Get Paybond Principal
paybond_get_principalRetrieve the tenant-bound service-account principal and roles from the gateway principal endpoint. Call this before other tenant-scoped tools to confirm tenant identity.
Instructions
Use this when you need to confirm which tenant-bound service-account principal the configured PAYBOND_API_KEY authenticates as (tenant_id, subject, and roles). Call early as a prerequisite before Harbor escrow, Signal reads, or other tenant-scoped tools when tenant identity is unknown. Not required before every later call once tenant_id is already known from a prior principal response or host config. Do not use this when you need Harbor intent escrow detail; use paybond_get_intent instead when you have an intent_id. Do not use this for A2A discovery; use paybond_get_a2a_agent_card instead. Makes one read-only external GET to the gateway principal endpoint; idempotent identity lookup with no side effects (no mutations, spend reservations, escrow changes, or ledger writes); auth or gateway failures surface as tool errors.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| roles | No | RBAC roles granted to this principal for the authenticated tenant (example: ["operator"]). | |
| subject | No | Service-account subject identifier echoed by the gateway for the authenticated API key (example: service-account-1). | |
| tenant_id | No | Tenant bound to the configured Paybond API key. |