> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Add Binding > AddBinding links a tenant-scoped subject (a function today; future kinds tomorrow) to a service principal. Outbound c1-api calls made on the subject's behalf can then be minted as user: via an RFC 8693 token-exchange (act-as) flow. Many-aware: a subject may hold multiple bindings at the storage layer. Idempotent on (subject, service_principal_id) — adds the row if missing, resurrects it if soft-deleted, no-op if already active. Consumers that need 0-or-1 cardinality (Functions today) enforce it client-side via ListBindings + DeleteBinding. Requires the SERVICE_PRINCIPALS feature flag. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/service_principals/bindings openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/service_principals/bindings: post: tags: - Service Principal Binding summary: Add Binding description: |- AddBinding links a tenant-scoped subject (a function today; future kinds tomorrow) to a service principal. Outbound c1-api calls made on the subject's behalf can then be minted as user: via an RFC 8693 token-exchange (act-as) flow. Many-aware: a subject may hold multiple bindings at the storage layer. Idempotent on (subject, service_principal_id) — adds the row if missing, resurrects it if soft-deleted, no-op if already active. Consumers that need 0-or-1 cardinality (Functions today) enforce it client-side via ListBindings + DeleteBinding. Requires the SERVICE_PRINCIPALS feature flag. operationId: c1.api.service_principal.v1.ServicePrincipalService.AddBinding requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalServiceAddBindingRequest responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalServiceAddBindingResponse description: Successful response x-codeSamples: - lang: go label: AddBinding source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.Principal.AddBinding(ctx, nil)\n if err != nil {\n log.Fatal(err)\n }\n if res.ServicePrincipalServiceAddBindingResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.principal.addBinding(); console.log(result); } run(); components: schemas: c1.api.service_principal.v1.ServicePrincipalServiceAddBindingRequest: description: The ServicePrincipalServiceAddBindingRequest message. properties: servicePrincipalId: description: The servicePrincipalId field. readOnly: false type: string subject: $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalBindingSubject title: Service Principal Service Add Binding Request type: object x-speakeasy-name-override: ServicePrincipalServiceAddBindingRequest c1.api.service_principal.v1.ServicePrincipalServiceAddBindingResponse: description: The ServicePrincipalServiceAddBindingResponse message. title: Service Principal Service Add Binding Response type: object x-speakeasy-name-override: ServicePrincipalServiceAddBindingResponse c1.api.service_principal.v1.ServicePrincipalBindingSubject: description: > ServicePrincipalBindingSubject identifies the entity that is bound to a service principal. Open-ended oneof so future subject kinds (workflows, connectors, etc.) can be added without changing the RPC shape. This message contains a oneof named kind. Only a single field of the following list may be set at a time: - functionId properties: functionId: description: >- Function ID. The function authenticates outbound c1-api calls as user: instead of function:. This field is part of the `kind` oneof. See the documentation for `c1.api.service_principal.v1.ServicePrincipalBindingSubject` for more details. nullable: true readOnly: false type: string title: Service Principal Binding Subject type: object x-speakeasy-name-override: ServicePrincipalBindingSubject securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````