generated: '2026-07-15' method: generated source: openapi/citrix-adc-nitro-openapi.yml, openapi/citrix-cloud-openapi.yml, openapi/citrix-daas-openapi.yml, openapi/citrix-endpoint-management-openapi.yml, openapi/citrix-secure-private-access-openapi.yml, openapi/citrix-storefront-web-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 69 by_action_class: acting: 37 connected: 32 by_consequence: write: 36 read: 32 physical: 1 human_in_the_loop_required: 0 operations: - path: /config/login method: post operationId: login x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /config/lbvserver method: get operationId: listLbVservers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config/lbvserver method: post operationId: createLbVserver x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /config/lbvserver/{name} method: get operationId: getLbVserver x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config/lbvserver/{name} method: put operationId: updateLbVserver x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /config/lbvserver/{name} method: delete operationId: deleteLbVserver x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /config/service method: get operationId: listServices x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config/servicegroup method: get operationId: listServiceGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config/csvserver method: get operationId: listCsVservers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config/sslcertkey method: get operationId: listSslCertKeys x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stat/lbvserver method: get operationId: getLbVserverStats x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /stat/ns method: get operationId: getSystemStats x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /config/nsconfig method: get operationId: getNsConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /cctrustoauth2/{customerId}/tokens/clients method: post operationId: getAccessToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /serviceprincipals method: get operationId: listServicePrincipals x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /serviceprincipals method: post operationId: createServicePrincipal x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /serviceprincipals/{principalId} method: get operationId: getServicePrincipal x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /serviceprincipals/{principalId} method: delete operationId: deleteServicePrincipal x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resourcelocations method: get operationId: listResourceLocations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resourcelocations/{locationId} method: get operationId: getResourceLocation x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /notifications method: get operationId: listNotifications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /MachineCatalogs method: get operationId: listMachineCatalogs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /MachineCatalogs method: post operationId: createMachineCatalog x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /MachineCatalogs/{catalogId} method: get operationId: getMachineCatalog x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /MachineCatalogs/{catalogId} method: put operationId: updateMachineCatalog x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /MachineCatalogs/{catalogId} method: delete operationId: deleteMachineCatalog x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /DeliveryGroups method: get operationId: listDeliveryGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /DeliveryGroups method: post operationId: createDeliveryGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /DeliveryGroups/{deliveryGroupId} method: get operationId: getDeliveryGroup x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /DeliveryGroups/{deliveryGroupId} method: put operationId: updateDeliveryGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /DeliveryGroups/{deliveryGroupId} method: delete operationId: deleteDeliveryGroup x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Applications method: get operationId: listApplications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /Applications/{applicationId} method: get operationId: getApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /Sessions method: get operationId: listSessions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /Sessions/{sessionId} method: get operationId: getSession x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /Sessions/{sessionId}/$logoff method: post operationId: logoffSession x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Sessions/{sessionId}/$disconnect method: post operationId: disconnectSession x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Machines method: get operationId: listMachines x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /Machines/{machineId} method: get operationId: getMachine x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /Hypervisors method: get operationId: listHypervisors x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /authentication/login method: post operationId: login x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /authentication/logout method: post operationId: logout x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /device/filter method: post operationId: filterDevices x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /device/{deviceId} method: get operationId: getDevice x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /device/wipe method: post operationId: wipeDevice x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /device/selectivewipe method: post operationId: selectiveWipeDevice x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /application/filter method: post operationId: filterApplications x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /device/policy/deploy method: post operationId: deployPolicy x-agentic-access: action-class: acting consequence: physical subject: required audience: null token: max-ttl: 300 exchange: true purpose-required: true escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /user/filter method: post operationId: filterUsers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /deliverygroup/filter method: post operationId: filterDeliveryGroups x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications method: get operationId: listApplications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /applications method: post operationId: createApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId} method: get operationId: getApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /applications/{applicationId} method: put operationId: updateApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /applications/{applicationId} method: delete operationId: deleteApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /policies method: get operationId: listAccessPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /policies method: post operationId: createAccessPolicy x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /certificate method: post operationId: createCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /application/{applicationId}/domain/{encodedURL} method: get operationId: getApplicationDomainCertificate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /application/{applicationId}/domain/{encodedURL} method: put operationId: associateDomainCertificate x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Authentication/GetAuthMethods method: post operationId: getAuthMethods x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /ExplicitAuth/Login method: post operationId: explicitLogin x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /ExplicitAuth/Logout method: post operationId: explicitLogout x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Resources/List method: post operationId: listResources x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Sessions/List method: post operationId: listSessions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Sessions/Disconnect method: post operationId: disconnectSession x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Sessions/Logoff method: post operationId: logoffSession x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /Resources/GetLaunchStatus/{resourceId} method: get operationId: getLaunchStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /Resources/LaunchIca/{resourceId} method: get operationId: launchResource x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none