generated: '2026-07-15' method: generated source: openapi/auth0-authentication-api-openapi.yml, openapi/auth0-fga-openapi.yml, openapi/auth0-management-api-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 458 by_action_class: connected: 186 acting: 272 by_consequence: read: 186 write: 241 physical: 20 safety-critical: 11 human_in_the_loop_required: 11 operations: - path: /authorize method: get operationId: authorize x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v2/logout method: get operationId: logout x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /oidc/logout method: get operationId: oidc_logout x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /samlp/{CLIENT_ID}/logout method: post operationId: saml_logout x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /passwordless/start method: post operationId: passwordless_start x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /passwordless/verify method: post operationId: passwordless_verify x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /oauth/token method: post operationId: oauth_token x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /dbconnections/signup method: post operationId: dbconnections_signup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /dbconnections/change_password method: post operationId: dbconnections_change_password x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /userinfo method: get operationId: userinfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /mfa/challenge method: post operationId: mfa_challenge x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /mfa/associate method: post operationId: mfa_associate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /mfa/authenticators method: get operationId: mfa_authenticators x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /mfa/authenticators/{AUTHENTICATOR_ID} method: delete operationId: mfa_authenticators_delete x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /samlp/{client_id} method: get operationId: samlp_login x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /samlp/metadata/{client_id} method: get operationId: samlp_metadata x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /login/callback method: post operationId: login_callback x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /wsfed/{client_id} method: get operationId: wsfed_login x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /wsfed/FederationMetadata/2007-06/FederationMetadata.xml method: get operationId: wsfed_metadata x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /oidc/register method: post operationId: oidc_register x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /oauth/device/code method: post operationId: oauth_device_code x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /oauth/revoke method: post operationId: oauth_revoke x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /oauth/access_token method: post operationId: oauth_access_token x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /oauth/ro method: post operationId: oauth_ro x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /tokeninfo method: post operationId: tokeninfo x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /delegation method: post operationId: delegation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /unlink method: post operationId: unlink x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{user_id}/impersonate method: post operationId: impersonate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /.well-known/authzen-configuration/{store_id} method: get operationId: GetConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stores method: get operationId: ListStores x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stores method: post operationId: CreateStore x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id} method: get operationId: GetStore x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stores/{store_id} method: delete operationId: DeleteStore x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/access/v1/evaluation method: post operationId: Evaluation x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/access/v1/evaluations method: post operationId: Evaluations x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/access/v1/search/action method: post operationId: ActionSearch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/access/v1/search/resource method: post operationId: ResourceSearch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/access/v1/search/subject method: post operationId: SubjectSearch x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/assertions/{authorization_model_id} method: get operationId: ReadAssertions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stores/{store_id}/assertions/{authorization_model_id} method: put operationId: WriteAssertions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/authorization-models method: get operationId: ReadAuthorizationModels x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stores/{store_id}/authorization-models method: post operationId: WriteAuthorizationModel x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/authorization-models/{id} method: get operationId: ReadAuthorizationModel x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stores/{store_id}/batch-check method: post operationId: BatchCheck x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/changes method: get operationId: ReadChanges x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stores/{store_id}/check method: post operationId: Check x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/expand method: post operationId: Expand x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/list-objects method: post operationId: ListObjects x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/list-users method: post operationId: ListUsers x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/read method: post operationId: Read x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/streamed-list-objects method: post operationId: StreamedListObjects x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /stores/{store_id}/write method: post operationId: Write x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/actions method: get operationId: get_actions x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/actions method: post operationId: post_action x-agentic-access: action-class: acting consequence: write subject: required scope: - create:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/actions/{actionId}/versions method: get operationId: get_action_versions x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/actions/{actionId}/versions/{id} method: get operationId: get_action_version x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/actions/{actionId}/versions/{id}/deploy method: post operationId: post_deploy_draft_version x-agentic-access: action-class: acting consequence: physical subject: required scope: - create:actions audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/actions/{id} method: get operationId: get_action x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/actions/{id} method: delete operationId: delete_action x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/actions/{id} method: patch operationId: patch_action x-agentic-access: action-class: acting consequence: write subject: required scope: - update:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/actions/{id}/deploy method: post operationId: post_deploy_action x-agentic-access: action-class: acting consequence: physical subject: required scope: - create:actions audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/actions/{id}/test method: post operationId: post_test_action x-agentic-access: action-class: acting consequence: write subject: required scope: - create:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/executions/{id} method: get operationId: get_execution x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/modules method: get operationId: get_action_modules x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/modules method: post operationId: post_action_module x-agentic-access: action-class: acting consequence: write subject: required scope: - create:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/modules/{id} method: get operationId: get_action_module x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/modules/{id} method: delete operationId: delete_action_module x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/modules/{id} method: patch operationId: patch_action_module x-agentic-access: action-class: acting consequence: write subject: required scope: - update:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/modules/{id}/actions method: get operationId: get_action_module_actions x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/modules/{id}/rollback method: post operationId: post_action_module_rollback x-agentic-access: action-class: acting consequence: write subject: required scope: - update:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/modules/{id}/versions method: get operationId: get_action_module_versions x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/modules/{id}/versions method: post operationId: post_action_module_version x-agentic-access: action-class: acting consequence: write subject: required scope: - update:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /actions/modules/{id}/versions/{versionId} method: get operationId: get_action_module_version x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/triggers method: get operationId: get_triggers x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/triggers/{triggerId}/bindings method: get operationId: get_bindings x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:actions token: max-ttl: 3600 audit: none - path: /actions/triggers/{triggerId}/bindings method: patch operationId: patch_bindings x-agentic-access: action-class: acting consequence: write subject: required scope: - update:actions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /anomaly/blocks/ips/{id} method: get operationId: get_ips_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:anomaly_blocks token: max-ttl: 3600 audit: none - path: /anomaly/blocks/ips/{id} method: delete operationId: delete_ips_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:anomaly_blocks audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /attack-protection/bot-detection method: get operationId: get_bot-detection x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:attack_protection token: max-ttl: 3600 audit: none - path: /attack-protection/bot-detection method: patch operationId: patch_bot-detection x-agentic-access: action-class: acting consequence: write subject: required scope: - update:attack_protection audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /attack-protection/breached-password-detection method: get operationId: get_breached-password-detection x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:attack_protection token: max-ttl: 3600 audit: none - path: /attack-protection/breached-password-detection method: patch operationId: patch_breached-password-detection x-agentic-access: action-class: acting consequence: write subject: required scope: - update:attack_protection audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /attack-protection/brute-force-protection method: get operationId: get_brute-force-protection x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:attack_protection token: max-ttl: 3600 audit: none - path: /attack-protection/brute-force-protection method: patch operationId: patch_brute-force-protection x-agentic-access: action-class: acting consequence: write subject: required scope: - update:attack_protection audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /attack-protection/captcha method: get operationId: get_captcha x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:attack_protection token: max-ttl: 3600 audit: none - path: /attack-protection/captcha method: patch operationId: patch_captcha x-agentic-access: action-class: acting consequence: write subject: required scope: - update:attack_protection audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /attack-protection/suspicious-ip-throttling method: get operationId: get_suspicious-ip-throttling x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:attack_protection token: max-ttl: 3600 audit: none - path: /attack-protection/suspicious-ip-throttling method: patch operationId: patch_suspicious-ip-throttling x-agentic-access: action-class: acting consequence: write subject: required scope: - update:attack_protection audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding method: get operationId: get_branding x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:branding token: max-ttl: 3600 audit: none - path: /branding method: patch operationId: patch_branding x-agentic-access: action-class: acting consequence: write subject: required scope: - update:branding audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/phone/providers method: get operationId: get_branding_phone_providers x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:phone_providers token: max-ttl: 3600 audit: none - path: /branding/phone/providers method: post operationId: create_phone_provider x-agentic-access: action-class: acting consequence: write subject: required scope: - create:phone_providers audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/phone/providers/{id} method: get operationId: get_phone_provider x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:phone_providers token: max-ttl: 3600 audit: none - path: /branding/phone/providers/{id} method: delete operationId: delete_phone_provider x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:phone_providers audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/phone/providers/{id} method: patch operationId: update_phone_provider x-agentic-access: action-class: acting consequence: write subject: required scope: - update:phone_providers audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/phone/providers/{id}/try method: post operationId: try_phone_provider x-agentic-access: action-class: acting consequence: physical subject: required scope: - create:phone_providers audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/phone/templates method: get operationId: get_phone_templates x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:phone_templates token: max-ttl: 3600 audit: none - path: /branding/phone/templates method: post operationId: create_phone_template x-agentic-access: action-class: acting consequence: write subject: required scope: - create:phone_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/phone/templates/{id} method: get operationId: get_phone_template x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:phone_templates token: max-ttl: 3600 audit: none - path: /branding/phone/templates/{id} method: delete operationId: delete_phone_template x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:phone_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/phone/templates/{id} method: patch operationId: update_phone_template x-agentic-access: action-class: acting consequence: write subject: required scope: - update:phone_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/phone/templates/{id}/reset method: patch operationId: reset_phone_template x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - update:phone_templates audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /branding/phone/templates/{id}/try method: post operationId: try_phone_template x-agentic-access: action-class: acting consequence: physical subject: required scope: - create:phone_templates audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/templates/universal-login method: get operationId: get_universal-login x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:branding token: max-ttl: 3600 audit: none - path: /branding/templates/universal-login method: delete operationId: delete_universal-login x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:branding audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/templates/universal-login method: put operationId: put_universal-login x-agentic-access: action-class: acting consequence: write subject: required scope: - update:branding audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/themes method: post operationId: post_branding_theme x-agentic-access: action-class: acting consequence: write subject: required scope: - update:branding audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/themes/default method: get operationId: get_default_branding_theme x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:branding token: max-ttl: 3600 audit: none - path: /branding/themes/{themeId} method: get operationId: get_branding_theme x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:branding token: max-ttl: 3600 audit: none - path: /branding/themes/{themeId} method: delete operationId: delete_branding_theme x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:branding audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /branding/themes/{themeId} method: patch operationId: patch_branding_theme x-agentic-access: action-class: acting consequence: write subject: required scope: - update:branding audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /client-grants method: get operationId: get_client-grants x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:client_grants token: max-ttl: 3600 audit: none - path: /client-grants method: post operationId: post_client-grants x-agentic-access: action-class: acting consequence: write subject: required scope: - create:client_grants audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /client-grants/{id} method: get operationId: get_client-grant x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:client_grants token: max-ttl: 3600 audit: none - path: /client-grants/{id} method: delete operationId: delete_client-grants_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:client_grants audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /client-grants/{id} method: patch operationId: patch_client-grants_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:client_grants audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /client-grants/{id}/organizations method: get operationId: get_client-grant-organizations x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_client_grants token: max-ttl: 3600 audit: none - path: /clients method: get operationId: get_clients x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:client_credentials - read:client_keys - read:client_summary - read:clients token: max-ttl: 3600 audit: none - path: /clients method: post operationId: post_clients x-agentic-access: action-class: acting consequence: write subject: required scope: - create:clients audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clients/cimd/preview method: post operationId: post_clients_cimd_preview x-agentic-access: action-class: acting consequence: write subject: required scope: - read:clients audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clients/cimd/register method: post operationId: post_clients_cimd_register x-agentic-access: action-class: acting consequence: write subject: required scope: - create:clients - update:clients audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clients/{client_id}/credentials method: get operationId: get_credentials x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:client_credentials token: max-ttl: 3600 audit: none - path: /clients/{client_id}/credentials method: post operationId: post_credentials x-agentic-access: action-class: acting consequence: write subject: required scope: - create:client_credentials audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clients/{client_id}/credentials/{credential_id} method: get operationId: get_credentials_by_credential_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:client_credentials token: max-ttl: 3600 audit: none - path: /clients/{client_id}/credentials/{credential_id} method: delete operationId: delete_credentials_by_credential_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:client_credentials audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clients/{client_id}/credentials/{credential_id} method: patch operationId: patch_credentials_by_credential_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:client_credentials audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clients/{id} method: get operationId: get_clients_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:client_credentials - read:client_keys - read:client_summary - read:clients token: max-ttl: 3600 audit: none - path: /clients/{id} method: delete operationId: delete_clients_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:clients audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clients/{id} method: patch operationId: patch_clients_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:client_credentials - update:client_keys - update:client_token_vault_privileged_access - update:clients audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /clients/{id}/connections method: get operationId: get_client_connections x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:client_summary - read:clients - read:connections token: max-ttl: 3600 audit: none - path: /clients/{id}/rotate-secret method: post operationId: post_rotate-secret x-agentic-access: action-class: acting consequence: write subject: required scope: - update:client_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connection-profiles method: get operationId: get_connection-profiles x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connection_profiles token: max-ttl: 3600 audit: none - path: /connection-profiles method: post operationId: post_connection-profiles x-agentic-access: action-class: acting consequence: write subject: required scope: - create:connection_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connection-profiles/templates method: get operationId: get_connection_profile_templates x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connection_profiles token: max-ttl: 3600 audit: none - path: /connection-profiles/templates/{id} method: get operationId: get_connection_profile_template x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connection_profiles token: max-ttl: 3600 audit: none - path: /connection-profiles/{id} method: get operationId: get_connection-profiles_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connection_profiles token: max-ttl: 3600 audit: none - path: /connection-profiles/{id} method: delete operationId: delete_connection-profiles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:connection_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connection-profiles/{id} method: patch operationId: patch_connection-profiles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:connection_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections method: get operationId: get_connections x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connections token: max-ttl: 3600 audit: none - path: /connections method: post operationId: post_connections x-agentic-access: action-class: acting consequence: write subject: required scope: - create:connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections-directory-provisionings method: get operationId: get_connections-directory-provisionings x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:directory_provisionings token: max-ttl: 3600 audit: none - path: /connections-scim-configurations method: get operationId: get_connections-scim-configurations x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:scim_config token: max-ttl: 3600 audit: none - path: /connections/{id} method: get operationId: get_connections_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connections token: max-ttl: 3600 audit: none - path: /connections/{id} method: delete operationId: delete_connections_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id} method: patch operationId: patch_connections_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/clients method: get operationId: get_connection_clients x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connections token: max-ttl: 3600 audit: none - path: /connections/{id}/clients method: patch operationId: patch_clients x-agentic-access: action-class: acting consequence: write subject: required scope: - update:connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/directory-provisioning method: get operationId: get_directory-provisioning x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:directory_provisionings token: max-ttl: 3600 audit: none - path: /connections/{id}/directory-provisioning method: delete operationId: delete_directory-provisioning x-agentic-access: action-class: acting consequence: physical subject: required scope: - delete:directory_provisionings audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/directory-provisioning method: patch operationId: patch_directory-provisioning x-agentic-access: action-class: acting consequence: physical subject: required scope: - update:directory_provisionings audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/directory-provisioning method: post operationId: post_directory-provisioning x-agentic-access: action-class: acting consequence: physical subject: required scope: - create:directory_provisionings audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/directory-provisioning/default-mapping method: get operationId: get_directory_provisioning_default_mapping x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:directory_provisionings token: max-ttl: 3600 audit: none - path: /connections/{id}/directory-provisioning/synchronizations method: post operationId: post_synchronizations x-agentic-access: action-class: acting consequence: physical subject: required scope: - create:directory_provisionings audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/directory-provisioning/synchronized-groups method: get operationId: get_synchronized-groups x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:directory_provisionings token: max-ttl: 3600 audit: none - path: /connections/{id}/directory-provisioning/synchronized-groups method: put operationId: put_synchronized-groups x-agentic-access: action-class: acting consequence: physical subject: required scope: - update:directory_provisionings audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/keys method: get operationId: get_keys x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connections_keys token: max-ttl: 3600 audit: none - path: /connections/{id}/keys method: post operationId: post_keys x-agentic-access: action-class: acting consequence: write subject: required scope: - create:connections_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/keys/rotate method: post operationId: post_rotate x-agentic-access: action-class: acting consequence: write subject: required scope: - create:connections_keys - update:connections_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/scim-configuration method: get operationId: get_scim-configuration x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:scim_config token: max-ttl: 3600 audit: none - path: /connections/{id}/scim-configuration method: delete operationId: delete_scim-configuration x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:scim_config audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/scim-configuration method: patch operationId: patch_scim-configuration x-agentic-access: action-class: acting consequence: write subject: required scope: - update:scim_config audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/scim-configuration method: post operationId: post_scim-configuration x-agentic-access: action-class: acting consequence: write subject: required scope: - create:scim_config audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/scim-configuration/default-mapping method: get operationId: get_default-mapping x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:scim_config token: max-ttl: 3600 audit: none - path: /connections/{id}/scim-configuration/tokens method: get operationId: get_scim_tokens x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:scim_token token: max-ttl: 3600 audit: none - path: /connections/{id}/scim-configuration/tokens method: post operationId: post_scim_token x-agentic-access: action-class: acting consequence: write subject: required scope: - create:scim_token audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/scim-configuration/tokens/{tokenId} method: delete operationId: delete_tokens_by_tokenId x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:scim_token audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /connections/{id}/status method: get operationId: get_status x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:connections token: max-ttl: 3600 audit: none - path: /connections/{id}/users method: delete operationId: delete_users_by_email x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-domains method: get operationId: get_custom-domains x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:custom_domains token: max-ttl: 3600 audit: none - path: /custom-domains method: post operationId: post_custom-domains x-agentic-access: action-class: acting consequence: write subject: required scope: - create:custom_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-domains/default method: get operationId: get_default x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:custom_domains token: max-ttl: 3600 audit: none - path: /custom-domains/default method: patch operationId: patch_default x-agentic-access: action-class: acting consequence: write subject: required scope: - update:custom_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-domains/{id} method: get operationId: get_custom-domains_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:custom_domains token: max-ttl: 3600 audit: none - path: /custom-domains/{id} method: delete operationId: delete_custom-domains_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:custom_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-domains/{id} method: patch operationId: patch_custom-domains_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:custom_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-domains/{id}/test method: post operationId: post_test_domain x-agentic-access: action-class: acting consequence: write subject: required scope: - read:custom_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /custom-domains/{id}/verify method: post operationId: post_verify x-agentic-access: action-class: acting consequence: write subject: required scope: - create:custom_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /device-credentials method: get operationId: get_device-credentials x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:device_credentials token: max-ttl: 3600 audit: none - path: /device-credentials method: post operationId: post_device-credentials x-agentic-access: action-class: acting consequence: write subject: required scope: - create:current_user_device_credentials audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /device-credentials/{id} method: delete operationId: delete_device-credentials_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:current_user_device_credentials - delete:device_credentials audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /email-templates method: post operationId: post_email-templates x-agentic-access: action-class: acting consequence: write subject: required scope: - create:email_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /email-templates/{templateName} method: get operationId: get_email-templates_by_templateName x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:email_templates token: max-ttl: 3600 audit: none - path: /email-templates/{templateName} method: patch operationId: patch_email-templates_by_templateName x-agentic-access: action-class: acting consequence: write subject: required scope: - update:email_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /email-templates/{templateName} method: put operationId: put_email-templates_by_templateName x-agentic-access: action-class: acting consequence: write subject: required scope: - update:email_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /emails/provider method: get operationId: get_provider x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:email_provider token: max-ttl: 3600 audit: none - path: /emails/provider method: delete operationId: delete_provider x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:email_provider audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /emails/provider method: patch operationId: patch_provider x-agentic-access: action-class: acting consequence: write subject: required scope: - update:email_provider audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /emails/provider method: post operationId: post_provider x-agentic-access: action-class: acting consequence: write subject: required scope: - create:email_provider audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /event-streams method: get operationId: get_event-streams x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:event_streams token: max-ttl: 3600 audit: none - path: /event-streams method: post operationId: post_event-streams x-agentic-access: action-class: acting consequence: write subject: required scope: - create:event_streams audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /event-streams/{id} method: get operationId: get_event-streams_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:event_streams token: max-ttl: 3600 audit: none - path: /event-streams/{id} method: delete operationId: delete_event-streams_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:event_streams audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /event-streams/{id} method: patch operationId: patch_event-streams_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:event_streams audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /event-streams/{id}/deliveries method: get operationId: get_event_deliveries x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:event_deliveries - read:event_streams token: max-ttl: 3600 audit: none - path: /event-streams/{id}/deliveries/{event_id} method: get operationId: get_deliveries_by_event_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:event_deliveries token: max-ttl: 3600 audit: none - path: /event-streams/{id}/redeliver method: post operationId: post_redeliver x-agentic-access: action-class: acting consequence: write subject: required scope: - update:event_deliveries audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /event-streams/{id}/redeliver/{event_id} method: post operationId: post_redeliver_by_event_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:event_deliveries audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /event-streams/{id}/test method: post operationId: post_test_event x-agentic-access: action-class: acting consequence: physical subject: required scope: - update:event_streams audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /events method: get operationId: subscribe_events x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:events token: max-ttl: 3600 audit: none - path: /flows method: get operationId: get_flows x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:flows token: max-ttl: 3600 audit: none - path: /flows method: post operationId: post_flows x-agentic-access: action-class: acting consequence: write subject: required scope: - create:flows audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /flows/vault/connections method: get operationId: get_flows_vault_connections x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:flows_vault_connections token: max-ttl: 3600 audit: none - path: /flows/vault/connections method: post operationId: post_flows_vault_connections x-agentic-access: action-class: acting consequence: write subject: required scope: - create:flows_vault_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /flows/vault/connections/{id} method: get operationId: get_flows_vault_connections_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:flows_vault_connections token: max-ttl: 3600 audit: none - path: /flows/vault/connections/{id} method: delete operationId: delete_flows_vault_connections_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:flows_vault_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /flows/vault/connections/{id} method: patch operationId: patch_flows_vault_connections_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:flows_vault_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /flows/{flow_id}/executions method: get operationId: get_flows_executions x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:flows_executions token: max-ttl: 3600 audit: none - path: /flows/{flow_id}/executions/{execution_id} method: get operationId: get_flows_executions_by_execution_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:flows_executions token: max-ttl: 3600 audit: none - path: /flows/{flow_id}/executions/{execution_id} method: delete operationId: delete_flows_executions_by_execution_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:flows_executions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /flows/{id} method: get operationId: get_flows_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:flows token: max-ttl: 3600 audit: none - path: /flows/{id} method: delete operationId: delete_flows_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:flows audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /flows/{id} method: patch operationId: patch_flows_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:flows audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /forms method: get operationId: get_forms x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:forms token: max-ttl: 3600 audit: none - path: /forms method: post operationId: create_form x-agentic-access: action-class: acting consequence: write subject: required scope: - create:forms audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /forms/{id} method: get operationId: get_form x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:forms token: max-ttl: 3600 audit: none - path: /forms/{id} method: delete operationId: delete_form x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:forms audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /forms/{id} method: patch operationId: patch_form x-agentic-access: action-class: acting consequence: write subject: required scope: - update:forms audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /grants method: get operationId: get_grants x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:grants token: max-ttl: 3600 audit: none - path: /grants method: delete operationId: delete_grants_by_user_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:grants audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /grants/{id} method: delete operationId: delete_grants_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:grants audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /groups method: get operationId: get_groups x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:groups token: max-ttl: 3600 audit: none - path: /groups/{id} method: get operationId: get_group x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:groups token: max-ttl: 3600 audit: none - path: /groups/{id} method: delete operationId: delete_group x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:groups audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /groups/{id}/members method: get operationId: get_group_members x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:group_members token: max-ttl: 3600 audit: none - path: /guardian/enrollments/ticket method: post operationId: post_ticket x-agentic-access: action-class: acting consequence: write subject: required scope: - create:guardian_enrollment_tickets audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/enrollments/{id} method: get operationId: get_enrollments_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_enrollments token: max-ttl: 3600 audit: none - path: /guardian/enrollments/{id} method: delete operationId: delete_enrollments_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:guardian_enrollments audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors method: get operationId: get_factors x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/duo/settings method: get operationId: get_factor_duo_settings x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/duo/settings method: patch operationId: patch_factor_duo_settings x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/duo/settings method: put operationId: put_factor_duo_settings x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/phone/message-types method: get operationId: get_message-types x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/phone/message-types method: put operationId: put_message-types x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/phone/providers/twilio method: get operationId: get_phone_twilio_factor_provider x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/phone/providers/twilio method: put operationId: put_twilio x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/phone/selected-provider method: get operationId: get_guardian_phone_providers x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/phone/selected-provider method: put operationId: put_phone_providers x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/phone/templates method: get operationId: get_factor_phone_templates x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/phone/templates method: put operationId: put_factor_phone_templates x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/providers/apns method: get operationId: get_apns x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/push-notification/providers/apns method: patch operationId: patch_apns x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/providers/apns method: put operationId: put_apns x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/providers/fcm method: patch operationId: patch_fcm x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/providers/fcm method: put operationId: put_fcm x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/providers/fcmv1 method: patch operationId: patch_fcmv1 x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/providers/fcmv1 method: put operationId: put_fcmv1 x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/providers/sns method: get operationId: get_sns x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/push-notification/providers/sns method: patch operationId: patch_sns x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/providers/sns method: put operationId: put_sns x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/push-notification/selected-provider method: get operationId: get_pn_providers x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/push-notification/selected-provider method: put operationId: put_pn_providers x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/sms/providers/twilio method: get operationId: get_sms_twilio_factor_provider x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/sms/providers/twilio method: put operationId: put_sms_twilio_factor_provider x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/sms/selected-provider method: get operationId: get_sms_providers x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/sms/selected-provider method: put operationId: put_sms_providers x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/sms/templates method: get operationId: get_factor_sms_templates x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:guardian_factors token: max-ttl: 3600 audit: none - path: /guardian/factors/sms/templates method: put operationId: put_factor_sms_templates x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/factors/{name} method: put operationId: put_factors_by_name x-agentic-access: action-class: acting consequence: write subject: required scope: - update:guardian_factors audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /guardian/policies method: get operationId: get_policies x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:mfa_policies token: max-ttl: 3600 audit: none - path: /guardian/policies method: put operationId: put_policies x-agentic-access: action-class: acting consequence: write subject: required scope: - update:mfa_policies audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /hooks method: get operationId: get_hooks x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:hooks token: max-ttl: 3600 audit: none - path: /hooks method: post operationId: post_hooks x-agentic-access: action-class: acting consequence: write subject: required scope: - create:hooks audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /hooks/{id} method: get operationId: get_hooks_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:hooks token: max-ttl: 3600 audit: none - path: /hooks/{id} method: delete operationId: delete_hooks_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:hooks audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /hooks/{id} method: patch operationId: patch_hooks_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:hooks audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /hooks/{id}/secrets method: get operationId: get_secrets x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:hooks token: max-ttl: 3600 audit: none - path: /hooks/{id}/secrets method: delete operationId: delete_secrets x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:hooks audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /hooks/{id}/secrets method: patch operationId: patch_secrets x-agentic-access: action-class: acting consequence: write subject: required scope: - update:hooks audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /hooks/{id}/secrets method: post operationId: post_secrets x-agentic-access: action-class: acting consequence: write subject: required scope: - update:hooks audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /jobs/users-exports method: post operationId: post_users-exports x-agentic-access: action-class: acting consequence: write subject: required scope: - read:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /jobs/users-imports method: post operationId: post_users-imports x-agentic-access: action-class: acting consequence: write subject: required scope: - create:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /jobs/verification-email method: post operationId: post_verification-email x-agentic-access: action-class: acting consequence: physical subject: required scope: - update:users audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /jobs/{id} method: get operationId: get_jobs_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - create:users - read:users token: max-ttl: 3600 audit: none - path: /jobs/{id}/errors method: get operationId: get_errors x-agentic-access: action-class: connected consequence: read subject: optional scope: - create:users - read:users token: max-ttl: 3600 audit: none - path: /keys/custom-signing method: get operationId: get_custom_signing_keys x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:custom_signing_keys token: max-ttl: 3600 audit: none - path: /keys/custom-signing method: delete operationId: delete_custom_signing_keys x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:custom_signing_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /keys/custom-signing method: put operationId: put_custom_signing_keys x-agentic-access: action-class: acting consequence: write subject: required scope: - create:custom_signing_keys - update:custom_signing_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /keys/encryption method: get operationId: get_encryption_keys x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:encryption_keys token: max-ttl: 3600 audit: none - path: /keys/encryption method: post operationId: post_encryption x-agentic-access: action-class: acting consequence: write subject: required scope: - create:encryption_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /keys/encryption/rekey method: post operationId: post_encryption_rekey x-agentic-access: action-class: acting consequence: write subject: required scope: - create:encryption_keys - update:encryption_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /keys/encryption/{kid} method: get operationId: get_encryption_key x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:encryption_keys token: max-ttl: 3600 audit: none - path: /keys/encryption/{kid} method: delete operationId: delete_encryption_key x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:encryption_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /keys/encryption/{kid} method: post operationId: post_encryption_key x-agentic-access: action-class: acting consequence: write subject: required scope: - update:encryption_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /keys/encryption/{kid}/wrapping-key method: post operationId: post_encryption_wrapping_key x-agentic-access: action-class: acting consequence: write subject: required scope: - create:encryption_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /keys/signing method: get operationId: get_signing_keys x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:signing_keys token: max-ttl: 3600 audit: none - path: /keys/signing/rotate method: post operationId: post_signing_keys x-agentic-access: action-class: acting consequence: write subject: required scope: - create:signing_keys - update:signing_keys audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /keys/signing/{kid} method: get operationId: get_signing_key x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:signing_keys token: max-ttl: 3600 audit: none - path: /keys/signing/{kid}/revoke method: put operationId: put_signing_keys x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - update:signing_keys audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /log-streams method: get operationId: get_log-streams x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:log_streams token: max-ttl: 3600 audit: none - path: /log-streams method: post operationId: post_log-streams x-agentic-access: action-class: acting consequence: write subject: required scope: - create:log_streams audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /log-streams/{id} method: get operationId: get_log-streams_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:log_streams token: max-ttl: 3600 audit: none - path: /log-streams/{id} method: delete operationId: delete_log-streams_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:log_streams audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /log-streams/{id} method: patch operationId: patch_log-streams_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:log_streams audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /logs method: get operationId: get_logs x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:logs - read:logs_users token: max-ttl: 3600 audit: none - path: /logs/{id} method: get operationId: get_logs_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:logs - read:logs_users token: max-ttl: 3600 audit: none - path: /network-acls method: get operationId: get_network-acls x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:network_acls token: max-ttl: 3600 audit: none - path: /network-acls method: post operationId: post_network-acls x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - create:network_acls audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /network-acls/{id} method: get operationId: get_network-acls_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:network_acls token: max-ttl: 3600 audit: none - path: /network-acls/{id} method: delete operationId: delete_network-acls_by_id x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - delete:network_acls audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /network-acls/{id} method: patch operationId: patch_network-acls_by_id x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - update:network_acls audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /network-acls/{id} method: put operationId: put_network-acls_by_id x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - update:network_acls audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /organizations method: get operationId: get_organizations x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organizations - read:organizations_summary token: max-ttl: 3600 audit: none - path: /organizations method: post operationId: post_organizations x-agentic-access: action-class: acting consequence: write subject: required scope: - create:organization_connections - create:organizations audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/name/{name} method: get operationId: get_name_by_name x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organizations token: max-ttl: 3600 audit: none - path: /organizations/{id} method: get operationId: get_organizations_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organizations - read:organizations_summary token: max-ttl: 3600 audit: none - path: /organizations/{id} method: delete operationId: delete_organizations_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:organizations audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id} method: patch operationId: patch_organizations_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:organizations audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/client-grants method: get operationId: get_organization-client-grants x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_client_grants token: max-ttl: 3600 audit: none - path: /organizations/{id}/client-grants method: post operationId: create_organization-client-grants x-agentic-access: action-class: acting consequence: write subject: required scope: - create:organization_client_grants audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/client-grants/{grant_id} method: delete operationId: delete_client-grants_by_grant_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:organization_client_grants audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/connections method: get operationId: get_organization_connections x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_connections token: max-ttl: 3600 audit: none - path: /organizations/{id}/connections method: post operationId: post_organization_connection x-agentic-access: action-class: acting consequence: write subject: required scope: - create:organization_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/connections/{connection_id} method: get operationId: get_organization_connection x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_connections token: max-ttl: 3600 audit: none - path: /organizations/{id}/connections/{connection_id} method: delete operationId: delete_organization_connection x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:organization_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/connections/{connection_id} method: patch operationId: patch_organization_connection x-agentic-access: action-class: acting consequence: write subject: required scope: - update:organization_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/discovery-domains method: get operationId: get_discovery-domains x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_discovery_domains token: max-ttl: 3600 audit: none - path: /organizations/{id}/discovery-domains method: post operationId: post_discovery-domains x-agentic-access: action-class: acting consequence: write subject: required scope: - create:organization_discovery_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/discovery-domains/name/{discovery_domain} method: get operationId: get_name_by_discovery_domain x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_discovery_domains token: max-ttl: 3600 audit: none - path: /organizations/{id}/discovery-domains/{discovery_domain_id} method: get operationId: get_discovery-domains_by_discovery_domain_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_discovery_domains token: max-ttl: 3600 audit: none - path: /organizations/{id}/discovery-domains/{discovery_domain_id} method: delete operationId: delete_discovery-domains_by_discovery_domain_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:organization_discovery_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/discovery-domains/{discovery_domain_id} method: patch operationId: patch_discovery-domains_by_discovery_domain_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:organization_discovery_domains audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/enabled_connections method: get operationId: get_enabled_connections x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_connections token: max-ttl: 3600 audit: none - path: /organizations/{id}/enabled_connections method: post operationId: post_enabled_connections x-agentic-access: action-class: acting consequence: write subject: required scope: - create:organization_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/enabled_connections/{connectionId} method: get operationId: get_enabled_connections_by_connectionId x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_connections token: max-ttl: 3600 audit: none - path: /organizations/{id}/enabled_connections/{connectionId} method: delete operationId: delete_enabled_connections_by_connectionId x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:organization_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/enabled_connections/{connectionId} method: patch operationId: patch_enabled_connections_by_connectionId x-agentic-access: action-class: acting consequence: write subject: required scope: - update:organization_connections audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/invitations method: get operationId: get_invitations x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_invitations token: max-ttl: 3600 audit: none - path: /organizations/{id}/invitations method: post operationId: post_invitations x-agentic-access: action-class: acting consequence: write subject: required scope: - create:organization_invitations audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/invitations/{invitation_id} method: get operationId: get_invitations_by_invitation_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_invitations token: max-ttl: 3600 audit: none - path: /organizations/{id}/invitations/{invitation_id} method: delete operationId: delete_invitations_by_invitation_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:organization_invitations audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/members method: get operationId: get_organization_members x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_members token: max-ttl: 3600 audit: none - path: /organizations/{id}/members method: delete operationId: delete_members x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:organization_members audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/members method: post operationId: post_members x-agentic-access: action-class: acting consequence: write subject: required scope: - create:organization_members audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/members/{user_id}/roles method: get operationId: get_organization_member_roles x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organization_member_roles token: max-ttl: 3600 audit: none - path: /organizations/{id}/members/{user_id}/roles method: delete operationId: delete_organization_member_roles x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:organization_member_roles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /organizations/{id}/members/{user_id}/roles method: post operationId: post_organization_member_roles x-agentic-access: action-class: acting consequence: write subject: required scope: - create:organization_member_roles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /prompts method: get operationId: get_prompts x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:prompts token: max-ttl: 3600 audit: none - path: /prompts method: patch operationId: patch_prompts x-agentic-access: action-class: acting consequence: write subject: required scope: - update:prompts audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /prompts/rendering method: get operationId: get_all_rendering x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:prompts token: max-ttl: 3600 audit: none - path: /prompts/rendering method: patch operationId: patch_bulk_rendering x-agentic-access: action-class: acting consequence: write subject: required scope: - update:prompts audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /prompts/{prompt}/custom-text/{language} method: get operationId: get_custom-text_by_language x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:prompts token: max-ttl: 3600 audit: none - path: /prompts/{prompt}/custom-text/{language} method: put operationId: put_custom-text_by_language x-agentic-access: action-class: acting consequence: write subject: required scope: - update:prompts audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /prompts/{prompt}/partials method: get operationId: get_partials x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:prompts token: max-ttl: 3600 audit: none - path: /prompts/{prompt}/partials method: put operationId: put_partials x-agentic-access: action-class: acting consequence: write subject: required scope: - update:prompts audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /prompts/{prompt}/screen/{screen}/rendering method: get operationId: get_rendering x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:prompts token: max-ttl: 3600 audit: none - path: /prompts/{prompt}/screen/{screen}/rendering method: patch operationId: patch_rendering x-agentic-access: action-class: acting consequence: write subject: required scope: - update:prompts audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /refresh-tokens method: get operationId: get_refresh_tokens x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:refresh_tokens token: max-ttl: 3600 audit: none - path: /refresh-tokens/revoke method: post operationId: revoke_refresh_tokens x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - delete:refresh_tokens audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /refresh-tokens/{id} method: get operationId: get_refresh_token x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:refresh_tokens token: max-ttl: 3600 audit: none - path: /refresh-tokens/{id} method: delete operationId: delete_refresh_token x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:refresh_tokens audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /refresh-tokens/{id} method: patch operationId: patch_refresh-tokens_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:refresh_tokens audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resource-servers method: get operationId: get_resource-servers x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:resource_servers token: max-ttl: 3600 audit: none - path: /resource-servers method: post operationId: post_resource-servers x-agentic-access: action-class: acting consequence: write subject: required scope: - create:resource_servers audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resource-servers/{id} method: get operationId: get_resource-servers_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:resource_servers token: max-ttl: 3600 audit: none - path: /resource-servers/{id} method: delete operationId: delete_resource-servers_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:resource_servers audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resource-servers/{id} method: patch operationId: patch_resource-servers_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:resource_servers audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /risk-assessments/settings method: get operationId: get_risk_assessments_settings x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:attack_protection token: max-ttl: 3600 audit: none - path: /risk-assessments/settings method: patch operationId: patch_risk_assessments_settings x-agentic-access: action-class: acting consequence: write subject: required scope: - update:attack_protection audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /risk-assessments/settings/new-device method: get operationId: get_new-device x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:attack_protection token: max-ttl: 3600 audit: none - path: /risk-assessments/settings/new-device method: patch operationId: patch_new-device x-agentic-access: action-class: acting consequence: write subject: required scope: - update:attack_protection audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /roles method: get operationId: get_roles x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:roles token: max-ttl: 3600 audit: none - path: /roles method: post operationId: post_roles x-agentic-access: action-class: acting consequence: write subject: required scope: - create:roles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /roles/{id} method: get operationId: get_roles_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:roles token: max-ttl: 3600 audit: none - path: /roles/{id} method: delete operationId: delete_roles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:roles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /roles/{id} method: patch operationId: patch_roles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:roles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /roles/{id}/permissions method: get operationId: get_role_permission x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:roles token: max-ttl: 3600 audit: none - path: /roles/{id}/permissions method: delete operationId: delete_role_permission_assignment x-agentic-access: action-class: acting consequence: write subject: required scope: - update:roles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /roles/{id}/permissions method: post operationId: post_role_permission_assignment x-agentic-access: action-class: acting consequence: write subject: required scope: - update:roles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /roles/{id}/users method: get operationId: get_role_user x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:role_members - read:roles - read:users token: max-ttl: 3600 audit: none - path: /roles/{id}/users method: post operationId: post_role_users x-agentic-access: action-class: acting consequence: write subject: required scope: - create:role_members - update:roles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rules method: get operationId: get_rules x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:rules token: max-ttl: 3600 audit: none - path: /rules method: post operationId: post_rules x-agentic-access: action-class: acting consequence: write subject: required scope: - create:rules audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rules-configs method: get operationId: get_rules-configs x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:rules_configs token: max-ttl: 3600 audit: none - path: /rules-configs/{key} method: delete operationId: delete_rules-configs_by_key x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:rules_configs audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rules-configs/{key} method: put operationId: put_rules-configs_by_key x-agentic-access: action-class: acting consequence: write subject: required scope: - update:rules_configs audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rules/{id} method: get operationId: get_rules_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:rules token: max-ttl: 3600 audit: none - path: /rules/{id} method: delete operationId: delete_rules_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:rules audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /rules/{id} method: patch operationId: patch_rules_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:rules audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /self-service-profiles method: get operationId: get_self-service-profiles x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:self_service_profiles token: max-ttl: 3600 audit: none - path: /self-service-profiles method: post operationId: post_self-service-profiles x-agentic-access: action-class: acting consequence: write subject: required scope: - create:self_service_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /self-service-profiles/{id} method: get operationId: get_self-service-profiles_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:self_service_profiles token: max-ttl: 3600 audit: none - path: /self-service-profiles/{id} method: delete operationId: delete_self-service-profiles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:self_service_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /self-service-profiles/{id} method: patch operationId: patch_self-service-profiles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:self_service_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /self-service-profiles/{id}/custom-text/{language}/{page} method: get operationId: get_self_service_profile_custom_text x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:self_service_profile_custom_texts token: max-ttl: 3600 audit: none - path: /self-service-profiles/{id}/custom-text/{language}/{page} method: put operationId: put_self_service_profile_custom_text x-agentic-access: action-class: acting consequence: write subject: required scope: - update:self_service_profile_custom_texts audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /self-service-profiles/{id}/sso-ticket method: post operationId: post_sso-ticket x-agentic-access: action-class: acting consequence: write subject: required scope: - create:sso_access_tickets audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /self-service-profiles/{profileId}/sso-ticket/{id}/revoke method: post operationId: post_revoke x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - delete:sso_access_tickets audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /sessions/{id} method: get operationId: get_session x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:sessions token: max-ttl: 3600 audit: none - path: /sessions/{id} method: delete operationId: delete_session x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:sessions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /sessions/{id} method: patch operationId: patch_sessions_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:sessions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /sessions/{id}/revoke method: post operationId: revoke_session x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - delete:refresh_tokens - delete:sessions audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /stats/active-users method: get operationId: get_active-users x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:stats token: max-ttl: 3600 audit: none - path: /stats/daily method: get operationId: get_daily x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:stats token: max-ttl: 3600 audit: none - path: /supplemental-signals method: get operationId: get_supplemental-signals x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:attack_protection token: max-ttl: 3600 audit: none - path: /supplemental-signals method: patch operationId: patch_supplemental-signals x-agentic-access: action-class: acting consequence: write subject: required scope: - update:attack_protection audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /tenants/settings method: get operationId: tenant_settings_route x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:tenant_settings token: max-ttl: 3600 audit: none - path: /tenants/settings method: patch operationId: patch_settings x-agentic-access: action-class: acting consequence: write subject: required scope: - update:tenant_settings audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /tickets/email-verification method: post operationId: post_email-verification x-agentic-access: action-class: acting consequence: write subject: required scope: - create:user_tickets audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /tickets/password-change method: post operationId: post_password-change x-agentic-access: action-class: acting consequence: write subject: required scope: - create:user_tickets audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /token-exchange-profiles method: get operationId: get_token-exchange-profiles x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:token_exchange_profiles token: max-ttl: 3600 audit: none - path: /token-exchange-profiles method: post operationId: post_token-exchange-profiles x-agentic-access: action-class: acting consequence: write subject: required scope: - create:token_exchange_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /token-exchange-profiles/{id} method: get operationId: get_token-exchange-profiles_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:token_exchange_profiles token: max-ttl: 3600 audit: none - path: /token-exchange-profiles/{id} method: delete operationId: delete_token-exchange-profiles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:token_exchange_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /token-exchange-profiles/{id} method: patch operationId: patch_token-exchange-profiles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:token_exchange_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user-attribute-profiles method: get operationId: get_user-attribute-profiles x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:user_attribute_profiles token: max-ttl: 3600 audit: none - path: /user-attribute-profiles method: post operationId: post_user-attribute-profiles x-agentic-access: action-class: acting consequence: write subject: required scope: - create:user_attribute_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user-attribute-profiles/templates method: get operationId: get_user_attribute_profile_templates x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:user_attribute_profiles token: max-ttl: 3600 audit: none - path: /user-attribute-profiles/templates/{id} method: get operationId: get_user_attribute_profile_template x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:user_attribute_profiles token: max-ttl: 3600 audit: none - path: /user-attribute-profiles/{id} method: get operationId: get_user-attribute-profiles_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:user_attribute_profiles token: max-ttl: 3600 audit: none - path: /user-attribute-profiles/{id} method: delete operationId: delete_user-attribute-profiles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:user_attribute_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user-attribute-profiles/{id} method: patch operationId: patch_user-attribute-profiles_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:user_attribute_profiles audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user-blocks method: get operationId: get_user-blocks x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:users token: max-ttl: 3600 audit: none - path: /user-blocks method: delete operationId: delete_user-blocks x-agentic-access: action-class: acting consequence: write subject: required scope: - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user-blocks/{id} method: get operationId: get_user-blocks_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:users token: max-ttl: 3600 audit: none - path: /user-blocks/{id} method: delete operationId: delete_user-blocks_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users method: get operationId: get_users x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:user_idp_tokens - read:users token: max-ttl: 3600 audit: none - path: /users method: post operationId: post_users x-agentic-access: action-class: acting consequence: write subject: required scope: - create:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users-by-email method: get operationId: get_users-by-email x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:users token: max-ttl: 3600 audit: none - path: /users/{id} method: get operationId: get_users_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:current_user - read:user_idp_tokens - read:users token: max-ttl: 3600 audit: none - path: /users/{id} method: delete operationId: delete_users_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:current_user - delete:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id} method: patch operationId: patch_users_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:current_user_metadata - update:users - update:users_app_metadata audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/authentication-methods method: get operationId: get_authentication-methods x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:authentication_methods token: max-ttl: 3600 audit: none - path: /users/{id}/authentication-methods method: delete operationId: delete_authentication-methods x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:authentication_methods audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/authentication-methods method: post operationId: post_authentication-methods x-agentic-access: action-class: acting consequence: write subject: required scope: - create:authentication_methods audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/authentication-methods method: put operationId: put_authentication-methods x-agentic-access: action-class: acting consequence: write subject: required scope: - update:authentication_methods audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/authentication-methods/{authentication_method_id} method: get operationId: get_authentication-methods_by_authentication_method_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:authentication_methods token: max-ttl: 3600 audit: none - path: /users/{id}/authentication-methods/{authentication_method_id} method: delete operationId: delete_authentication-methods_by_authentication_method_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:authentication_methods audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/authentication-methods/{authentication_method_id} method: patch operationId: patch_authentication-methods_by_authentication_method_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:authentication_methods audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/authenticators method: delete operationId: delete_authenticators x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:guardian_enrollments audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/connected-accounts method: get operationId: get_connected-accounts x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:users token: max-ttl: 3600 audit: none - path: /users/{id}/enrollments method: get operationId: get_enrollments x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:current_user - read:users token: max-ttl: 3600 audit: none - path: /users/{id}/federated-connections-tokensets method: get operationId: get_federated-connections-tokensets x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:federated_connections_tokens token: max-ttl: 3600 audit: none - path: /users/{id}/federated-connections-tokensets/{tokenset_id} method: delete operationId: delete_federated-connections-tokensets_by_tokenset_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:federated_connections_tokens audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/groups method: get operationId: get_user_groups x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:groups token: max-ttl: 3600 audit: none - path: /users/{id}/identities method: post operationId: post_identities x-agentic-access: action-class: acting consequence: write subject: required scope: - update:current_user_identities - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/identities/{provider}/{user_id} method: delete operationId: delete_user_identity_by_user_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:current_user_identities - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/logs method: get operationId: get_logs_by_user x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:logs - read:logs_users token: max-ttl: 3600 audit: none - path: /users/{id}/multifactor/actions/invalidate-remember-browser method: post operationId: post_invalidate-remember-browser x-agentic-access: action-class: acting consequence: write subject: required scope: - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/multifactor/{provider} method: delete operationId: delete_multifactor_by_provider x-agentic-access: action-class: acting consequence: write subject: required scope: - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/organizations method: get operationId: get_user_organizations x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:organizations token: max-ttl: 3600 audit: none - path: /users/{id}/permissions method: get operationId: get_permissions x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:users token: max-ttl: 3600 audit: none - path: /users/{id}/permissions method: delete operationId: delete_permissions x-agentic-access: action-class: acting consequence: write subject: required scope: - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/permissions method: post operationId: post_permissions x-agentic-access: action-class: acting consequence: write subject: required scope: - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/recovery-code-regeneration method: post operationId: post_recovery-code-regeneration x-agentic-access: action-class: acting consequence: write subject: required scope: - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/revoke-access method: post operationId: user_revoke_access x-agentic-access: action-class: acting consequence: safety-critical subject: required scope: - delete:refresh_tokens - delete:sessions audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /users/{id}/risk-assessments/clear method: post operationId: post_clear_assessors x-agentic-access: action-class: acting consequence: write subject: required scope: - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/roles method: get operationId: get_user_roles x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:role_members - read:roles - read:users token: max-ttl: 3600 audit: none - path: /users/{id}/roles method: delete operationId: delete_user_roles x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:role_members - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{id}/roles method: post operationId: post_user_roles x-agentic-access: action-class: acting consequence: write subject: required scope: - create:role_members - update:users audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{user_id}/refresh-tokens method: get operationId: get_refresh_tokens_for_user x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:refresh_tokens token: max-ttl: 3600 audit: none - path: /users/{user_id}/refresh-tokens method: delete operationId: delete_refresh_tokens_for_user x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:refresh_tokens audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /users/{user_id}/sessions method: get operationId: get_sessions_for_user x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:sessions token: max-ttl: 3600 audit: none - path: /users/{user_id}/sessions method: delete operationId: delete_sessions_for_user x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:sessions audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /verifiable-credentials/verification/templates method: get operationId: get_vc_templates x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:vdcs_templates token: max-ttl: 3600 audit: none - path: /verifiable-credentials/verification/templates method: post operationId: post_vc_templates x-agentic-access: action-class: acting consequence: write subject: required scope: - create:vdcs_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /verifiable-credentials/verification/templates/{id} method: get operationId: get_vc_templates_by_id x-agentic-access: action-class: connected consequence: read subject: optional scope: - read:vdcs_templates token: max-ttl: 3600 audit: none - path: /verifiable-credentials/verification/templates/{id} method: delete operationId: delete_vc_templates_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - delete:vdcs_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /verifiable-credentials/verification/templates/{id} method: patch operationId: patch_vc_templates_by_id x-agentic-access: action-class: acting consequence: write subject: required scope: - update:vdcs_templates audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required