> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tokenfactory.nebius.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get current token information

> Returns information about the current authentication token, including
the token UUID, expiration time, and a map of all known permissions
with their granted status.




## OpenAPI

````yaml https://eu-north.nebius.computer/static/api.yaml get /whoami
openapi: 3.0.0
info:
  title: Contree API
  description: >
    Contree is a container management system combining virtual machine isolation
    with container operational efficiency. 

    Designed for security-sensitive workloads requiring hardware-enforced
    boundaries while maintaining

    container workflow compatibility.
  version: 1.0.0
servers:
  - url: '{baseUrl}/v1'
    description: |
      Nebius IAM-fronted endpoint (use `IAMBearerAuth` + `IAMProjectHeader`).
      Override `baseUrl` to point at a different deployment.
    variables:
      baseUrl:
        default: https://api.tokenfactory.nebius.com/sandboxes
        description: |
          Base URL of the contree service. Defaults to the public Nebius
          IAM-fronted endpoint; set to your self-hosted contree origin
          (e.g. `https://contree.example.com`) when running elsewhere.
security:
  - IAMBearerAuth: []
    IAMProjectHeader: []
tags:
  - name: images
    description: Operations related to container images
  - name: files
    description: Operations related to file uploads
  - name: instances
    description: Operations related to container instances
  - name: inspect
    description: Operations related to inspecting container images
  - name: operations
    description: Operations related to long-running operations
  - name: auth
    description: Authentication and token introspection
paths:
  /whoami:
    get:
      tags:
        - auth
      summary: Get current token information
      description: |
        Returns information about the current authentication token, including
        the token UUID, expiration time, and a map of all known permissions
        with their granted status.
      operationId: whoAmI
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WhoAmIResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    WhoAmIResponse:
      type: object
      required:
        - token_uuid
        - token_expiration
        - permissions
        - operations_stat
      properties:
        token_uuid:
          type: string
          description: UUID of the authentication token
          example: a1b2c3d4-e5f6-7890-abcd-ef1234567890
        token_expiration:
          type: integer
          nullable: true
          description: Token expiration time as Unix timestamp, or null if not set
          example: 1735689600
        permissions:
          type: object
          additionalProperties:
            type: boolean
          description: |
            Map of all known permission names to their granted status.
            Keys are permission names (e.g., `import`, `spawn`, `list`),
            values indicate whether the token has the permission.
          example:
            import: true
            spawn: true
            spawn_disposable: false
            list: true
            cancel: false
            set_image_tag: false
        limits:
          type: object
          additionalProperties:
            type: integer
          description: Map of resource limit names to their values for the current token.
          example:
            instance_max_timeout: 3600
            instance_max_concurrency: 10
            images_import_max_concurrency: 5
            images_import_max_timeout: 3600
        operations_stat:
          type: object
          additionalProperties:
            type: integer
          description: Operation statistics (reserved for future use)
    Error:
      type: object
      required:
        - error
      properties:
        error:
          oneOf:
            - type: string
            - type: object
            - type: array
              items:
                type: object
          description: Error message or structured validation errors
          example: Some error occurred, this is an example of error message
        status:
          type: integer
          description: HTTP status code
          example: 500
        traceback:
          type: array
          items:
            type: string
  responses:
    Unauthorized:
      description: |
        Unauthorized - Invalid or missing authentication credentials.
        Either the `Authorization` bearer token is missing or invalid, or
        the `Project` header is missing.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    IAMBearerAuth:
      type: http
      scheme: bearer
      bearerFormat: IAM
      description: |
        IAM bearer token issued by the Nebius IAM service. Sent as
        `Authorization: Bearer <iam-token>`. Must be combined with the
        `Project` header (see `IAMProjectHeader`).

        This is the recommended authentication scheme for new clients.
    IAMProjectHeader:
      type: apiKey
      in: header
      name: Project
      description: |
        Nebius project ID associated with the IAM token. Required together
        with `IAMBearerAuth`. Identifies the project context the request is
        scoped to.

````