# Tokens

Use tokens to facilitate authentication to the NVIDIA Run:ai API. The API server must be configured to use the NVIDIA Run:ai identity service to validate authentication tokens.

## Create an access token v1

> Create tokens using the \`grant\_type\` parameter.\
> This endpoint is deprecated. Use \`/api/v2/token\` instead.<br>

```json
{"openapi":"3.0.3","info":{"title":"NVIDIA Run:ai","version":"latest"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the NVIDIA Run:ai API. \nThe API server must be configured to use the NVIDIA Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"schemas":{"TokenRequest":{"type":"object","properties":{"grantType":{"$ref":"#/components/schemas/TokenRequestGrantTypeEnum"},"appID":{"deprecated":true,"type":"string","maxLength":255},"appSecret":{"deprecated":true,"type":"string","maxLength":500},"code":{"type":"string","maxLength":2048},"redirectUri":{"type":"string","maxLength":2048},"refreshToken":{"type":"string","maxLength":4096},"username":{"type":"string","maxLength":255},"password":{"type":"string","maxLength":255},"clientID":{"type":"string","maxLength":255},"clientSecret":{"type":"string","maxLength":500},"externalToken":{"type":"string","maxLength":4096}}},"TokenRequestGrantTypeEnum":{"enum":["app_token","client_credentials","refresh_token","exchange_token","password","external_token_exchange"]},"TokenResponse":{"type":"object","properties":{"accessToken":{"type":"string"},"idToken":{"type":"string"},"refreshToken":{"type":"string"},"expiresIn":{"type":"integer","description":"Token lifetime in seconds"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"400BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/api/v1/token":{"post":{"tags":["Tokens"],"summary":"Create an access token v1","deprecated":true,"description":"Create tokens using the `grant_type` parameter.\nThis endpoint is deprecated. Use `/api/v2/token` instead.\n","operationId":"grant_token","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenRequest"}}}},"responses":{"200":{"description":"Executed successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponse"}}}},"400":{"$ref":"#/components/responses/400BadRequest"},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```

## Create an access token v2

> Use this endpoint to obtain an access token. Compliant with standard OAuth2 protocol and supports the common OAuth2 grant types.<br>

```json
{"openapi":"3.0.3","info":{"title":"NVIDIA Run:ai","version":"latest"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the NVIDIA Run:ai API. \nThe API server must be configured to use the NVIDIA Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"schemas":{"OAuth2TokenResponse":{"type":"object","required":["access_token","token_type"],"properties":{"access_token":{"type":"string","description":"The access token issued by the authorization server"},"token_type":{"type":"string","description":"The type of the token issued (typically \"Bearer\")"},"expires_in":{"type":"integer","description":"The lifetime in seconds of the access token"},"refresh_token":{"type":"string","description":"The refresh token, which can be used to obtain new access tokens"},"id_token":{"type":"string","description":"ID Token value associated with the authenticated session (OpenID Connect)"},"scope":{"type":"string","description":"The scope of the access token"}}},"OAuth2Error":{"type":"object","description":"OAuth 2.0 error response (RFC 6749 Section 5.2)","required":["error"],"properties":{"error":{"type":"string","description":"A single ASCII error code","enum":["invalid_request","invalid_client","invalid_grant","unauthorized_client","unsupported_grant_type","invalid_scope","server_error","temporarily_unavailable"]},"error_description":{"type":"string","description":"Human-readable ASCII text providing additional information"},"error_uri":{"type":"string","description":"URI identifying a human-readable web page with information about the error"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/api/v2/token":{"post":{"tags":["Tokens"],"summary":"Create an access token v2","description":"Use this endpoint to obtain an access token. Compliant with standard OAuth2 protocol and supports the common OAuth2 grant types.\n","operationId":"grant_token_v2","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","required":["grant_type"],"properties":{"grant_type":{"type":"string","description":"The OAuth2 grant type. Determines the authentication flow and which parameters are required:\n\n`client_credentials` - Authenticate as a service account or user access key using clientId and clientSecret.\n\n`password` - Authenticate as a local user using username and password.\n\n`external_token_exchange` - Authenticate as a service account or user using a token issued by the configured identity provider (IdP) for a Run:ai token. Requires externalToken.\n","enum":["client_credentials","password","external_token_exchange"]},"client_id":{"type":"string","description":"The client identifier for a service account or user access key. Required when using the client_credentials grant type. Must be used together with clientSecret."},"client_secret":{"type":"string","description":"The client secret corresponding to the clientId. Required when using the client_credentials grant type. Must be used together with clientId.","format":"password"},"username":{"type":"string","description":"The username of a local user account. Required when using the password grant type. Must be used together with password."},"password":{"type":"string","description":"The password for the specified username. Required when using the password grant type. Must be used together with username.","format":"password"},"external_token":{"type":"string","description":"A valid token issued by the identity provider (IdP) that is configured in NVIDIA Run:ai. Required when using the external_token_exchange grant type."}}}}}},"responses":{"200":{"description":"Successfully issued token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2TokenResponse"}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2Error"}}}},"401":{"description":"Client authentication failed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2Error"}}}},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```

## get application token

> Retrieve access token for an application.\
> The application token is retrieved from the authorization server.\
> This endpoint is deprecated.  Use /api/v1/token with the grantType parameter set to app\_token instead, with AppID and appSecret set accordingly to get an application token<br>

```json
{"openapi":"3.0.3","info":{"title":"NVIDIA Run:ai","version":"latest"},"tags":[{"name":"Tokens","description":"Use tokens to facilitate authentication to the NVIDIA Run:ai API. \nThe API server must be configured to use the NVIDIA Run:ai identity \nservice to validate authentication tokens.\n"}],"servers":[{"url":"https://app.run.ai"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer authentication"}},"schemas":{"AppTokenRequest":{"type":"object","required":["id","name","secret"],"properties":{"id":{"type":"string","maxLength":64},"name":{"type":"string","maxLength":255},"secret":{"type":"string","maxLength":500}}},"AppTokenResponse":{"type":"object","required":["access_token","id_token"],"properties":{"access_token":{"type":"string"},"id_token":{"type":"string"}}},"Error":{"required":["code","message"],"properties":{"code":{"type":"integer","minimum":100,"maximum":599},"message":{"type":"string"},"details":{"type":"string"}}}},"responses":{"400BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500InternalServerError":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"503ServiceUnavailable":{"description":"unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/v1/k8s/auth/oauth/apptoken":{"post":{"deprecated":true,"tags":["Tokens"],"summary":"get application token","description":"Retrieve access token for an application.\nThe application token is retrieved from the authorization server.\nThis endpoint is deprecated.  Use /api/v1/token with the grantType parameter set to app_token instead, with AppID and appSecret set accordingly to get an application token\n","operationId":"app_token","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppTokenRequest"}}}},"responses":{"200":{"description":"Executed successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppTokenResponse"}}}},"400":{"$ref":"#/components/responses/400BadRequest"},"500":{"$ref":"#/components/responses/500InternalServerError"},"503":{"$ref":"#/components/responses/503ServiceUnavailable"}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://run-ai-docs.nvidia.com/api/authentication-and-authorization/tokens.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.