NVIDIA Run:ai

Tokens

Use tokens to facilitate authentication to the NVIDIA Run:ai API. The API server must be configured to use the NVIDIA Run:ai identity service to validate authentication tokens.

Create an access token v1

Create tokens using the grant_type parameter.

SecuritybearerAuth
Request
Request Body schema: application/json
grantType
any (TokenRequestGrantTypeEnum)
Enum: "app_token" "client_credentials" "refresh_token" "exchange_token" "password" "external_token_exchange"
appID
string <= 255 characters
Deprecated
appSecret
string <= 500 characters
Deprecated
code
string <= 2048 characters
redirectUri
string <= 2048 characters
refreshToken
string <= 4096 characters
username
string <= 255 characters
password
string <= 255 characters
clientID
string <= 255 characters
clientSecret
string <= 500 characters
externalToken
string <= 4096 characters
Responses
200

Executed successfully.

400

Bad request.

500

unexpected error

503

unexpected error

post/api/v1/token
Request samples
application/json

Obtain the clientID and the clientSecret using service accounts or access keys endpoints

{
  • "grantType": "client_credentials",
  • "clientID": "clientID",
  • "clientSecret": "clientSecret"
}
Response samples
application/json
{
  • "accessToken": "string",
  • "idToken": "string",
  • "refreshToken": "string",
  • "expiresIn": 0
}

Create an access token v2

Use this endpoint to obtain an access token. Compliant with standard OAuth2 protocol and supports the common OAuth2 grant types.

SecuritybearerAuth
Request
Request Body schema: application/x-www-form-urlencoded
required
grant_type
required
string

The OAuth2 grant type that determines how the token will be issued.

Enum: "authorization_code" "client_credentials" "password" "refresh_token"
client_id
string

OAuth2 client identifier

client_secret
string <password>

OAuth2 client secret

username
string

Resource owner username (for password grant)

password
string <password>

The password of the resource owner. Required only when using the password grant type.

refresh_token
string

The refresh token used to obtain a new access token. Required only when using the refresh_token grant type.

code
string

Authorization code issued by the authorization server. Used in the authorization_code grant to exchange the code for an access token.

redirect_uri
string

The redirect URI used during the authorization request. Required for the authorization_code grant to validate the redirect destination.

Responses
200

Successfully issued token

400

Invalid request

401

Client authentication failed

500

unexpected error

503

unexpected error

post/api/v2/token
Request samples
application/x-www-form-urlencoded
grant_type=authorization_code&code=authorization_code_value&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&client_id=my-client-id
Response samples
application/json
{
  • "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  • "token_type": "Bearer",
  • "expires_in": 3600,
  • "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  • "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
}

get application tokenDeprecated

Retrieve access token for an application. The application token is retrieved from the authorization server. This endpoint is deprecated. Use /api/v1/token with the grantType parameter set to app_token instead, with AppID and appSecret set accordingly to get an application token

SecuritybearerAuth
Request
Request Body schema: application/json
id
required
string <= 64 characters
name
required
string <= 255 characters
secret
required
string <= 500 characters
Responses
200

Executed successfully.

400

Bad request.

500

unexpected error

503

unexpected error

post/v1/k8s/auth/oauth/apptoken
Request samples
application/json
{
  • "id": "string",
  • "name": "string",
  • "secret": "string"
}
Response samples
application/json
{
  • "access_token": "string",
  • "id_token": "string"
}
➔ Next to Users