> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://docs.nvidia.com/infra-controller/llms.txt. > For full documentation content, see https://docs.nvidia.com/infra-controller/llms-full.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.nvidia.com/infra-controller/_mcp/server. # Retrieve Token Delegation for current Org GET https://nico-rest-api.nico.svc.cluster.local/v2/org/{org}/nico/site/{siteID}/tenant-identity/token-delegation Retrieve the registered token exchange callback for the tenant. User must have authorization role with `TENANT_ADMIN` suffix in the URL `{org}`. The raw `clientSecret` is never returned; only its SHA-256 hash. Reference: https://docs.nvidia.com/infra-controller/infra-controller/rest-api-reference/api-reference/tenant-identity/get-tenant-identity-token-delegation ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: NVIDIA Infra Controller REST API version: 1.0.0 paths: /v2/org/{org}/nico/site/{siteID}/tenant-identity/token-delegation: get: operationId: get-tenant-identity-token-delegation summary: Retrieve Token Delegation for current Org description: >- Retrieve the registered token exchange callback for the tenant. User must have authorization role with `TENANT_ADMIN` suffix in the URL `{org}`. The raw `clientSecret` is never returned; only its SHA-256 hash. tags: - subpackage_tenantIdentity parameters: - name: org in: path description: Name of the Org required: true schema: type: string - name: siteID in: path description: ID of the Site required: true schema: type: string format: uuid - name: Authorization in: header description: >- ``` export JWT_BEARER_TOKEN="" # Example org name: "acme-inc export ORG_NAME= # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://nico-rest-api.nico.svc.cluster.local/v2/org/$ORG_NAME/nico/user/current ``` required: true schema: type: string responses: '200': description: Token delegation retrieved content: application/json: schema: $ref: '#/components/schemas/TenantIdentityTokenDelegation' '400': description: Error response when request data cannot be validated content: application/json: schema: $ref: '#/components/schemas/NICoAPIError' '403': description: >- Error response when user is not authorized to call an endpoint or retrieve/modify objects content: application/json: schema: $ref: '#/components/schemas/NICoAPIError' '404': description: Error response when requested object is not found content: application/json: schema: $ref: '#/components/schemas/NICoAPIError' '500': description: Response when the API handler encounters an unexpected error content: application/json: schema: $ref: '#/components/schemas/NICoAPIError' '503': description: |- Core gRPC API is unavailable, or site-level machine identity is disabled (`enabled=false` in site config), so the request cannot be served. content: application/json: schema: $ref: '#/components/schemas/NICoAPIError' servers: - url: https://nico-rest-api.nico.svc.cluster.local components: schemas: TenantIdentityBasicClientSecretResponse: type: object properties: clientId: type: string clientSecretHash: type: string description: SHA-256 hash of the raw secret. description: >- Public half of `client_secret_basic` credentials. Only the SHA-256 hash of the secret is returned. title: TenantIdentityBasicClientSecretResponse TenantIdentityTokenDelegation: type: object properties: tokenEndpoint: type: string format: uri clientSecretBasic: $ref: '#/components/schemas/TenantIdentityBasicClientSecretResponse' subjectTokenAudience: type: string created: type: string format: date-time updated: type: string format: date-time description: Current token delegation configuration for the org. title: TenantIdentityTokenDelegation NiCoApiErrorSource: type: string enum: - nico description: Source of the error. title: NiCoApiErrorSource NiCoApiErrorData: type: object properties: {} description: Additional data about the error title: NiCoApiErrorData NICoAPIError: type: object properties: source: $ref: '#/components/schemas/NiCoApiErrorSource' description: Source of the error. message: type: string description: Message describing the error data: oneOf: - $ref: '#/components/schemas/NiCoApiErrorData' - type: 'null' description: Additional data about the error description: Describes the error response from NVIDIA Infra Controller REST API title: NICoAPIError securitySchemes: JWTBearerToken: type: http scheme: bearer description: >- ``` export JWT_BEARER_TOKEN="" # Example org name: "acme-inc export ORG_NAME= # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://nico-rest-api.nico.svc.cluster.local/v2/org/$ORG_NAME/nico/user/current ``` ``` ## SDK Code Examples ```python import requests url = "https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/tenant-identity/token-delegation" payload = {} headers = { "Authorization": "Bearer ", "Content-Type": "application/json" } response = requests.get(url, json=payload, headers=headers) print(response.json()) ``` ```javascript const url = 'https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/tenant-identity/token-delegation'; const options = { method: 'GET', headers: {Authorization: 'Bearer ', 'Content-Type': 'application/json'}, body: '{}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/tenant-identity/token-delegation" payload := strings.NewReader("{}") req, _ := http.NewRequest("GET", url, payload) req.Header.Add("Authorization", "Bearer ") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/tenant-identity/token-delegation") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Get.new(url) request["Authorization"] = 'Bearer ' request["Content-Type"] = 'application/json' request.body = "{}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.get("https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/tenant-identity/token-delegation") .header("Authorization", "Bearer ") .header("Content-Type", "application/json") .body("{}") .asString(); ``` ```php request('GET', 'https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/tenant-identity/token-delegation', [ 'body' => '{}', 'headers' => [ 'Authorization' => 'Bearer ', 'Content-Type' => 'application/json', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/tenant-identity/token-delegation"); var request = new RestRequest(Method.GET); request.AddHeader("Authorization", "Bearer "); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = [ "Authorization": "Bearer ", "Content-Type": "application/json" ] let parameters = [] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/site/siteID/tenant-identity/token-delegation")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```