> ## Documentation Index > Fetch the complete documentation index at: https://docs.nx1cloud.com/llms.txt > Use this file to discover all available pages before exploring further. # Resolve the caller's identity and roles > Return the identity the API resolved for the current request. The REST counterpart of the MCP ``whoami`` tool: send an ``Authorization: Bearer `` or ``Authorization-PSK: `` header and get back the resolved username, email, roles, and the auth method that matched. Useful for verifying PSK / Bearer wiring and discovering effective roles. ## OpenAPI ````yaml get /api/identity/whoami openapi: 3.1.0 info: title: Nx1 AI API description: | AI API for Nx1 Data Platform Management and Automated Data Tasks. Authentication is required via PSK in Authorization header. Default PSK is | [ask a friend] | version: 0.10.2 servers: [] security: [] paths: /api/identity/whoami: get: tags: - Identity summary: Resolve the caller's identity and roles description: >- Return the identity the API resolved for the current request. The REST counterpart of the MCP ``whoami`` tool: send an ``Authorization: Bearer `` or ``Authorization-PSK: `` header and get back the resolved username, email, roles, and the auth method that matched. Useful for verifying PSK / Bearer wiring and discovering effective roles. operationId: whoami_api_identity_whoami_get responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/WhoAmIResponse' security: - OAuth2AuthorizationCodeBearer: [] - APIKeyHeader: [] components: schemas: WhoAmIResponse: properties: sub: type: string title: Sub description: Keycloak subject identifier of the caller. preferred_username: anyOf: - type: string - type: 'null' title: Preferred Username description: Username for user context. Equals 'psk' for the general PSK. email: anyOf: - type: string - type: 'null' title: Email description: Caller's email, if known. full_name: anyOf: - type: string - type: 'null' title: Full Name description: Caller's full name, if known. roles: items: type: string type: array title: Roles description: Realm roles assigned to the caller. client_roles: items: type: string type: array title: Client Roles description: Client roles assigned to the caller. auth_method: $ref: '#/components/schemas/AuthMethod' description: >- Which credential resolved the identity (Bearer, user PSK, general PSK). type: object required: - sub - auth_method title: WhoAmIResponse description: |- Identity resolved by the API for the current request. Mirrors the MCP ``whoami`` tool: echoes back the caller's identity and the auth method that matched, so clients can verify their Bearer / PSK wiring and discover their effective roles. AuthMethod: type: string enum: - keycloak_token - user_psk - general_psk title: AuthMethod description: Enum to track how the user was authenticated. securitySchemes: OAuth2AuthorizationCodeBearer: type: oauth2 flows: authorizationCode: scopes: {} authorizationUrl: >- https://sso-rapid.rapid.nx1cloud.com/realms/rapid/protocol/openid-connect/auth tokenUrl: >- https://sso-rapid.rapid.nx1cloud.com/realms/rapid/protocol/openid-connect/token APIKeyHeader: type: apiKey in: header name: Authorization-PSK ````