> ## Documentation Index > Fetch the complete documentation index at: https://docs.nebius.com/llms.txt > Use this file to discover all available pages before exploring further. # exchange

Name

nebius iam token-exchange exchange

Synopsis

``` nebius iam token-exchange exchange --actor-token --actor-token-type --audience --grant-type --requested-token-type --resource --scopes --subject-token --subject-token-type ```

Options

`--actor-token` (string)

Optional, subject token for impersonation/delegation (who want to impersonate/delegate) in subject\_token.

`--actor-token-type` (string)

Optional, token type for the impersonation/delegation (who want to impersonate/delegate). Usually it's
urn:ietf:params:oauth:token-type:access\_token.

`--audience` (string)

Optional, name of the oauth client id on which this token will be used.

`--grant-type` (string)

Required - urn:ietf:params:oauth:grant-type:token-exchange.

`--requested-token-type` (string)

Optional type of requested token, default is urn:ietf:params:oauth:token-type:access\_token.

`--resource` (string array)

Optional, list of resources approved to use by token, if applicable.

`--scopes` (string array)

Optional (scopes of the token).

`--subject-token` (string)

Required - could be self signed JWT token.

`--subject-token-type` (string)

Required, in case of jwt - urn:ietf:params:oauth:token-type:jwt.

Global Options

`-h, --help` (bool)

Show this message.

`-p, --profile` (string)

Set a profile for interacting with the cloud.

`--format` (string)

Output format. Supported values: yaml|json|jsonpath|table|text.

`-f, --file` (string)

Input file. For 'update' commands automatically set --full=true.

`-c, --config` (string)

Provide path to config file.

`--debug` (bool)

Enable debug logs.

`--color` (bool)

Enable colored output.

`--no-browser` (bool)

Do not open browser automatically on auth.

`--insecure` (bool)

Disable transport security.

`--auth-timeout` (duration: 2h30m10s)

Set the timeout for the request including authentication process, default is 15m0s.

`--per-retry-timeout` (duration: 2h30m10s)

Set the timeout for each retry attempt, default is 20s.

`--retries` (uint)

Set the number of retry attempts, 1 is disable retries, default is 3.

`--timeout` (duration: 2h30m10s)

Set the timeout for the main request, default is 1m0s.

`--no-check-update` (bool)

Suppress check for updates.

`--no-progress` (bool)

Suppress progress indicators and spinners.

```json theme={null} { "actor_token": string, // [sensitive] // Optional, subject token for impersonation/delegation (who want to impersonate/delegate) in subject_token. "actor_token_type": string, // Optional, token type for the impersonation/delegation (who want to impersonate/delegate). Usually it's // urn:ietf:params:oauth:token-type:access_token. "audience": string, // Optional, name of the oauth client id on which this token will be used. "grant_type": string, // Required - urn:ietf:params:oauth:grant-type:token-exchange. "requested_token_type": string, // Optional type of requested token, default is urn:ietf:params:oauth:token-type:access_token. "resource": [string], // Optional, list of resources approved to use by token, if applicable. "scopes": [string], // Optional (scopes of the token). "subject_token": string, // [sensitive] // Required - could be self signed JWT token. "subject_token_type": string // Required, in case of jwt - urn:ietf:params:oauth:token-type:jwt. } ``` ```json theme={null} nebius iam token-exchange exchange ' { "actor_token": "", "actor_token_type": "", "audience": "", "grant_type": "", "requested_token_type": "", "resource": [""], "scopes": [""], "subject_token": "", "subject_token_type": "" } ' ``` Auto generated on 7-May-2026