# API Access Setup

To interact with the NVIDIA Run:ai platform programmatically, configure API access using application credentials. This section outlines the steps to create an application, generate tokens using the appropriate OAuth2 grant types, and authenticate securely with the platform APIs.

## Authenticate with Admin Credentials

Before registering an application, authenticate using administrator credentials. Use the credentials configured via `global.management.user` and `global.management.password` as detailed in [Install the control plane](/multi-tenant/getting-started/installation/install-control-plane.md).

Send a `POST` request to the `/api/v1/token` endpoint with `grantType: password` to generate a token. See the [Tokens](https://app.gitbook.com/s/LYHZWRVgpD7c9mHAx1Vk/authentication-and-authorization/tokens) API endpoint for more details.

**Example request:**

<pre class="language-bash"><code class="lang-bash">curl -L 'https://console.&#x3C;DOMAIN>/api/v1/token' \ 
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer &#x3C;TOKEN>' \ 
<strong>{
</strong>  "grantType": "password",
  "username": "user@example.com",
  "password": "yourPassword"
}
</code></pre>

**Example response:**

```bash
{
  "accessToken": "<TOKEN>"
}
```

Use the returned `accessToken` as a Bearer token in the Authorization header for subsequent API requests.

## Create a Service Account

After generating a token using the admin password, use it to register a service account. Service accounts contain a `clientID` and `clientSecret` that are used to authenticate future API requests via the `client_credentials` grant type.

Send a `POST` request to the `/api/v1/apps` endpoint. See the [Service accounts](https://app.gitbook.com/s/LYHZWRVgpD7c9mHAx1Vk/authentication-and-authorization/service-accounts) API endpoint for more details.

**Example request:**

<pre class="language-bash"><code class="lang-bash"><strong>curl -L 'https://console.&#x3C;DOMAIN>/api/v1/service-accounts' \ 
</strong>-H 'Content-Type: application/json' \
-H 'Authorization: Bearer &#x3C;TOKEN>' \ 
{
  "name": "serviceaccount-123",
}
</code></pre>

**Example response:**

<pre class="language-bash"><code class="lang-bash">{
<strong>  "id": "0eeaf222-e503-4f35-9d9c-c419816272e3",
</strong>  "name": "app123",
<strong>  "secret": "asdasidjn9d",
</strong>  "clientId": "app123"
}
</code></pre>

## Generate a Token with Client Credentials

Use the `clientId` and `clientSecret` from your application to generate an access token for authenticated API calls using the `client_credentials` grant type.

Send a `POST` request to the `/api/v1/token` endpoint with `grantType: client_credentials`. See the [Tokens](https://app.gitbook.com/s/LYHZWRVgpD7c9mHAx1Vk/authentication-and-authorization/tokens) API endpoint for more details.

**Example request:**

```bash
curl -L 'https://console.<DOMAIN>/api/v1/token' \ 
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <TOKEN>' \ 
{
  "grantType": "client_credentials",
  "clientID": "clientID",
  "clientSecret": "clientSecret"
}
```

**Example response:**

```bash
{
  "accessToken": "string",
  "idToken": "string",
  "refreshToken": "string",
  "externalToken": "string"
}
```

Use the `accessToken` as a Bearer token in the Authorization header for all subsequent API requests

## Create a Local User

Send a `POST` request to the `/api/v1/users` endpoint to create a local user. See the [Users](https://app.gitbook.com/s/LYHZWRVgpD7c9mHAx1Vk/authentication-and-authorization/users) API endpoint for more details.

**Example request:**

```bash
curl -L 'https://console.<DOMAIN>/api/v1/users' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
  "email": "admin@hostorg.com",
  "resetPassword": false
}'
```

**Example response:**

```bash
{
  "id": "1a2b3c4d",
  "email": "admin@hostorg.com",
  "createdAt": "2024-06-01T00:00:00Z"
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://run-ai-docs.nvidia.com/multi-tenant/getting-started/api-access-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.