Skip to content

Disallow changing the owner of an API token #20476

New issue
New issue
Closed
Feature
Closed
Disallow changing the owner of an API token#20476
Feature
Assignees
jeremystretch
Labels
breaking changeThis change modifies or removes some previously documented functionalitycomplexity: lowRequires minimal effort to implementstatus: acceptedThis issue has been accepted for implementationtype: featureIntroduction of new functionality to the application
Milestone
v4.5.0
@jeremystretch

Description

@jeremystretch
jeremystretch
opened on Oct 2, 2025

NetBox version

v4.4.2

Feature type

Change to existing functionality

Proposed functionality

Disallow the reassignment of an existing API token to a new user.

Use case

While the reassignment of a token to a new user allows for a change in ownership without replacing tokens on API clients, it also presents a moderate security concern. Prohibiting this would improve security of the NetBox APIs overall.

Database changes

N/A

External dependencies

N/A

Metadata

Metadata

Assignees

Labels

breaking changeThis change modifies or removes some previously documented functionalitycomplexity: lowRequires minimal effort to implementstatus: acceptedThis issue has been accepted for implementationtype: featureIntroduction of new functionality to the application

Type

Feature

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions