# API Access Setup

To interact with the NVIDIA Run:ai platform programmatically, configure API access using application credentials. This section outlines the steps to create an application, generate tokens using the appropriate OAuth2 grant types, and authenticate securely with the platform APIs.

## Authenticate with Admin Credentials

Before registering an application, authenticate using administrator credentials. Use the credentials configured via `global.management.user` and `global.management.password` as detailed in [Install the control plane](https://run-ai-docs.nvidia.com/multi-tenant/2.22/getting-started/installation/install-control-plane).

Send a `POST` request to the `/api/v1/token` endpoint with `grantType: password` to generate a token. See the [Tokens](https://app.gitbook.com/s/spWf7U2YlA9s6BRFBopf/authentication-and-authorization/tokens) API endpoint for more details.

**Example request:**

<pre class="language-bash"><code class="lang-bash">curl -L 'https://console.&#x3C;DOMAIN>/api/v1/token' \ 
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer &#x3C;TOKEN>' \ 
<strong>{
</strong>  "grantType": "password",
  "username": "user@example.com",
  "password": "yourPassword"
}
</code></pre>

**Example response:**

```bash
{
  "accessToken": "<TOKEN>"
}
```

Use the returned `accessToken` as a Bearer token in the Authorization header for subsequent API requests.

## Create an Application

After generating a token using the admin password, use it to register an application. Applications contain a `clientID` and `clientSecret` that are used to authenticate future API requests via the `client_credentials` grant type.

Send a `POST` request to the `/api/v1/apps` endpoint. See the [Applications](https://app.gitbook.com/s/spWf7U2YlA9s6BRFBopf/authentication-and-authorization/applications) API endpoint for more details.

**Example request:**

<pre class="language-bash"><code class="lang-bash"><strong>curl -L 'https://console.&#x3C;DOMAIN>/api/v1/apps' \ 
</strong>-H 'Content-Type: application/json' \
-H 'Authorization: Bearer &#x3C;TOKEN>' \ 
{
  "name": "app-123",
}
</code></pre>

**Example response:**

<pre class="language-bash"><code class="lang-bash">{
<strong>  "id": "0eeaf222-e503-4f35-9d9c-c419816272e3",
</strong>  "name": "app123",
<strong>  "secret": "asdasidjn9d",
</strong>  "clientId": "app123"
}
</code></pre>

## Generate a Token with Client Credentials

Use the `clientId` and `clientSecret` from your application to generate an access token for authenticated API calls using the `client_credentials` grant type.

Send a `POST` request to the `/api/v1/token` endpoint with `grantType: client_credentials`. See the [Tokens](https://app.gitbook.com/s/spWf7U2YlA9s6BRFBopf/authentication-and-authorization/tokens) API endpoint for more details.

**Example request:**

```bash
curl -L 'https://console.<DOMAIN>/api/v1/token' \ 
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <TOKEN>' \ 
{
  "grantType": "client_credentials",
  "clientID": "clientID",
  "clientSecret": "clientSecret"
}
```

**Example response:**

```bash
{
  "accessToken": "string",
  "idToken": "string",
  "refreshToken": "string",
  "externalToken": "string"
}
```

Use the `accessToken` as a Bearer token in the Authorization header for all subsequent API requests

## Create a Local User

Send a `POST` request to the `/api/v1/users` endpoint to create a local user. See the [Users](https://app.gitbook.com/s/spWf7U2YlA9s6BRFBopf/authentication-and-authorization/users) API endpoint for more details.

**Example request:**

```bash
curl -L 'https://console.<DOMAIN>/api/v1/users' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
  "email": "admin@hostorg.com",
  "resetPassword": false
}'
```

**Example response:**

```bash
{
  "id": "1a2b3c4d",
  "email": "admin@hostorg.com",
  "createdAt": "2024-06-01T00:00:00Z"
}
```