generated: '2026-07-15' method: generated source: openapi/cisco-expressway-configuration-api-openapi.yml, openapi/cisco-expressway-status-api-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 47 by_action_class: connected: 21 acting: 26 by_consequence: read: 21 physical: 23 safety-critical: 3 human_in_the_loop_required: 3 operations: - path: /provisioning/common/sysinfo method: get operationId: getSystemInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/provisioning/common/dns/dnsserver method: get operationId: listDnsServers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/provisioning/common/dns/dnsserver method: post operationId: createDnsServer x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/provisioning/common/dns/dnsserver method: put operationId: updateDnsServer x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/provisioning/common/dns/dnsserver method: delete operationId: deleteDnsServer x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/provisioning/common/time/ntpserver method: get operationId: listNtpServers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/provisioning/common/time/ntpserver method: post operationId: createNtpServer x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/provisioning/common/time/ntpserver method: put operationId: updateNtpServer x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/provisioning/common/time/ntpserver method: delete operationId: deleteNtpServer x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/provisioning/common/sftpconfig method: get operationId: getSftpConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/provisioning/common/sftpconfig method: put operationId: updateSftpConfig x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/provisioning/common/upgrade method: post operationId: triggerUpgrade x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/provisioning/common/adminaccount/changepassword method: post operationId: changeAdminPassword x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/edge/zone/traversalserver method: get operationId: listEdgeTraversalServerZones x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /provisioning/edge/zone/traversalserver method: post operationId: createEdgeTraversalServerZone x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/edge/zone/traversalserver method: put operationId: updateEdgeTraversalServerZone x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/edge/zone/traversalserver method: delete operationId: deleteEdgeTraversalServerZone x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/controller/zone/traversalclient method: get operationId: listControllerTraversalClientZones x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /provisioning/controller/zone/traversalclient method: post operationId: createControllerTraversalClientZone x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /provisioning/controller/zone/traversalclient method: put operationId: updateControllerTraversalClientZone x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /provisioning/controller/zone/traversalclient method: delete operationId: deleteControllerTraversalClientZone x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /provisioning/common/zone/neighbor method: get operationId: listNeighborZones x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /provisioning/common/zone/neighbor method: post operationId: createNeighborZone x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/zone/neighbor method: put operationId: updateNeighborZone x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/zone/neighbor method: delete operationId: deleteNeighborZone x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/zone/dns method: get operationId: listDnsZones x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /provisioning/common/zone/dns method: post operationId: createDnsZone x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/searchrule method: get operationId: listSearchRules x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /provisioning/common/searchrule method: post operationId: createSearchRule x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/searchrule method: put operationId: updateSearchRule x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/searchrule method: delete operationId: deleteSearchRule x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/transform method: get operationId: listTransforms x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /provisioning/common/transform method: post operationId: createTransform x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/transform method: put operationId: updateTransform x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/transform method: delete operationId: deleteTransform x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /provisioning/common/sip/configuration method: get operationId: getSipConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /provisioning/common/sip/configuration method: put operationId: updateSipConfiguration x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /status/common/systeminfo method: get operationId: getSystemStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /status/common/alarms method: get operationId: listAlarms x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /status/common/calls method: get operationId: listActiveCalls x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /status/common/callhistory method: get operationId: getCallHistory x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /status/common/registrations method: get operationId: listRegistrations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/status/common/smartlicensing/licensing method: get operationId: getSmartLicensingStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/status/common/upgradestatus method: get operationId: getUpgradeStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /status/common/zones method: get operationId: listZoneStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /status/common/resourceusage method: get operationId: getResourceUsage x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /status/common/turnrelays method: get operationId: listTurnRelays x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none