> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # List Trusts > ListTrusts lists trusts for a service principal. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples get /api/v1/service_principals/{service_principal_id}/trusts openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/service_principals/{service_principal_id}/trusts: get: tags: - Workload Federation summary: List Trusts description: ListTrusts lists trusts for a service principal. operationId: c1.api.workload_federation.v1.WorkloadFederationService.ListTrusts parameters: - in: path name: service_principal_id required: true schema: description: The service principal ID to list trusts for (from URL path). readOnly: false type: string responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.workload_federation.v1.WorkloadFederationServiceListTrustsResponse description: Successful response x-codeSamples: - lang: go label: ListTrusts source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/operations\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.WorkloadFederation.ListTrusts(ctx, operations.C1APIWorkloadFederationV1WorkloadFederationServiceListTrustsRequest{\n ServicePrincipalID: \"\",\n })\n if err != nil {\n log.Fatal(err)\n }\n if res.WorkloadFederationServiceListTrustsResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.workloadFederation.listTrusts({ servicePrincipalId: "", }); console.log(result); } run(); components: schemas: c1.api.workload_federation.v1.WorkloadFederationServiceListTrustsResponse: description: The WorkloadFederationServiceListTrustsResponse message. properties: list: description: The list field. items: $ref: >- #/components/schemas/c1.api.workload_federation.v1.WorkloadFederationTrust nullable: true readOnly: false type: array nextPageToken: description: The nextPageToken field. readOnly: false type: string title: Workload Federation Service List Trusts Response type: object x-speakeasy-name-override: WorkloadFederationServiceListTrustsResponse c1.api.workload_federation.v1.WorkloadFederationTrust: description: |- WorkloadFederationTrust represents a per-SP trust policy that references a tenant-level provider and defines a CEL condition for claim matching. properties: allowSourceCidrs: description: IP allowlist for token exchange requests matching this trust. items: type: string nullable: true readOnly: false type: array clientId: description: >- The full client ID of the trust (e.g., "clever-fox-42195@acme.conductorone.com/wfe"). Used as the client_id parameter in RFC 8693 token exchange requests. readOnly: true type: string conditionExpression: description: |- CEL expression evaluated against JWT claims. Must return bool. Example: claims.sub.startsWith("repo:acme/infra:") && claims.environment == "production" readOnly: false type: string createdAt: format: date-time readOnly: true type: string description: description: A description of what this trust policy matches. readOnly: false type: string disabled: description: Whether the trust is disabled. readOnly: false type: boolean displayName: description: The display name of the trust. readOnly: false type: string passthroughClaims: description: >- JWT claim names from the subject token to copy into the issued C1 token. Values are placed in the "c1wfc" claim as a map[string]string. Only string-valued claims are copied; non-string claims are silently skipped. Example: ["repository", "repository_owner", "job_workflow_ref"] items: type: string nullable: true readOnly: false type: array providerId: description: The provider ID this trust references. Immutable after creation. readOnly: true type: string scopedRoleIds: description: >- Scoped role IDs. Effective permissions = min(SP roles, trust.scoped_role_ids). items: type: string nullable: true readOnly: false type: array servicePrincipalId: description: The service principal user ID this trust belongs to. readOnly: true type: string updatedAt: format: date-time readOnly: true type: string title: Workload Federation Trust type: object x-speakeasy-name-override: WorkloadFederationTrust securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````