Principal is a collective term for user accounts and service accounts. Both entities can be uniquely identified, authenticated, and authorized in CDF. Principals are unique within an organization and, therefore, also within a project in the organization. Principals can access data and create and run processes (transformations, Functions) in a CDF project.
- A user account is associated with a person who wants to interact with CDF. Each user account has a user profile containing a unique user ID.
- A service account is associated with an application or process that interacts with CDF, such as an extractor or Cognite Functions, rather than a person.
Authentication for this API
Direct requests to the Principals API to auth.cognite.com, similar to organizations.
The Principals API accepts only OAuth tokens issued by https://auth.cognite.com (such as those issued when logging into Fusion).
You can also obtain a token by initiating a login flow against the authorization server directly. See the “Authorizations” sections for more information.
User accounts
The Principals API lets you query user accounts in an organization and retrieve profiles. Last modified on April 23, 2026
