naftiko: 1.0.0-alpha2
info:
  label: Coveo Authorization Server API — Organization Privileges
  description: 'Coveo Authorization Server API — Organization Privileges. 6 operations. Lead operation: List Possible Privileges.
    Self-contained Naftiko capability covering one Coveo business surface.'
  tags:
  - Coveo
  - Authorization Server
  - Organization Privileges
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    COVEO_API_KEY: COVEO_API_KEY
capability:
  consumes:
  - type: http
    namespace: authorization-organization-privileges
    baseUri: https://platform.cloud.coveo.com
    description: Coveo Authorization Server API — Organization Privileges business capability. Self-contained, no shared references.
    authentication:
      type: bearer
      token: '{{env.COVEO_API_KEY}}'
    resources:
    - name: rest-organizations-organizationId-privileges
      path: /rest/organizations/{organizationId}/privileges
      operations:
      - name: getorganizationprivileges
        method: GET
        description: List Possible Privileges
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
    - name: rest-organizations-organizationId-privileges-apikeys
      path: /rest/organizations/{organizationId}/privileges/apikeys
      operations:
      - name: getapikeyprivileges
        method: GET
        description: List Possible API Key Privileges
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: filter
          in: query
          type: string
          description: Filter for privileges
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
    - name: rest-organizations-organizationId-privileges-me
      path: /rest/organizations/{organizationId}/privileges/me
      operations:
      - name: getorganizationmemberprivileges1
        method: GET
        description: List Privileges for Current Member
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
    - name: rest-organizations-organizationId-privileges-platformtokens
      path: /rest/organizations/{organizationId}/privileges/platformtokens
      operations:
      - name: getplatformtokenprivileges
        method: GET
        description: List Possible Platform Token Privileges
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
    - name: rest-organizations-organizationId-privileges-token
      path: /rest/organizations/{organizationId}/privileges/token
      operations:
      - name: getorganizationmemberprivileges
        method: GET
        description: List Privileges for Access Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
        - name: accessToken
          in: query
          type: string
          description: The access token for which to list privileges.
      - name: getorganizationmemberprivilegesusingpost
        method: POST
        description: List Privileges for Access Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
        - name: accessToken
          in: query
          type: string
          description: The access token for which to list privileges.
          required: true
  exposes:
  - type: rest
    namespace: authorization-organization-privileges-rest
    port: 8080
    description: REST adapter for Coveo Authorization Server API — Organization Privileges. One Spectral-compliant resource
      per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/organizations/{organizationid}/privileges
      name: rest-organizations-organizationid-privileges
      description: REST surface for rest-organizations-organizationId-privileges.
      operations:
      - method: GET
        name: getorganizationprivileges
        description: List Possible Privileges
        call: authorization-organization-privileges.getorganizationprivileges
        with:
          organizationId: rest.organizationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{organizationid}/privileges/apikeys
      name: rest-organizations-organizationid-privileges-apikeys
      description: REST surface for rest-organizations-organizationId-privileges-apikeys.
      operations:
      - method: GET
        name: getapikeyprivileges
        description: List Possible API Key Privileges
        call: authorization-organization-privileges.getapikeyprivileges
        with:
          filter: rest.filter
          organizationId: rest.organizationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{organizationid}/privileges/me
      name: rest-organizations-organizationid-privileges-me
      description: REST surface for rest-organizations-organizationId-privileges-me.
      operations:
      - method: GET
        name: getorganizationmemberprivileges1
        description: List Privileges for Current Member
        call: authorization-organization-privileges.getorganizationmemberprivileges1
        with:
          organizationId: rest.organizationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{organizationid}/privileges/platformtokens
      name: rest-organizations-organizationid-privileges-platformtokens
      description: REST surface for rest-organizations-organizationId-privileges-platformtokens.
      operations:
      - method: GET
        name: getplatformtokenprivileges
        description: List Possible Platform Token Privileges
        call: authorization-organization-privileges.getplatformtokenprivileges
        with:
          organizationId: rest.organizationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{organizationid}/privileges/token
      name: rest-organizations-organizationid-privileges-token
      description: REST surface for rest-organizations-organizationId-privileges-token.
      operations:
      - method: GET
        name: getorganizationmemberprivileges
        description: List Privileges for Access Token
        call: authorization-organization-privileges.getorganizationmemberprivileges
        with:
          organizationId: rest.organizationId
          accessToken: rest.accessToken
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: getorganizationmemberprivilegesusingpost
        description: List Privileges for Access Token
        call: authorization-organization-privileges.getorganizationmemberprivilegesusingpost
        with:
          organizationId: rest.organizationId
          accessToken: rest.accessToken
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: authorization-organization-privileges-mcp
    port: 9090
    transport: http
    description: MCP adapter for Coveo Authorization Server API — Organization Privileges. One tool per consumed operation,
      routed inline through this capability's consumes block.
    tools:
    - name: list-possible-privileges
      description: List Possible Privileges
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-organization-privileges.getorganizationprivileges
      with:
        organizationId: tools.organizationId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-possible-api-key-privileges
      description: List Possible API Key Privileges
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-organization-privileges.getapikeyprivileges
      with:
        filter: tools.filter
        organizationId: tools.organizationId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-privileges-current-member
      description: List Privileges for Current Member
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-organization-privileges.getorganizationmemberprivileges1
      with:
        organizationId: tools.organizationId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-possible-platform-token-privileges
      description: List Possible Platform Token Privileges
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-organization-privileges.getplatformtokenprivileges
      with:
        organizationId: tools.organizationId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-privileges-access-token
      description: List Privileges for Access Token
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-organization-privileges.getorganizationmemberprivileges
      with:
        organizationId: tools.organizationId
        accessToken: tools.accessToken
      outputParameters:
      - type: object
        mapping: $.
    - name: list-privileges-access-token-2
      description: List Privileges for Access Token
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: authorization-organization-privileges.getorganizationmemberprivilegesusingpost
      with:
        organizationId: tools.organizationId
        accessToken: tools.accessToken
      outputParameters:
      - type: object
        mapping: $.