Skip to main content
Identity and access management (IAM) APIs control who can access CDF and what they can do. Use these APIs to manage principals (users and service accounts), define groups and capabilities, apply security categories for fine-grained access, create long-lived sessions for background workloads, and inspect tokens for debugging.

APIs in this group

  • Principals — User accounts and service accounts that can authenticate and access CDF
  • Groups — Grant principals capabilities and manage membership
  • Security categories — Fine-grained access control for time series and files
  • Sessions — Long-lived access for Transformations, Functions, and other background workloads
  • Token — Inspect tokens to see projects, groups, and capabilities
  • User profiles — User profile information from the identity provider (deprecated)
Last modified on April 23, 2026