Access tokens issued by an identity provider (IdP), such as Microsoft Entra ID or Google, are used to authenticate and authorize requests to CDF resources. Tokens are standard OAuth 2.0 / OIDC JSON Web Tokens (JWTs) and are sent with every API request in theDocumentation Index
Fetch the complete documentation index at: https://docs.cognite.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorization: Bearer <token> header.
CDF does not create or manage tokens. Your IdP handles token issuance through standard OAuth flows such as authorization code, client credentials, or implicit grant.
Token inspection
The Token API provides a single operation: inspect. Use the inspect endpoint to see what CDF access a token grants, including the projects, groups, and capabilities associated with it.Token inspection requires the
IDENTITY scope and the projectsAcl:LIST and groupsAcl:LIST capabilities.Key capabilities
- Inspect token access to see which projects and capabilities are available
- Debug authorization issues by verifying the groups and capabilities resolved from a token
- Validate integration setup by confirming that a service account token has the expected permissions