# Tokens

Use tokens to facilitate authentication to the NVIDIA Run:ai API. The API server must be configured to use the NVIDIA Run:ai identity service to validate authentication tokens.

## Create an access token v1

> Create tokens using the \`grant\_type\` parameter.

```json
{"openapi":"3.0.3","info":{"title":"NVIDIA Run:ai","version":"2.24"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the NVIDIA Run:ai API. \nThe API server must be configured to use the NVIDIA Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"schemas":{"TokenRequest":{"type":"object","properties":{"grantType":{"$ref":"#/components/schemas/TokenRequestGrantTypeEnum"},"appID":{"deprecated":true,"type":"string","maxLength":255},"appSecret":{"deprecated":true,"type":"string","maxLength":500},"code":{"type":"string","maxLength":2048},"redirectUri":{"type":"string","maxLength":2048},"refreshToken":{"type":"string","maxLength":4096},"username":{"type":"string","maxLength":255},"password":{"type":"string","maxLength":255},"clientID":{"type":"string","maxLength":255},"clientSecret":{"type":"string","maxLength":500},"externalToken":{"type":"string","maxLength":4096}}},"TokenRequestGrantTypeEnum":{"enum":["app_token","client_credentials","refresh_token","exchange_token","password","external_token_exchange"]},"TokenResponse":{"type":"object","properties":{"accessToken":{"type":"string"},"idToken":{"type":"string"},"refreshToken":{"type":"string"},"expiresIn":{"type":"integer","description":"Token lifetime in seconds"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"400BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/api/v1/token":{"post":{"tags":["Tokens"],"summary":"Create an access token v1","description":"Create tokens using the `grant_type` parameter.","operationId":"grant_token","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenRequest"}}}},"responses":{"200":{"description":"Executed successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponse"}}}},"400":{"$ref":"#/components/responses/400BadRequest"},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```

## Create an access token v2

> Use this endpoint to obtain an access token. Compliant with standard OAuth2 protocol and supports the common OAuth2 grant types.<br>

```json
{"openapi":"3.0.3","info":{"title":"NVIDIA Run:ai","version":"2.24"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the NVIDIA Run:ai API. \nThe API server must be configured to use the NVIDIA Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"schemas":{"OAuth2TokenResponse":{"type":"object","required":["access_token","token_type"],"properties":{"access_token":{"type":"string","description":"The access token issued by the authorization server"},"token_type":{"type":"string","description":"The type of the token issued (typically \"Bearer\")"},"expires_in":{"type":"integer","description":"The lifetime in seconds of the access token"},"refresh_token":{"type":"string","description":"The refresh token, which can be used to obtain new access tokens"},"id_token":{"type":"string","description":"ID Token value associated with the authenticated session (OpenID Connect)"},"scope":{"type":"string","description":"The scope of the access token"}}},"OAuth2Error":{"type":"object","description":"OAuth 2.0 error response (RFC 6749 Section 5.2)","required":["error"],"properties":{"error":{"type":"string","description":"A single ASCII error code","enum":["invalid_request","invalid_client","invalid_grant","unauthorized_client","unsupported_grant_type","invalid_scope","server_error","temporarily_unavailable"]},"error_description":{"type":"string","description":"Human-readable ASCII text providing additional information"},"error_uri":{"type":"string","description":"URI identifying a human-readable web page with information about the error"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/api/v2/token":{"post":{"tags":["Tokens"],"summary":"Create an access token v2","description":"Use this endpoint to obtain an access token. Compliant with standard OAuth2 protocol and supports the common OAuth2 grant types.\n","operationId":"grant_token_v2","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","required":["grant_type"],"properties":{"grant_type":{"type":"string","description":"The OAuth2 grant type that determines how the token will be issued.","enum":["authorization_code","client_credentials","password","refresh_token"]},"client_id":{"type":"string","description":"OAuth2 client identifier"},"client_secret":{"type":"string","description":"OAuth2 client secret","format":"password"},"username":{"type":"string","description":"Resource owner username (for password grant)"},"password":{"type":"string","description":"The password of the resource owner. Required only when using the password grant type.","format":"password"},"refresh_token":{"type":"string","description":"The refresh token used to obtain a new access token. Required only when using the refresh_token grant type."},"code":{"type":"string","description":"Authorization code issued by the authorization server. Used in the authorization_code grant to exchange the code for an access token."},"redirect_uri":{"type":"string","description":"The redirect URI used during the authorization request. Required for the authorization_code grant to validate the redirect destination."}}}}}},"responses":{"200":{"description":"Successfully issued token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2TokenResponse"}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2Error"}}}},"401":{"description":"Client authentication failed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2Error"}}}},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```

## get application token

> Retrieve access token for an application.\
> The application token is retrieved from the authorization server.\
> This endpoint is deprecated.  Use /api/v1/token with the grantType parameter set to app\_token instead, with AppID and appSecret set accordingly to get an application token<br>

```json
{"openapi":"3.0.3","info":{"title":"NVIDIA Run:ai","version":"2.24"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the NVIDIA Run:ai API. \nThe API server must be configured to use the NVIDIA Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"schemas":{"AppTokenRequest":{"type":"object","required":["id","name","secret"],"properties":{"id":{"type":"string","maxLength":64},"name":{"type":"string","maxLength":255},"secret":{"type":"string","maxLength":500}}},"AppTokenResponse":{"type":"object","required":["access_token","id_token"],"properties":{"access_token":{"type":"string"},"id_token":{"type":"string"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"400BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/v1/k8s/auth/oauth/apptoken":{"post":{"deprecated":true,"tags":["Tokens"],"summary":"get application token","description":"Retrieve access token for an application.\nThe application token is retrieved from the authorization server.\nThis endpoint is deprecated.  Use /api/v1/token with the grantType parameter set to app_token instead, with AppID and appSecret set accordingly to get an application token\n","operationId":"app_token","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppTokenRequest"}}}},"responses":{"200":{"description":"Executed successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppTokenResponse"}}}},"400":{"$ref":"#/components/responses/400BadRequest"},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```