naftiko: 1.0.0-alpha2 info: label: ForgeRock Access Management API description: REST API for ForgeRock Access Management (AM) providing authentication, authorization, session management, and policy evaluation. Supports OAuth 2.0 and OpenID Connect flows, authentication trees/journeys, policy-based authorization decisions, and realm management. tags: - Forgerock - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: forgerock baseUri: https://am.example.com/am description: ForgeRock Access Management API HTTP API. authentication: type: apikey in: header name: iPlanetDirectoryPro value: '{{FORGEROCK_TOKEN}}' resources: - name: json-realms-root-realms-realm-authenticate path: /json/realms/root/realms/{realm}/authenticate operations: - name: authenticate method: POST description: ForgeRock Authenticate a user inputParameters: - name: authIndexType in: query type: string description: Type of authentication index - name: authIndexValue in: query type: string description: Name of the authentication tree or module outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-realms-root-realms-realm-sessions path: /json/realms/root/realms/{realm}/sessions operations: - name: querysessions method: GET description: ForgeRock Query sessions inputParameters: - name: _queryFilter in: query type: string description: CREST query filter for sessions outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sessionaction method: POST description: ForgeRock Perform a session action inputParameters: - name: _action in: query type: string required: true description: The session action to perform outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-realms-root-realms-realm-policies path: /json/realms/root/realms/{realm}/policies operations: - name: listpolicies method: GET description: ForgeRock List authorization policies inputParameters: - name: _queryFilter in: query type: string description: CREST query filter expression outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createpolicyorevaluate method: POST description: ForgeRock Create a policy or evaluate policies inputParameters: - name: _action in: query type: string description: Action to perform (evaluate or evaluateTree) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-realms-root-realms-realm-policies-policynam path: /json/realms/root/realms/{realm}/policies/{policyName} operations: - name: getpolicy method: GET description: ForgeRock Get a policy inputParameters: - name: policyName in: path type: string required: true description: The policy name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatepolicy method: PUT description: ForgeRock Update a policy inputParameters: - name: policyName in: path type: string required: true description: The policy name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletepolicy method: DELETE description: ForgeRock Delete a policy inputParameters: - name: policyName in: path type: string required: true description: The policy name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-realms-root-realms-realm-resourcetypes path: /json/realms/root/realms/{realm}/resourcetypes operations: - name: listresourcetypes method: GET description: ForgeRock List resource types inputParameters: - name: _queryFilter in: query type: string description: CREST query filter outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createresourcetype method: POST description: ForgeRock Create a resource type outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-realms-root-realms-realm-resourcetypes-reso path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId} operations: - name: getresourcetype method: GET description: ForgeRock Get a resource type inputParameters: - name: resourceTypeId in: path type: string required: true description: The resource type UUID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateresourcetype method: PUT description: ForgeRock Update a resource type inputParameters: - name: resourceTypeId in: path type: string required: true description: The resource type UUID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteresourcetype method: DELETE description: ForgeRock Delete a resource type inputParameters: - name: resourceTypeId in: path type: string required: true description: The resource type UUID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-global-config-realms path: /json/global-config/realms operations: - name: listrealms method: GET description: ForgeRock List realms inputParameters: - name: _queryFilter in: query type: string description: CREST query filter for realms outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createrealm method: POST description: ForgeRock Create a realm outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-global-config-realms-realmname path: /json/global-config/realms/{realmName} operations: - name: getrealm method: GET description: ForgeRock Get a realm inputParameters: - name: realmName in: path type: string required: true description: The realm name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updaterealm method: PUT description: ForgeRock Update a realm inputParameters: - name: realmName in: path type: string required: true description: The realm name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleterealm method: DELETE description: ForgeRock Delete a realm inputParameters: - name: realmName in: path type: string required: true description: The realm name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-realms-root-realms-realm-scripts path: /json/realms/root/realms/{realm}/scripts operations: - name: listscripts method: GET description: ForgeRock List scripts inputParameters: - name: _queryFilter in: query type: string description: CREST query filter outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-realms-root-realms-realm-scripts-scriptid path: /json/realms/root/realms/{realm}/scripts/{scriptId} operations: - name: getscript method: GET description: ForgeRock Get a script inputParameters: - name: scriptId in: path type: string required: true description: The script UUID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: oauth2-realms-root-realms-realm-authorize path: /oauth2/realms/root/realms/{realm}/authorize operations: - name: oauth2authorize method: GET description: ForgeRock OAuth 2.0 authorization endpoint inputParameters: - name: client_id in: query type: string required: true - name: response_type in: query type: string required: true - name: redirect_uri in: query type: string required: true - name: scope in: query type: string - name: state in: query type: string outputRawFormat: json outputParameters: - name: result type: object value: $. - name: oauth2-realms-root-realms-realm-access-token path: /oauth2/realms/root/realms/{realm}/access_token operations: - name: oauth2token method: POST description: ForgeRock OAuth 2.0 token endpoint outputRawFormat: json outputParameters: - name: result type: object value: $. - name: oauth2-realms-root-realms-realm-tokeninfo path: /oauth2/realms/root/realms/{realm}/tokeninfo operations: - name: oauth2tokeninfo method: GET description: ForgeRock OAuth 2.0 token introspection inputParameters: - name: access_token in: query type: string required: true description: The access token to introspect outputRawFormat: json outputParameters: - name: result type: object value: $. - name: oauth2-realms-root-realms-realm-userinfo path: /oauth2/realms/root/realms/{realm}/userinfo operations: - name: oidcuserinfo method: GET description: ForgeRock OpenID Connect UserInfo endpoint outputRawFormat: json outputParameters: - name: result type: object value: $. - name: well-known-openid-configuration path: /.well-known/openid-configuration operations: - name: oidcdiscovery method: GET description: ForgeRock OpenID Connect discovery outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: forgerock-rest description: REST adapter for ForgeRock Access Management API. resources: - path: /json/realms/root/realms/{realm}/authenticate name: authenticate operations: - method: POST name: authenticate description: ForgeRock Authenticate a user call: forgerock.authenticate outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/sessions name: querysessions operations: - method: GET name: querysessions description: ForgeRock Query sessions call: forgerock.querysessions outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/sessions name: sessionaction operations: - method: POST name: sessionaction description: ForgeRock Perform a session action call: forgerock.sessionaction outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/policies name: listpolicies operations: - method: GET name: listpolicies description: ForgeRock List authorization policies call: forgerock.listpolicies outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/policies name: createpolicyorevaluate operations: - method: POST name: createpolicyorevaluate description: ForgeRock Create a policy or evaluate policies call: forgerock.createpolicyorevaluate outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/policies/{policyName} name: getpolicy operations: - method: GET name: getpolicy description: ForgeRock Get a policy call: forgerock.getpolicy with: policyName: rest.policyName outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/policies/{policyName} name: updatepolicy operations: - method: PUT name: updatepolicy description: ForgeRock Update a policy call: forgerock.updatepolicy with: policyName: rest.policyName outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/policies/{policyName} name: deletepolicy operations: - method: DELETE name: deletepolicy description: ForgeRock Delete a policy call: forgerock.deletepolicy with: policyName: rest.policyName outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/resourcetypes name: listresourcetypes operations: - method: GET name: listresourcetypes description: ForgeRock List resource types call: forgerock.listresourcetypes outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/resourcetypes name: createresourcetype operations: - method: POST name: createresourcetype description: ForgeRock Create a resource type call: forgerock.createresourcetype outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId} name: getresourcetype operations: - method: GET name: getresourcetype description: ForgeRock Get a resource type call: forgerock.getresourcetype with: resourceTypeId: rest.resourceTypeId outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId} name: updateresourcetype operations: - method: PUT name: updateresourcetype description: ForgeRock Update a resource type call: forgerock.updateresourcetype with: resourceTypeId: rest.resourceTypeId outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId} name: deleteresourcetype operations: - method: DELETE name: deleteresourcetype description: ForgeRock Delete a resource type call: forgerock.deleteresourcetype with: resourceTypeId: rest.resourceTypeId outputParameters: - type: object mapping: $. - path: /json/global-config/realms name: listrealms operations: - method: GET name: listrealms description: ForgeRock List realms call: forgerock.listrealms outputParameters: - type: object mapping: $. - path: /json/global-config/realms name: createrealm operations: - method: POST name: createrealm description: ForgeRock Create a realm call: forgerock.createrealm outputParameters: - type: object mapping: $. - path: /json/global-config/realms/{realmName} name: getrealm operations: - method: GET name: getrealm description: ForgeRock Get a realm call: forgerock.getrealm with: realmName: rest.realmName outputParameters: - type: object mapping: $. - path: /json/global-config/realms/{realmName} name: updaterealm operations: - method: PUT name: updaterealm description: ForgeRock Update a realm call: forgerock.updaterealm with: realmName: rest.realmName outputParameters: - type: object mapping: $. - path: /json/global-config/realms/{realmName} name: deleterealm operations: - method: DELETE name: deleterealm description: ForgeRock Delete a realm call: forgerock.deleterealm with: realmName: rest.realmName outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/scripts name: listscripts operations: - method: GET name: listscripts description: ForgeRock List scripts call: forgerock.listscripts outputParameters: - type: object mapping: $. - path: /json/realms/root/realms/{realm}/scripts/{scriptId} name: getscript operations: - method: GET name: getscript description: ForgeRock Get a script call: forgerock.getscript with: scriptId: rest.scriptId outputParameters: - type: object mapping: $. - path: /oauth2/realms/root/realms/{realm}/authorize name: oauth2authorize operations: - method: GET name: oauth2authorize description: ForgeRock OAuth 2.0 authorization endpoint call: forgerock.oauth2authorize outputParameters: - type: object mapping: $. - path: /oauth2/realms/root/realms/{realm}/access_token name: oauth2token operations: - method: POST name: oauth2token description: ForgeRock OAuth 2.0 token endpoint call: forgerock.oauth2token outputParameters: - type: object mapping: $. - path: /oauth2/realms/root/realms/{realm}/tokeninfo name: oauth2tokeninfo operations: - method: GET name: oauth2tokeninfo description: ForgeRock OAuth 2.0 token introspection call: forgerock.oauth2tokeninfo outputParameters: - type: object mapping: $. - path: /oauth2/realms/root/realms/{realm}/userinfo name: oidcuserinfo operations: - method: GET name: oidcuserinfo description: ForgeRock OpenID Connect UserInfo endpoint call: forgerock.oidcuserinfo outputParameters: - type: object mapping: $. - path: /.well-known/openid-configuration name: oidcdiscovery operations: - method: GET name: oidcdiscovery description: ForgeRock OpenID Connect discovery call: forgerock.oidcdiscovery outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: forgerock-mcp transport: http description: MCP adapter for ForgeRock Access Management API for AI agent use. tools: - name: authenticate description: ForgeRock Authenticate a user hints: readOnly: false destructive: false idempotent: false call: forgerock.authenticate with: authIndexType: tools.authIndexType authIndexValue: tools.authIndexValue inputParameters: - name: authIndexType type: string description: Type of authentication index - name: authIndexValue type: string description: Name of the authentication tree or module outputParameters: - type: object mapping: $. - name: querysessions description: ForgeRock Query sessions hints: readOnly: true destructive: false idempotent: true call: forgerock.querysessions with: _queryFilter: tools._queryFilter inputParameters: - name: _queryFilter type: string description: CREST query filter for sessions outputParameters: - type: object mapping: $. - name: sessionaction description: ForgeRock Perform a session action hints: readOnly: false destructive: false idempotent: false call: forgerock.sessionaction with: _action: tools._action inputParameters: - name: _action type: string description: The session action to perform required: true outputParameters: - type: object mapping: $. - name: listpolicies description: ForgeRock List authorization policies hints: readOnly: true destructive: false idempotent: true call: forgerock.listpolicies with: _queryFilter: tools._queryFilter inputParameters: - name: _queryFilter type: string description: CREST query filter expression outputParameters: - type: object mapping: $. - name: createpolicyorevaluate description: ForgeRock Create a policy or evaluate policies hints: readOnly: false destructive: false idempotent: false call: forgerock.createpolicyorevaluate with: _action: tools._action inputParameters: - name: _action type: string description: Action to perform (evaluate or evaluateTree) outputParameters: - type: object mapping: $. - name: getpolicy description: ForgeRock Get a policy hints: readOnly: true destructive: false idempotent: true call: forgerock.getpolicy with: policyName: tools.policyName inputParameters: - name: policyName type: string description: The policy name required: true outputParameters: - type: object mapping: $. - name: updatepolicy description: ForgeRock Update a policy hints: readOnly: false destructive: false idempotent: true call: forgerock.updatepolicy with: policyName: tools.policyName inputParameters: - name: policyName type: string description: The policy name required: true outputParameters: - type: object mapping: $. - name: deletepolicy description: ForgeRock Delete a policy hints: readOnly: false destructive: true idempotent: true call: forgerock.deletepolicy with: policyName: tools.policyName inputParameters: - name: policyName type: string description: The policy name required: true outputParameters: - type: object mapping: $. - name: listresourcetypes description: ForgeRock List resource types hints: readOnly: true destructive: false idempotent: true call: forgerock.listresourcetypes with: _queryFilter: tools._queryFilter inputParameters: - name: _queryFilter type: string description: CREST query filter outputParameters: - type: object mapping: $. - name: createresourcetype description: ForgeRock Create a resource type hints: readOnly: false destructive: false idempotent: false call: forgerock.createresourcetype outputParameters: - type: object mapping: $. - name: getresourcetype description: ForgeRock Get a resource type hints: readOnly: true destructive: false idempotent: true call: forgerock.getresourcetype with: resourceTypeId: tools.resourceTypeId inputParameters: - name: resourceTypeId type: string description: The resource type UUID required: true outputParameters: - type: object mapping: $. - name: updateresourcetype description: ForgeRock Update a resource type hints: readOnly: false destructive: false idempotent: true call: forgerock.updateresourcetype with: resourceTypeId: tools.resourceTypeId inputParameters: - name: resourceTypeId type: string description: The resource type UUID required: true outputParameters: - type: object mapping: $. - name: deleteresourcetype description: ForgeRock Delete a resource type hints: readOnly: false destructive: true idempotent: true call: forgerock.deleteresourcetype with: resourceTypeId: tools.resourceTypeId inputParameters: - name: resourceTypeId type: string description: The resource type UUID required: true outputParameters: - type: object mapping: $. - name: listrealms description: ForgeRock List realms hints: readOnly: true destructive: false idempotent: true call: forgerock.listrealms with: _queryFilter: tools._queryFilter inputParameters: - name: _queryFilter type: string description: CREST query filter for realms outputParameters: - type: object mapping: $. - name: createrealm description: ForgeRock Create a realm hints: readOnly: false destructive: false idempotent: false call: forgerock.createrealm outputParameters: - type: object mapping: $. - name: getrealm description: ForgeRock Get a realm hints: readOnly: true destructive: false idempotent: true call: forgerock.getrealm with: realmName: tools.realmName inputParameters: - name: realmName type: string description: The realm name required: true outputParameters: - type: object mapping: $. - name: updaterealm description: ForgeRock Update a realm hints: readOnly: false destructive: false idempotent: true call: forgerock.updaterealm with: realmName: tools.realmName inputParameters: - name: realmName type: string description: The realm name required: true outputParameters: - type: object mapping: $. - name: deleterealm description: ForgeRock Delete a realm hints: readOnly: false destructive: true idempotent: true call: forgerock.deleterealm with: realmName: tools.realmName inputParameters: - name: realmName type: string description: The realm name required: true outputParameters: - type: object mapping: $. - name: listscripts description: ForgeRock List scripts hints: readOnly: true destructive: false idempotent: true call: forgerock.listscripts with: _queryFilter: tools._queryFilter inputParameters: - name: _queryFilter type: string description: CREST query filter outputParameters: - type: object mapping: $. - name: getscript description: ForgeRock Get a script hints: readOnly: true destructive: false idempotent: true call: forgerock.getscript with: scriptId: tools.scriptId inputParameters: - name: scriptId type: string description: The script UUID required: true outputParameters: - type: object mapping: $. - name: oauth2authorize description: ForgeRock OAuth 2.0 authorization endpoint hints: readOnly: true destructive: false idempotent: true call: forgerock.oauth2authorize with: client_id: tools.client_id response_type: tools.response_type redirect_uri: tools.redirect_uri scope: tools.scope state: tools.state inputParameters: - name: client_id type: string description: client_id required: true - name: response_type type: string description: response_type required: true - name: redirect_uri type: string description: redirect_uri required: true - name: scope type: string description: scope - name: state type: string description: state outputParameters: - type: object mapping: $. - name: oauth2token description: ForgeRock OAuth 2.0 token endpoint hints: readOnly: false destructive: false idempotent: false call: forgerock.oauth2token outputParameters: - type: object mapping: $. - name: oauth2tokeninfo description: ForgeRock OAuth 2.0 token introspection hints: readOnly: true destructive: false idempotent: true call: forgerock.oauth2tokeninfo with: access_token: tools.access_token inputParameters: - name: access_token type: string description: The access token to introspect required: true outputParameters: - type: object mapping: $. - name: oidcuserinfo description: ForgeRock OpenID Connect UserInfo endpoint hints: readOnly: true destructive: false idempotent: true call: forgerock.oidcuserinfo outputParameters: - type: object mapping: $. - name: oidcdiscovery description: ForgeRock OpenID Connect discovery hints: readOnly: true destructive: false idempotent: true call: forgerock.oidcdiscovery outputParameters: - type: object mapping: $. binds: - namespace: env keys: FORGEROCK_TOKEN: FORGEROCK_TOKEN