# Tokens

Use tokens to facilitate authentication to the Run:ai API. The API server must be configured to use the Run:ai identity service to validate authentication tokens.

## Create an application token.

> Use to create application tokens. Select a token using the \`grant\_type\` parameter.

```json
{"openapi":"3.0.3","info":{"title":"Runai API","version":"2.19"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the Run:ai API. \nThe API server must be configured to use the Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"schemas":{"TokenRequest":{"type":"object","properties":{"grantType":{"enum":["app_token","refresh_token","exchange_token","password"]},"appID":{"type":"string"},"appSecret":{"type":"string"},"code":{"type":"string"},"redirectUri":{"type":"string"},"refreshToken":{"type":"string"},"username":{"type":"string"},"password":{"type":"string"},"clientID":{"type":"string"}}},"TokenResponse":{"type":"object","properties":{"accessToken":{"type":"string"},"idToken":{"type":"string"},"refreshToken":{"type":"string"},"externalToken":{"type":"string"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"400BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/api/v1/token":{"post":{"tags":["Tokens"],"summary":"Create an application token.","description":"Use to create application tokens. Select a token using the `grant_type` parameter.","operationId":"grant_token","parameters":[{"in":"header","name":"User-Agent","schema":{"type":"string"},"required":false}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenRequest"}}}},"responses":{"200":{"description":"Executed successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponse"}}}},"400":{"$ref":"#/components/responses/400BadRequest"},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```

## exchange code for token

> Exchanges an authorization code for an access token.\
> The authorization code is retrieved from the authorization server.<br>

```json
{"openapi":"3.0.3","info":{"title":"Runai API","version":"2.19"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the Run:ai API. \nThe API server must be configured to use the Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"parameters":{"redirectUri":{"name":"redirect_uri","in":"query","required":true,"description":"The redirect uri to redirect to after the authorization server completes the authorization flow","schema":{"type":"string"}},"exchangeCode":{"name":"code","in":"query","required":true,"description":"The exchange code retrieved from the idp server","schema":{"type":"string"}}},"schemas":{"TokenResponse":{"type":"object","properties":{"accessToken":{"type":"string"},"idToken":{"type":"string"},"refreshToken":{"type":"string"},"externalToken":{"type":"string"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"400BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/v1/k8s/auth/token/exchange":{"get":{"deprecated":true,"tags":["Tokens"],"summary":"exchange code for token","description":"Exchanges an authorization code for an access token.\nThe authorization code is retrieved from the authorization server.\n","operationId":"exchange_code_for_token","parameters":[{"$ref":"#/components/parameters/redirectUri"},{"$ref":"#/components/parameters/exchangeCode"}],"responses":{"200":{"description":"Executed successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponse"}}}},"400":{"$ref":"#/components/responses/400BadRequest"},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```

## refresh token

> Refreshes an user tokens.\
> The refresh token is retrieved from the authorization server.<br>

```json
{"openapi":"3.0.3","info":{"title":"Runai API","version":"2.19"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the Run:ai API. \nThe API server must be configured to use the Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"parameters":{"refreshToken":{"name":"refresh_token","in":"query","required":true,"description":"The refresh token retrieved from the idp server","schema":{"type":"string"}}},"schemas":{"TokenResponse":{"type":"object","properties":{"accessToken":{"type":"string"},"idToken":{"type":"string"},"refreshToken":{"type":"string"},"externalToken":{"type":"string"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"400BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/v1/k8s/auth/oauth/tokens/refresh":{"post":{"deprecated":true,"tags":["Tokens"],"summary":"refresh token","description":"Refreshes an user tokens.\nThe refresh token is retrieved from the authorization server.\n","operationId":"refresh_token","parameters":[{"$ref":"#/components/parameters/refreshToken"}],"responses":{"200":{"description":"Executed successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponse"}}}},"400":{"$ref":"#/components/responses/400BadRequest"},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```

## get application token

> Retrieve access token for an application.\
> The application token is retrieved from the authorization server.<br>

```json
{"openapi":"3.0.3","info":{"title":"Runai API","version":"2.19"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the Run:ai API. \nThe API server must be configured to use the Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"schemas":{"AppTokenRequest":{"type":"object","required":["id","name","secret"],"properties":{"id":{"type":"string"},"name":{"type":"string"},"secret":{"type":"string"}}},"AppTokenResponse":{"type":"object","required":["access_token","id_token"],"properties":{"access_token":{"type":"string"},"id_token":{"type":"string"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"400BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/v1/k8s/auth/oauth/apptoken":{"post":{"deprecated":true,"tags":["Tokens"],"summary":"get application token","description":"Retrieve access token for an application.\nThe application token is retrieved from the authorization server.\n","operationId":"app_token","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppTokenRequest"}}}},"responses":{"200":{"description":"Executed successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppTokenResponse"}}}},"400":{"$ref":"#/components/responses/400BadRequest"},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://run-ai-docs.nvidia.com/api/2.19/authentication-and-authorization/tokens.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.