# How to Authenticate to the API

The following document explains how to authenticate with NVIDIA Run:ai APIs.

NVIDIA Run:ai APIs are accessed using *bearer tokens*. A token can be obtained in several ways:

* When logging into the NVIDIA Run:ai user interface, you enter an email and password (or authenticated via single sign-on) which are used to obtain a token.
* When using the NVIDIA Run:ai command-line, you use a Kubernetes profile and are authenticated by pre-running `runai login` (or oc login with OpenShift). The command attaches a token to the profile and allows you access to NVIDIA Run:ai functionality.
* When using NVIDIA Run:ai APIs, you need to create an **Application** through the NVIDIA Run:ai user interface. The Application is created with specific roles and contains a *secret*. Using the secret you can obtain a token and use it within subsequent API calls.

## Create a Client Application <a href="#create-a-client-application" id="create-a-client-application"></a>

* Open the NVIDIA Run:ai User Interface.
* Go to `Settings & Tools`, `Application` and create a new Application.
* Copy the `<APPLICATION>` and `<SECRET KEY>` to be used below

## Access Rules for the Application <a href="#access-rules-for-the-application" id="access-rules-for-the-application"></a>

For you API requests to be accepted, you will need to set access rules for the application. To assign roles to an application, see [Create or Delete rules](https://docs.run.ai/v2.19/admin/authentication/accessrules/).

Use the [Roles](https://docs.run.ai/v2.19/admin/authentication/roles/#roles-in-runai) table to assign the correct roles to the application.

## Request an API Tken

Use the client credentials created to get a temporary token to access NVIDIA Run:ai as follows.

### Example Command to Get an API Token

Replace `<COMPANY-URL>` below with:

* For SaaS installations, use `<tenant-name>.run.ai`
* For self-hosted use the NVIDIA Run:ai user interface URL.

{% tabs %}
{% tab title="cURL" %}

```bash
    curl  -X POST \
      'https://<COMPANY-URL>/api/v1/token' \
      --header 'Accept: */*' \
      --header 'Content-Type: application/json' \
      --data-raw '{
      "grantType":"app_token",
      "AppId":"<APPLICATION NAME>",
      "AppSecret" : "<SECRET KEY>"
    }'
```

{% endtab %}

{% tab title="Python" %}

```python
import requests
    import json
    reqUrl = "https://cp-590d-run-13764-kc-upgrade.runailabs.com/api/v1/token"
    headersList = {
     "Accept": "*/*",
     "Content-Type": "application/json"
    }
    payload = json.dumps({
      "grantType":"app_token",
      "AppId":"<APPLICATION NAME>",
      "AppSecret" : "<SECRET KEY>"
    })
    response = requests.request("POST", reqUrl, data=payload,  headers=headersList)
    print(response.text)
```

{% endtab %}
{% endtabs %}

### Response

The API response will look as follows:

```json
{
  "accessToken": "<TOKEN>", 
}
```

To call NVIDIA Run:ai REST APIs, the application must pass the retrieved `accessToken` as a *Bearer token* in the Authorization header of your HTTP request.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://run-ai-docs.nvidia.com/api/2.19/getting-started/how-to-authenticate-to-the-api.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.