naftiko: 1.0.0-alpha2
info:
  label: Coveo Authorization Server API — Temporary Access
  description: 'Coveo Authorization Server API — Temporary Access. 12 operations. Lead operation: List Temporary Accesses.
    Self-contained Naftiko capability covering one Coveo business surface.'
  tags:
  - Coveo
  - Authorization Server
  - Temporary Access
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    COVEO_API_KEY: COVEO_API_KEY
capability:
  consumes:
  - type: http
    namespace: authorization-temporary-access
    baseUri: https://platform.cloud.coveo.com
    description: Coveo Authorization Server API — Temporary Access business capability. Self-contained, no shared references.
    authentication:
      type: bearer
      token: '{{env.COVEO_API_KEY}}'
    resources:
    - name: rest-organizations-organizationId-access-temporary
      path: /rest/organizations/{organizationId}/access/temporary
      operations:
      - name: getorganizationtemporaryaccess
        method: GET
        description: List Temporary Accesses
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The [unique identifier of the organization](https://docs.coveo.com/en/n1ce5273/manage-an-organization/find-your-organization-id)
            for which to list temporary acc
          required: true
    - name: rest-organizations-organizationId-access-temporary-active
      path: /rest/organizations/{organizationId}/access/temporary/active
      operations:
      - name: getorganizationactivetemporaryaccess
        method: GET
        description: List Active Temporary Accesses
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The [unique identifier of the organization](https://docs.coveo.com/en/n1ce5273/manage-an-organization/find-your-organization-id)
            for which to list active tempor
          required: true
    - name: rest-organizations-organizationId-access-temporary-expired
      path: /rest/organizations/{organizationId}/access/temporary/expired
      operations:
      - name: getorganizationexpiredtemporaryaccess
        method: GET
        description: List Expired Temporary Accesses
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The [unique identifier of the organization](https://docs.coveo.com/en/n1ce5273/manage-an-organization/find-your-organization-id)
            for which to list expired tempo
          required: true
    - name: rest-organizations-organizationId-access-temporary-users-username
      path: /rest/organizations/{organizationId}/access/temporary/users/{username}
      operations:
      - name: getorganizationtemporaryaccessforuser
        method: GET
        description: List User Temporary Accesses
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
        - name: username
          in: path
          type: string
          description: The username of the user for which to list temporary access.</br>**Example:** `jsmith@email.com-google`
          required: true
    - name: rest-organizations-organizationId-access-temporary-temporaryAccessId
      path: /rest/organizations/{organizationId}/access/temporary/{temporaryAccessId}
      operations:
      - name: getorganizationtemporaryaccess1
        method: GET
        description: Show Temporary Access
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
        - name: temporaryAccessId
          in: path
          type: string
          description: The unique identifier of the temporary access to show.</br>**Example:** `wrm4yyygma4dga6zouiqcaknv4`
          required: true
      - name: revoketemporaryaccess1
        method: DELETE
        description: Revoke Temporary Access
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: organizationId
          in: path
          type: string
          description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
            `mycoveocloudv2organizationg8tp8wu3`
          required: true
        - name: temporaryAccessId
          in: path
          type: string
          description: The unique identifier of the temporary access to revoke.</br>**Example:** `0378a782-ca90-11e9-a32f-2a2ae2dbcce4`
          required: true
    - name: rest-users-username-access-temporary
      path: /rest/users/{username}/access/temporary
      operations:
      - name: getusertemporaryaccess
        method: GET
        description: List Temporary Accesses for Current User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: The username of the user for which to list temporary access.</br>**Example:** `jsmith@email.com-google`
          required: true
    - name: rest-users-username-access-temporary-active
      path: /rest/users/{username}/access/temporary/active
      operations:
      - name: getuseractivetemporaryaccess
        method: GET
        description: List Active Temporary Accesses for Current User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: The username of the user for which to list active temporary accesses.</br>**Example:** `jsmith@email.com-google`
          required: true
    - name: rest-users-username-access-temporary-expired
      path: /rest/users/{username}/access/temporary/expired
      operations:
      - name: getuserexpiredtemporaryaccess
        method: GET
        description: List Expired Temporary Accesses for Current User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: The username of the user for which to list expired temporary accesses.</br>**Example:** `jsmith@email.com-google`
          required: true
    - name: rest-users-username-access-temporary-inactive
      path: /rest/users/{username}/access/temporary/inactive
      operations:
      - name: getuserexpiredorrevokedtemporaryaccess
        method: GET
        description: List Expired and Revoked Temporary Accesses for Current User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: The username of the user for which to list expired and revoked temporary accesses.</br>**Example:**
            `jsmith@email.com-google`
          required: true
    - name: rest-users-username-access-temporary-temporaryAccessId
      path: /rest/users/{username}/access/temporary/{temporaryAccessId}
      operations:
      - name: gettemporaryaccess
        method: GET
        description: Show Temporary Access for Current User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: The username of the user for which to show a temporary access.</br>**Example:** `jsmith@email.com-google`
          required: true
        - name: temporaryAccessId
          in: path
          type: string
          description: The unique identifier of the temporary access to show.</br>**Example:** `wrm4yyygma4dga6zouiqcaknv4`
          required: true
      - name: revoketemporaryaccess
        method: DELETE
        description: Revoke Temporary Access for Current User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: The username of the user for which to revoke a temporary access.</br>**Example:** `jsmith@email.com-google`
          required: true
        - name: temporaryAccessId
          in: path
          type: string
          description: The unique identifier of the temporary access to revoke.</br>**Example:** `0378a782-ca90-11e9-a32f-2a2ae2dbcce4`
          required: true
  exposes:
  - type: rest
    namespace: authorization-temporary-access-rest
    port: 8080
    description: REST adapter for Coveo Authorization Server API — Temporary Access. One Spectral-compliant resource per consumed
      operation, prefixed with /v1.
    resources:
    - path: /v1/organizations/{organizationid}/access/temporary
      name: rest-organizations-organizationid-access-temporary
      description: REST surface for rest-organizations-organizationId-access-temporary.
      operations:
      - method: GET
        name: getorganizationtemporaryaccess
        description: List Temporary Accesses
        call: authorization-temporary-access.getorganizationtemporaryaccess
        with:
          organizationId: rest.organizationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{organizationid}/access/temporary/active
      name: rest-organizations-organizationid-access-temporary-active
      description: REST surface for rest-organizations-organizationId-access-temporary-active.
      operations:
      - method: GET
        name: getorganizationactivetemporaryaccess
        description: List Active Temporary Accesses
        call: authorization-temporary-access.getorganizationactivetemporaryaccess
        with:
          organizationId: rest.organizationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{organizationid}/access/temporary/expired
      name: rest-organizations-organizationid-access-temporary-expired
      description: REST surface for rest-organizations-organizationId-access-temporary-expired.
      operations:
      - method: GET
        name: getorganizationexpiredtemporaryaccess
        description: List Expired Temporary Accesses
        call: authorization-temporary-access.getorganizationexpiredtemporaryaccess
        with:
          organizationId: rest.organizationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{organizationid}/access/temporary/users/{username}
      name: rest-organizations-organizationid-access-temporary-users-username
      description: REST surface for rest-organizations-organizationId-access-temporary-users-username.
      operations:
      - method: GET
        name: getorganizationtemporaryaccessforuser
        description: List User Temporary Accesses
        call: authorization-temporary-access.getorganizationtemporaryaccessforuser
        with:
          organizationId: rest.organizationId
          username: rest.username
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{organizationid}/access/temporary/{temporaryaccessid}
      name: rest-organizations-organizationid-access-temporary-temporaryaccessid
      description: REST surface for rest-organizations-organizationId-access-temporary-temporaryAccessId.
      operations:
      - method: GET
        name: getorganizationtemporaryaccess1
        description: Show Temporary Access
        call: authorization-temporary-access.getorganizationtemporaryaccess1
        with:
          organizationId: rest.organizationId
          temporaryAccessId: rest.temporaryAccessId
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: revoketemporaryaccess1
        description: Revoke Temporary Access
        call: authorization-temporary-access.revoketemporaryaccess1
        with:
          organizationId: rest.organizationId
          temporaryAccessId: rest.temporaryAccessId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/users/{username}/access/temporary
      name: rest-users-username-access-temporary
      description: REST surface for rest-users-username-access-temporary.
      operations:
      - method: GET
        name: getusertemporaryaccess
        description: List Temporary Accesses for Current User
        call: authorization-temporary-access.getusertemporaryaccess
        with:
          username: rest.username
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/users/{username}/access/temporary/active
      name: rest-users-username-access-temporary-active
      description: REST surface for rest-users-username-access-temporary-active.
      operations:
      - method: GET
        name: getuseractivetemporaryaccess
        description: List Active Temporary Accesses for Current User
        call: authorization-temporary-access.getuseractivetemporaryaccess
        with:
          username: rest.username
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/users/{username}/access/temporary/expired
      name: rest-users-username-access-temporary-expired
      description: REST surface for rest-users-username-access-temporary-expired.
      operations:
      - method: GET
        name: getuserexpiredtemporaryaccess
        description: List Expired Temporary Accesses for Current User
        call: authorization-temporary-access.getuserexpiredtemporaryaccess
        with:
          username: rest.username
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/users/{username}/access/temporary/inactive
      name: rest-users-username-access-temporary-inactive
      description: REST surface for rest-users-username-access-temporary-inactive.
      operations:
      - method: GET
        name: getuserexpiredorrevokedtemporaryaccess
        description: List Expired and Revoked Temporary Accesses for Current User
        call: authorization-temporary-access.getuserexpiredorrevokedtemporaryaccess
        with:
          username: rest.username
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/users/{username}/access/temporary/{temporaryaccessid}
      name: rest-users-username-access-temporary-temporaryaccessid
      description: REST surface for rest-users-username-access-temporary-temporaryAccessId.
      operations:
      - method: GET
        name: gettemporaryaccess
        description: Show Temporary Access for Current User
        call: authorization-temporary-access.gettemporaryaccess
        with:
          username: rest.username
          temporaryAccessId: rest.temporaryAccessId
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: revoketemporaryaccess
        description: Revoke Temporary Access for Current User
        call: authorization-temporary-access.revoketemporaryaccess
        with:
          username: rest.username
          temporaryAccessId: rest.temporaryAccessId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: authorization-temporary-access-mcp
    port: 9090
    transport: http
    description: MCP adapter for Coveo Authorization Server API — Temporary Access. One tool per consumed operation, routed
      inline through this capability's consumes block.
    tools:
    - name: list-temporary-accesses
      description: List Temporary Accesses
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getorganizationtemporaryaccess
      with:
        organizationId: tools.organizationId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-active-temporary-accesses
      description: List Active Temporary Accesses
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getorganizationactivetemporaryaccess
      with:
        organizationId: tools.organizationId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-expired-temporary-accesses
      description: List Expired Temporary Accesses
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getorganizationexpiredtemporaryaccess
      with:
        organizationId: tools.organizationId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-user-temporary-accesses
      description: List User Temporary Accesses
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getorganizationtemporaryaccessforuser
      with:
        organizationId: tools.organizationId
        username: tools.username
      outputParameters:
      - type: object
        mapping: $.
    - name: show-temporary-access
      description: Show Temporary Access
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getorganizationtemporaryaccess1
      with:
        organizationId: tools.organizationId
        temporaryAccessId: tools.temporaryAccessId
      outputParameters:
      - type: object
        mapping: $.
    - name: revoke-temporary-access
      description: Revoke Temporary Access
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: authorization-temporary-access.revoketemporaryaccess1
      with:
        organizationId: tools.organizationId
        temporaryAccessId: tools.temporaryAccessId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-temporary-accesses-current-user
      description: List Temporary Accesses for Current User
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getusertemporaryaccess
      with:
        username: tools.username
      outputParameters:
      - type: object
        mapping: $.
    - name: list-active-temporary-accesses-current
      description: List Active Temporary Accesses for Current User
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getuseractivetemporaryaccess
      with:
        username: tools.username
      outputParameters:
      - type: object
        mapping: $.
    - name: list-expired-temporary-accesses-current
      description: List Expired Temporary Accesses for Current User
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getuserexpiredtemporaryaccess
      with:
        username: tools.username
      outputParameters:
      - type: object
        mapping: $.
    - name: list-expired-and-revoked-temporary
      description: List Expired and Revoked Temporary Accesses for Current User
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.getuserexpiredorrevokedtemporaryaccess
      with:
        username: tools.username
      outputParameters:
      - type: object
        mapping: $.
    - name: show-temporary-access-current-user
      description: Show Temporary Access for Current User
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: authorization-temporary-access.gettemporaryaccess
      with:
        username: tools.username
        temporaryAccessId: tools.temporaryAccessId
      outputParameters:
      - type: object
        mapping: $.
    - name: revoke-temporary-access-current-user
      description: Revoke Temporary Access for Current User
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: authorization-temporary-access.revoketemporaryaccess
      with:
        username: tools.username
        temporaryAccessId: tools.temporaryAccessId
      outputParameters:
      - type: object
        mapping: $.