diff --git a/apis/identity/v1alpha1/inboxtokenrequest_types.go b/apis/identity/v1alpha1/inboxtokenrequest_types.go
index 05e4bfb8b..51bd5a1a6 100644
--- a/apis/identity/v1alpha1/inboxtokenrequest_types.go
+++ b/apis/identity/v1alpha1/inboxtokenrequest_types.go
@@ -45,8 +45,7 @@ type InboxTokenRequest struct {
 type InboxTokenRequestRequest struct{}
 
 type InboxTokenRequestResponse struct {
-	JmapJWTToken  string `json:"jmapJWTToken"`
-	AdminJWTToken string `json:"adminJWTToken"`
+	AgentJWTToken string `json:"agentJwtToken"`
 }
 
 func init() {
diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go
index 543a1796a..c2195b25a 100644
--- a/pkg/identity/b3.go
+++ b/pkg/identity/b3.go
@@ -147,22 +147,22 @@ func (c *Client) Identify(clusterUID string) (*kmapi.ClusterMetadata, error) {
 	return &md, nil
 }
 
-func (c *Client) GetToken() (string, error) {
+func (c *Client) GetToken() (*identityapi.InboxTokenRequestResponse, error) {
 	u, err := info.APIServerAddress(c.baseURL)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	id, err := c.GetIdentity()
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	u.Path = path.Join(u.Path, "api/v1/agent", id.Status.Name, id.Status.UID, "token")
 
 	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	req.Header.Set("Content-Type", "application/json")
 	// add authorization header to the req
@@ -183,14 +183,20 @@ func (c *Client) GetToken() (string, error) {
 				klog.Errorln(string(encodeCertPEM(cert)))
 			}
 		}
-		return "", err
+		return nil, err
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
-	return string(body), nil
+
+	tokenResponse := &identityapi.InboxTokenRequestResponse{}
+	if err = json.Unmarshal(body, tokenResponse); err != nil {
+		return nil, err
+	}
+
+	return tokenResponse, nil
 }
 
 const SelfName = "self"