generated: '2026-07-15' method: generated source: openapi/authentik-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 27 by_action_class: connected: 19 acting: 8 by_consequence: read: 19 write: 8 human_in_the_loop_required: 0 operations: - path: /schema/ method: get operationId: schemaRetrieve x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /core/users/ method: get operationId: coreUsersList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /core/users/ method: post operationId: coreUsersCreate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /core/users/{id}/ method: get operationId: coreUsersRetrieve x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /core/users/{id}/ method: put operationId: coreUsersUpdate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /core/users/{id}/ method: delete operationId: coreUsersDestroy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /core/applications/ method: get operationId: coreApplicationsList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /core/applications/ method: post operationId: coreApplicationsCreate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /core/groups/ method: get operationId: coreGroupsList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /core/groups/ method: post operationId: coreGroupsCreate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /core/tokens/ method: get operationId: coreTokensList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /core/tokens/ method: post operationId: coreTokensCreate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /flows/instances/ method: get operationId: flowsInstancesList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /flows/instances/ method: post operationId: flowsInstancesCreate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /flows/bindings/ method: get operationId: flowsBindingsList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /providers/all/ method: get operationId: providersAllList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /providers/oauth2/ method: get operationId: providersOauth2List x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /providers/oauth2/ method: post operationId: providersOauth2Create x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /providers/saml/ method: get operationId: providersSamlList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /sources/all/ method: get operationId: sourcesAllList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stages/all/ method: get operationId: stagesAllList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /policies/all/ method: get operationId: policiesAllList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /policies/bindings/ method: get operationId: policiesBindingsList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /crypto/certificatekeypairs/ method: get operationId: cryptoCertificatekeypairsList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /events/events/ method: get operationId: eventsEventsList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /rbac/roles/ method: get operationId: rbacRolesList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /rbac/permissions/ method: get operationId: rbacPermissionsList x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none