Principals

Principal is an umbrella term for user accounts and service accounts. Both entities can be uniquely identified, authenticated, and authorized in CDF. Principals are unique within an organization, and therefore also within a project in the organization. Principals can access data and create and run processes (transformations, Functions) in a CDF project.

• A user account is associated with a person who wants to interact with CDF. Each user account has a user profile containing a unique user ID.
• A service account is associated with an application or process that wants to interact with CDF, such as an extractor or Cognite Functions, rather than a person.

Requests to the Principals API are directed to auth.cognite.com, like for organizations.

Only OAuth tokens issued by https://auth.cognite.com (such as the ones issued when logging into Fusion) are accepted by the Principals API.

It is also possible to obtain a token by initiating a login flow against the authorization server directly. See the "Authorizations" sections for more information.

The Principals API lets you query user accounts in an organization, and retrieve profiles.