naftiko: 1.0.0-alpha2 info: label: Avalara Portal OAuth API — Authentication description: 'Avalara Portal OAuth API — Authentication. 3 operations. Lead operation: Avalara Authorization Endpoint. Self-contained Naftiko capability covering one Avalara business surface.' tags: - Avalara - Authentication created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: AVALARA_API_KEY: AVALARA_API_KEY capability: consumes: - type: http namespace: portal-oauth-authentication baseUri: https://identity.avalara.com description: Avalara Portal OAuth API — Authentication business capability. Self-contained, no shared references. resources: - name: connect-authorize path: /connect/authorize operations: - name: authorize method: GET description: Avalara Authorization Endpoint outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: response_type in: query type: string required: true - name: client_id in: query type: string required: true - name: redirect_uri in: query type: string required: true - name: scope in: query type: string - name: state in: query type: string - name: connect-revocation path: /connect/revocation operations: - name: revoketoken method: POST description: Avalara Revoke a Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: connect-token path: /connect/token operations: - name: gettoken method: POST description: Avalara Obtain an Access Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true exposes: - type: rest namespace: portal-oauth-authentication-rest port: 8080 description: REST adapter for Avalara Portal OAuth API — Authentication. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/connect/authorize name: connect-authorize description: REST surface for connect-authorize. operations: - method: GET name: authorize description: Avalara Authorization Endpoint call: portal-oauth-authentication.authorize with: response_type: rest.response_type client_id: rest.client_id redirect_uri: rest.redirect_uri scope: rest.scope state: rest.state outputParameters: - type: object mapping: $. - path: /v1/connect/revocation name: connect-revocation description: REST surface for connect-revocation. operations: - method: POST name: revoketoken description: Avalara Revoke a Token call: portal-oauth-authentication.revoketoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/connect/token name: connect-token description: REST surface for connect-token. operations: - method: POST name: gettoken description: Avalara Obtain an Access Token call: portal-oauth-authentication.gettoken with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: portal-oauth-authentication-mcp port: 9090 transport: http description: MCP adapter for Avalara Portal OAuth API — Authentication. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: avalara-authorization-endpoint description: Avalara Authorization Endpoint hints: readOnly: true destructive: false idempotent: true call: portal-oauth-authentication.authorize with: response_type: tools.response_type client_id: tools.client_id redirect_uri: tools.redirect_uri scope: tools.scope state: tools.state outputParameters: - type: object mapping: $. - name: avalara-revoke-token description: Avalara Revoke a Token hints: readOnly: false destructive: false idempotent: false call: portal-oauth-authentication.revoketoken with: body: tools.body outputParameters: - type: object mapping: $. - name: avalara-obtain-access-token description: Avalara Obtain an Access Token hints: readOnly: false destructive: false idempotent: false call: portal-oauth-authentication.gettoken with: body: tools.body outputParameters: - type: object mapping: $.