql-explorer

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label complexity: low netbox status: accepted type: feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#11850