> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cognite.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Tokens

> Manage tokens in Cognite Data Fusion (CDF).

Access tokens issued by an identity provider (IdP), such as Microsoft Entra ID or Google, are used to authenticate and authorize requests to CDF resources. Tokens are standard OAuth 2.0 / OIDC JSON Web Tokens (JWTs) and are sent with every API request in the `Authorization: Bearer <token>` header.

CDF does not create or manage tokens. Your IdP handles token issuance through standard OAuth flows such as authorization code, client credentials, or implicit grant.

## Token inspection

The Token API provides a single operation: **inspect**. Use the inspect endpoint to see what CDF access a token grants, including the projects, groups, and capabilities associated with it.

<Note>
  Token inspection requires the `IDENTITY` scope and the `projectsAcl:LIST` and `groupsAcl:LIST` capabilities.
</Note>

## Key capabilities

* **Inspect token access** to see which projects and capabilities are available
* **Debug authorization issues** by verifying the groups and capabilities resolved from a token
* **Validate integration setup** by confirming that a service account token has the expected permissions
