generated: '2026-07-15' method: generated source: openapi/frontegg-applications-openapi.yml, openapi/frontegg-audits-openapi.yml, openapi/frontegg-combined-openapi.yml, openapi/frontegg-entitlements-agent-openapi.yml, openapi/frontegg-entitlements-openapi.yml, openapi/frontegg-env-auth-openapi.yml, openapi/frontegg-identity-openapi.yml, openapi/frontegg-scim-openapi.yml, openapi/frontegg-sso-openapi.yml, openapi/frontegg-tenants-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 877 by_action_class: connected: 273 acting: 604 by_consequence: read: 273 write: 26 safety-critical: 578 human_in_the_loop_required: 578 operations: - path: /resources/applications/v1 method: get operationId: getApplications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1 method: post operationId: createApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/applications/v1/default method: get operationId: getDefaultApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1/{id} method: get operationId: getApplicationById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1/{id} method: patch operationId: updateApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/applications/v1/{id} method: delete operationId: deleteApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/applications/tenant-assignments/v1 method: get operationId: getApplicationsTenantsAssignments x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/tenant-assignments/v1/{appId} method: get operationId: getApplicationTenantsAssignmentsByAppId x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/tenant-assignments/v1/{appId} method: post operationId: createApplicationTenantAssignment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/applications/tenant-assignments/v1/{appId}/{tenantId} method: put operationId: editApplicationTenantAssignment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/applications/tenant-assignments/v1/{appId}/{tenantId} method: delete operationId: deleteApplicationTenantAssignment x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/applications/tenant-assignments/v2 method: get operationId: getApplicationsTenantsAssignmentsV2 x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1/credentials/{appId} method: get operationId: getApplicationClientCredentials x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1/credentials/regenerate method: post operationId: regenerateApplicationClientCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/applications/v1/credentials/shared/regenerate method: post operationId: regenerateApplicationSharedSecretCredentials x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /application-clients method: post operationId: createApplicationClient x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /application-clients/app/{appId} method: get operationId: getApplicationClientsByAppId x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /application-clients/{id} method: get operationId: getApplicationClientById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /application-clients/{id} method: patch operationId: updateApplicationClient x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /application-clients/{id} method: delete operationId: deleteApplicationClient x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: / method: get operationId: AuditsController_getAudits x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: / method: post operationId: AuditsController_addAudits x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /stats method: get operationId: AuditsController_getAuditsStats x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /export/csv method: post operationId: AuditsController_exportCsv x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /export/csv/v2 method: post operationId: AuditsController_exportCsvToStream x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/audits/v2 method: get operationId: AuditsController_V2_getAudits x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/audits/v2/export/csv method: post operationId: AuditsController_V2_exportCsvToStream x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/metrics/v1 method: get operationId: MetricsController_getMetrics x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/data/e10s/features/is_entitled_to_input_feature method: post operationId: OpenApiPDPController_isEntitledToFeature x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /v1/data/e10s/permissions/is_entitled_to_input_permission method: post operationId: OpenApiPDPController_isEntitledToPermission x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /v1/data/e10s/routes/is_entitled_to_input_route method: post operationId: OpenApiPDPController_isEntitledToRoute x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: / method: get operationId: AuditsController_getAudits x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: / method: post operationId: AuditsController_addAudits x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /stats method: get operationId: AuditsController_getAuditsStats x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /export/csv method: post operationId: AuditsController_exportCsv x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /export/csv/v2 method: post operationId: AuditsController_exportCsvToStream x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/audits/v2 method: get operationId: AuditsController_V2_getAudits x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/audits/v2/export/csv method: post operationId: AuditsController_V2_exportCsvToStream x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/metrics/v1 method: get operationId: MetricsController_getMetrics x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1/tenant/{tenantId} method: get operationId: PlansControllerV1_getTenantPlans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1 method: get operationId: PlansControllerV1_getPlans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1 method: post operationId: PlansControllerV1_createPlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/{id} method: get operationId: PlansControllerV1_getSinglePlan x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1/{id} method: patch operationId: PlansControllerV1_updatePlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/{id} method: delete operationId: PlansControllerV1_deletePlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/{id}/features method: get operationId: PlansControllerV1_getPlanFeatures x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1/{id}/features/link method: patch operationId: PlansControllerV1_linkFeaturesToPlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/{id}/features/unlink method: patch operationId: PlansControllerV1_unlinkFeaturesFromPlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1 method: get operationId: RoutesControllerV1_getMany x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/routes/v1 method: post operationId: RoutesControllerV1_create x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/{id} method: get operationId: RoutesControllerV1_getSingle x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/routes/v1/{id} method: delete operationId: RoutesControllerV1_delete x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/{id} method: patch operationId: RoutesControllerV1_update x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/import-open-api method: post operationId: RoutesControllerV1_importOpenApi x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/{id}/rules method: put operationId: RoutesControllerV1_replaceRules x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/configuration method: get operationId: RoutesConfigurationsControllerV1_getRoutesConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/routes/v1/configuration method: patch operationId: RoutesConfigurationsControllerV1_updateRoutesConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v1 method: get operationId: FeaturesControllerV1_getFeatures x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/features/v1 method: post operationId: FeaturesControllerV1_createFeature x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v1/{featureId} method: patch operationId: FeaturesControllerV1_updateFeature x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v1/{featureId} method: delete operationId: FeaturesControllerV1_deleteFeature x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v2 method: post operationId: FeaturesControllerV2_create x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v2/{featureId} method: patch operationId: FeaturesControllerV2_update x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2 method: get operationId: EntitlementsControllerV2_getEntitlements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/entitlements/v2 method: post operationId: EntitlementsControllerV2_createEntitlement x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/batch method: post operationId: EntitlementsControllerV2_createBatchEntitlements x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/batch method: patch operationId: EntitlementsControllerV2_updateBatchEntitlements x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/batch method: delete operationId: EntitlementsControllerV2_deleteBatchEntitlements x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/{id} method: get operationId: EntitlementsControllerV2_getSingleEntitlement x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/entitlements/v2/{id} method: patch operationId: EntitlementsControllerV2_updateEntitlement x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/{id} method: delete operationId: EntitlementsControllerV2_deleteEntitlement x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/feature-flags/v1 method: get operationId: FeatureFlagsControllerV1_getFeatureFlags x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/feature-flags/v1 method: post operationId: FeatureFlagsControllerV1_createFeatureFlag x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/feature-flags/v1/{id} method: get operationId: FeatureFlagsControllerV1_getSingleFeatureFlag x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/feature-flags/v1/{id} method: patch operationId: FeatureFlagsControllerV1_updateFeatureFlag x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/feature-flags/v1/{id} method: delete operationId: FeatureFlagsControllerV1_deleteFeatureFlag x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1 method: get operationId: EntityTypesV1Controller_getEntityTypes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/entity-types/v1 method: post operationId: EntityTypesV1Controller_createEntityType x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key} method: get operationId: EntityTypesV1Controller_getEntityType x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/entity-types/v1/{key} method: patch operationId: EntityTypesV1Controller_updateEntityType x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key} method: delete operationId: EntityTypesV1Controller_deleteEntityType x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/actions method: post operationId: EntityTypesActionsV1Controller_createEntityTypeActions x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/actions/{actionKey} method: patch operationId: EntityTypesActionsV1Controller_updateEntityTypeAction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/actions/{actionKey} method: delete operationId: EntityTypesActionsV1Controller_deleteEntityTypeAction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/relations method: post operationId: EntityTypesRelationsV1Controller_createEntityTypeRelations x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/relations/{relationKey} method: patch operationId: EntityTypesRelationsV1Controller_updateEntityTypeRelation x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/relations/{relationKey} method: delete operationId: EntityTypesRelationsV1Controller_deleteEntityTypeRelation x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/relations/v1/assignments method: get operationId: RelationsV1Controller_getRelationAssignments x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/relations/v1/assign method: post operationId: RelationsV1Controller_createRelationAssignments x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/relations/v1/unassign method: post operationId: RelationsV1Controller_deleteRelationAssignments x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v2/api-token method: post operationId: AuthenticationApiTokenControllerV2_authApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v2/api-token/token/refresh method: post operationId: AuthenticationApiTokenControllerV2_refreshToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/access-tokens/v1 method: post operationId: TenantAccessTokensV1Controller_createTenantAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/access-tokens/v1 method: get operationId: TenantAccessTokensV1Controller_getTenantAccessTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/access-tokens/v1/{id} method: delete operationId: TenantAccessTokensV1Controller_deleteTenantAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/api-tokens/v1 method: post operationId: TenantApiTokensV1Controller_createTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/api-tokens/v1 method: get operationId: TenantApiTokensV1Controller_getTenantsApiTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/api-tokens/v1/{id} method: delete operationId: TenantApiTokensV1Controller_deleteTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/api-tokens/v1/{id} method: patch operationId: TenantApiTokensV1Controller_updateTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/api-tokens/v2 method: post operationId: TenantApiTokensV2Controller_createTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/user method: get operationId: TenantInvitesController_getTenantInviteForUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/invites/v1/user method: post operationId: TenantInvitesController_createTenantInviteForUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/user method: delete operationId: TenantInvitesController_deleteTenantInviteForUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/user method: patch operationId: TenantInvitesController_updateTenantInviteForUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/verify method: post operationId: TenantInvitesController_verifyTenantInvite x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/configuration method: get operationId: getInvitationConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/invites/v2/user method: post operationId: TenantInvitesV2Controller_createTenantInviteForUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1 method: post operationId: TenantInvitesController_createTenantInvite x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/all method: get operationId: TenantInvitesController_getAllInvites x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/invites/v1/token/{id} method: delete operationId: TenantInvitesController_deleteTenantInvite x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/activation/strategies method: get operationId: ActivationStrategyControllerV1_getActivationStrategy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/activation/strategies method: post operationId: ActivationStrategyControllerV1_createOrUpdateActivationStrategy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/invitation/strategies method: get operationId: InvitationStrategyControllerV1_getInvitationStrategy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/invitation/strategies method: post operationId: InvitationStrategyControllerV1_createOrUpdateInvitationStrategy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v2 method: get operationId: PermissionsControllerV2_getAllRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/roles/v2 method: post operationId: RolesControllerV2_addRole x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v2/distinct-levels method: get operationId: RolesControllerV2_getDistinctLevels x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/roles/v2/distinct-tenants method: get operationId: RolesControllerV2_getDistinctTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/approval-flows/v1 method: post operationId: ApprovalFlowsController_createApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1 method: get operationId: ApprovalFlowsController_getApprovalFlows x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/approval-flows/v1/{id} method: get operationId: ApprovalFlowsController_getApprovalFlowById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/approval-flows/v1/{id} method: patch operationId: ApprovalFlowsController_updateApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1/{id} method: delete operationId: ApprovalFlowsController_deleteApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1/approver-action method: post operationId: ApprovalFlowsController_approverAction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1/execution-data method: get operationId: ApprovalFlowsController_getExecutionData x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/approval-flows/v1/{id}/execute method: post operationId: ApprovalFlowsController_executeApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1/step-up/execute method: post operationId: ApprovalFlowsController_executeStepUpApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1 method: post operationId: VendorConfigController_addOrUpdateConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1 method: get operationId: VendorConfigController_getVendorConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/captcha-policy method: post operationId: CaptchaPolicyController_createCaptchaPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/captcha-policy method: put operationId: CaptchaPolicyController_updateCaptchaPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/captcha-policy method: get operationId: CaptchaPolicyController_getCaptchaPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/jwt-template-targeting method: get operationId: JwtTemplateTargetingControllerV1_getJwtTemplateTargeting x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/jwt-template-targeting method: post operationId: JwtTemplateTargetingControllerV1_createJwtTemplateTargeting x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/jwt-template-targeting method: put operationId: JwtTemplateTargetingControllerV1_updateJwtTemplateTargeting x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/jwt-template-targeting/{id} method: patch operationId: JwtTemplateTargetingControllerV1_patchJwtTemplateTargeting x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/jwt-template-targeting/{id} method: delete operationId: JwtTemplateTargetingControllerV1_deleteJwtTemplateTargeting x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/jwt-templates/v1 method: post operationId: JwtTemplatesController_createJwtTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/jwt-templates/v1 method: get operationId: JwtTemplatesController_getJwtTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/jwt-templates/v1/{id} method: get operationId: JwtTemplatesController_getJwtTemplateById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/jwt-templates/v1/{id} method: put operationId: JwtTemplatesController_updateJwtTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/jwt-templates/v1/{id} method: delete operationId: JwtTemplatesController_deleteJwtTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/basic method: get operationId: VendorConfigController_getVendorConfigBasic x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/custom/v1 method: post operationId: CustomSsoV1Controller_createSsoProvider x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/custom/v1 method: get operationId: SsoV2Controller_getSsoProviders x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/custom/v1/{id} method: patch operationId: CustomSsoV1Controller_updateSsoProvider x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/custom/v1/{id} method: delete operationId: CustomSsoV1Controller_deleteCustomSsoConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/auth0 method: post operationId: UsersControllerV1_migrateUserFromAuth0 x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/local method: post operationId: UsersControllerV1_migrateUserForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/local/bulk method: post operationId: UsersControllerV1_bulkMigrateUserForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/local/bulk/status/{migrationId} method: get operationId: UsersControllerV1_checkBulkMigrationStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/migrations/v2/local/bulk method: post operationId: UsersControllerV2_bulkMigrateUserForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/delegation method: get operationId: DelegationConfigurationControllerV1_getDelegationConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/delegation method: post operationId: DelegationConfigurationControllerV1_createOrUpdateDelegationConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/restrictions/v1/email-domain method: post operationId: DomainRestrictionsController_createDomainRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/restrictions/v1/email-domain method: get operationId: DomainRestrictionsController_getDomainRestrictions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/restrictions/v1/email-domain/config method: get operationId: DomainRestrictionsController_getDomainRestrictionsConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/restrictions/v1/email-domain/config method: post operationId: DomainRestrictionsController_updateDomainRestrictionsConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/restrictions/v1/email-domain/{id} method: delete operationId: DomainRestrictionsController_deleteDomainRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/restrictions/v1/email-domain/replace-bulk method: post operationId: DomainRestrictionsController_createBulkDomainsRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configurations method: post operationId: MailConfigController_createOrUpdateMailConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configurations method: get operationId: MailConfigController_getMailConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/mail/v1/configurations method: delete operationId: MailConfigController_deleteMailConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v2/configurations method: post operationId: MailConfigController_createOrUpdateMailConfigV2 x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configs/templates method: post operationId: MailV1Controller_addOrUpdateTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configs/templates method: get operationId: MailV1Controller_getTemplateConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/mail/v1/configs/templates/{templateId} method: delete operationId: MailV1Controller_deleteTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configs/{type}/default method: get operationId: MailV1Controller_getDefaultTemplateConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/auth/v1/user method: post operationId: AuthenticatioAuthenticationControllerV1_authenticateLocalUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/token/refresh method: post operationId: AuthenticatioAuthenticationControllerV1_refreshToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/logout method: post operationId: AuthenticatioAuthenticationControllerV1_logout x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/signUp method: post operationId: UsersControllerV1_signUpUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/signUp/username method: post operationId: UsersSignUpControllerV1_signUpUserUsername x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/restrictions/ip/config method: post operationId: IPRestrictionsControllerV1_createDomainRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/restrictions/ip/config method: get operationId: IPRestrictionsControllerV1_getIpRestrictionConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/restrictions/ip method: get operationId: IPRestrictionsControllerV1_getAllIpRestrictions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/restrictions/ip method: post operationId: IPRestrictionsControllerV1_createIpRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/restrictions/ip/verify method: post operationId: IPRestrictionsControllerV1_testCurrentIp x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/restrictions/ip/verify/allow method: post operationId: testCurrentIpInAllowList x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/configurations/v1/restrictions/ip/{id} method: delete operationId: IPRestrictionsControllerV1_deleteIpRestrictionById x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/lockout-policy method: post operationId: LockoutPolicyController_createLockoutPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/lockout-policy method: patch operationId: LockoutPolicyController_updateLockoutPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/lockout-policy method: get operationId: LockoutPolicyController_getLockoutPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/users/access-tokens/v1/active method: get operationId: VendorOnlyUserAccessTokensV1Controller_getActiveAccessTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/users/access-tokens/v1/{id} method: get operationId: VendorOnlyUserAccessTokensV1Controller_getUserAccessTokenData x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/tenants/access-tokens/v1/{id} method: get operationId: VendorOnlyTenantAccessTokensV1Controller_getTenantAccessTokenData x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/auth/v1/user/mfa/recover method: post operationId: AuthenticationMFAControllerV1_recoverMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/disable method: post operationId: UsersMfaControllerV1_disableAuthAppMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/authenticator/{deviceId}/disable/verify method: post operationId: UsersMfaControllerV1_disableAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/sms/{deviceId}/disable method: post operationId: UsersMfaControllerV1_preDisableSMSMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/sms/{deviceId}/disable/verify method: post operationId: UsersMfaControllerV1_disableSMSMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/verify method: post operationId: AuthenticationMFAControllerV1_verifyAuthenticatorMfaCode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/emailcode method: post operationId: AuthenticationMFAControllerV1_preVerifyEmailOtcMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/emailcode/verify method: post operationId: AuthenticationMFAControllerV1_verifyEmailOtcMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/authenticator/enroll method: post operationId: AuthenticationMFAControllerV1_preEnrollAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/authenticator/enroll/verify method: post operationId: AuthenticationMFAControllerV1_enrollAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/authenticator/{deviceId}/verify method: post operationId: AuthenticationMFAControllerV1_verifyAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/sms/enroll method: post operationId: AuthenticationMFAControllerV1_preEnrollSmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/sms/enroll/verify method: post operationId: AuthenticationMFAControllerV1_enrollSmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/sms/{deviceId} method: post operationId: AuthenticationMFAControllerV1_preVerifySmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/sms/{deviceId}/verify method: post operationId: AuthenticationMFAControllerV1_verifySmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/webauthn/enroll method: post operationId: AuthenticationMFAControllerV1_preEnrollWebauthnMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/webauthn/enroll/verify method: post operationId: AuthenticationMFAControllerV1_enrollWebauthnMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/webauthn/{deviceId} method: post operationId: AuthenticationMFAControllerV1_preVerifyWebauthnMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/webauthn/{deviceId}/verify method: post operationId: AuthenticationMFAControllerV1_verifyWebauthnMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa-policy/allow-remember-device method: get operationId: SecurityPolicyController_checkIfAllowToRememberDevice x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/mfa/enroll method: post operationId: UsersMfaControllerV1_enrollAuthAppMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/authenticator/enroll method: post operationId: UsersMfaControllerV1_enrollAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/enroll/verify method: post operationId: UsersMfaControllerV1_verifyAuthAppMfaEnrollment x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/authenticator/enroll/verify method: post operationId: UsersMfaControllerV1_verifyAuthenticatorMfaEnrollment x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/sms/enroll method: post operationId: UsersMfaControllerV1_preEnrollSmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/sms/enroll/verify method: post operationId: UsersMfaControllerV1_enrollSmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa method: post operationId: MfaController_upsertMfaConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa method: get operationId: MfaController_getMfaConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/mfa-policy method: post operationId: SecurityPolicyController_createMfaPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa-policy method: patch operationId: SecurityPolicyController_updateSecurityPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa-policy method: put operationId: SecurityPolicyController_upsertSecurityPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa-policy method: get operationId: SecurityPolicyController_getSecurityPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/mfa/strategies method: get operationId: MFAStrategiesControllerV1_getMFAStrategies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/mfa/strategies method: post operationId: MFAStrategiesControllerV1_createOrUpdateMFAStrategy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password method: post operationId: PasswordPolicyController_addOrUpdatePasswordConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password method: get operationId: PasswordPolicyController_getPasswordConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/password-history-policy method: post operationId: PasswordHistoryPolicyController_createPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password-history-policy method: patch operationId: PasswordHistoryPolicyController_updatePolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password-history-policy method: get operationId: PasswordHistoryPolicyController_getPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/passwords/reset method: post operationId: UsersPasswordControllerV1_resetPassword x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/passwords/reset/verify method: post operationId: UsersPasswordControllerV1_verifyResetPassword x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/passwords/change method: post operationId: UsersPasswordControllerV1_changePassword x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/passwords/config method: get operationId: UsersPasswordControllerV1_getUserPasswordConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v2/passwords/reset/email method: post operationId: UsersPasswordControllerV2_resetPasswordViaEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2/passwords/reset/sms method: post operationId: UsersPasswordControllerV2_resetPasswordViaSms x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2/passwords/reset/sms/verify method: post operationId: UsersPasswordControllerV2_verifyResetPasswordViaSmsOtc x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password-rotation method: get operationId: PasswordRotationConfigControllerV1_getPasswordRotationConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/password-rotation method: post operationId: PasswordRotationConfigControllerV1_upsertPasswordRotationConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password-rotation/vendor method: get operationId: PasswordRotationConfigControllerV1_getVendorPasswordRotationConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/auth/v1/passwordless/smscode/prelogin method: post operationId: AuthenticationPasswordlessControllerV1_smsCodePreLogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/smscode/postlogin method: post operationId: AuthenticationPasswordlessControllerV1_smsCodePostLogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/magiclink/prelogin method: post operationId: AuthenticationPasswordlessControllerV1_magicLinkPrelogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/magiclink/postlogin method: post operationId: AuthenticationPasswordlessControllerV1_magicLinkPostLogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/code/prelogin method: post operationId: AuthenticationPasswordlessControllerV1_emailCodePrelogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/code/postlogin method: post operationId: AuthenticationPasswordlessControllerV1_emailCodePostLogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1 method: get operationId: PermissionsControllerV1_getAllPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/permissions/v1 method: post operationId: PermissionsControllerV1_addPermissions x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/{permissionId} method: delete operationId: PermissionsControllerV1_deletePermission x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/{permissionId} method: patch operationId: PermissionsControllerV1_updatePermission x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/{permissionId}/roles method: put operationId: PermissionsControllerV1_setRolesToPermission x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/classification method: put operationId: PermissionsControllerV1_updatePermissionsAssignmentType x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/categories method: get operationId: PermissionsCategoriesController_getAllCategoriesWithPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/permissions/v1/categories method: post operationId: PermissionsCategoriesController_createPermissionCategory x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/categories/{categoryId} method: patch operationId: PermissionsCategoriesController_updateCategory x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/categories/{categoryId} method: delete operationId: PermissionsCategoriesController_deleteCategory x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/access-tokens/v1 method: post operationId: UserAccessTokensV1Controller_createUserAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/access-tokens/v1 method: get operationId: UserAccessTokensV1Controller_getUserAccessTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/access-tokens/v1/{id} method: delete operationId: UserAccessTokensV1Controller_deleteUserAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/api-tokens/v1 method: post operationId: UserApiTokensV1Controller_createTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/api-tokens/v1 method: get operationId: UserApiTokensV1Controller_getApiTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/api-tokens/v1/{id} method: delete operationId: UserApiTokensV1Controller_deleteApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1 method: get operationId: PermissionsControllerV1_getAllRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/roles/v1 method: post operationId: PermissionsControllerV1_addRoles x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1/{roleId} method: delete operationId: PermissionsControllerV1_deleteRole x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1/{roleId} method: patch operationId: PermissionsControllerV1_updateRole x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1/{roleId}/permissions method: put operationId: PermissionsControllerV1_setPermissionsToRole x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1/{roleId}/tenant method: put operationId: PermissionsControllerV1_updateRoleTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1 method: get operationId: UserPhoneNumbersControllerV1_getAllPhoneNumbers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/phone-numbers/v1 method: post operationId: UserPhoneNumbersControllerV1_createUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/preverify method: post operationId: UserPhoneNumbersControllerV1_preVerifyUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/verify method: post operationId: UserPhoneNumbersControllerV1_verifyCreateUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/{id} method: delete operationId: UserPhoneNumbersControllerV1_deleteUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/{id}/delete/verify method: post operationId: UserPhoneNumbersControllerV1_verifyDeleteUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/me method: get operationId: UserPhoneNumbersControllerV1_getUserOwnPhoneNumbers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/phone-numbers/v2 method: get operationId: UserPhoneNumbersControllerV2_getAllPhoneNumbers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms method: post operationId: VendorSmsController_createSmsVendorConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/sms method: delete operationId: VendorSmsController_deleteSmsVendorConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/sms method: get operationId: VendorSmsController_getSmsVendorConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms/templates method: get operationId: VendorSmsController_getAllSmsTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms/templates/{type} method: get operationId: VendorSmsController_getSmsTemplate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms/templates/{type} method: delete operationId: VendorSmsController_deleteSmsTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/sms/templates/{type} method: post operationId: VendorSmsController_createSmsTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/sms/templates/{type}/default method: get operationId: VendorSmsController_getSmsDefaultTemplate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms/templates/default/all method: get operationId: VendorSmsController_getAllSmsDefaultTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/sessions/v1/vendor method: get operationId: SessionConfigurationControllerV1_getVendorSessionConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/sessions/v1 method: get operationId: SessionConfigurationControllerV1_getSessionConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/sessions/v1 method: post operationId: SessionConfigurationControllerV1_createSessionConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/user-emails-policy method: get operationId: UserEmailsPolicyControllerV1_getUserEmailsPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/user-emails-policy method: post operationId: UserEmailsPolicyControllerV1_createOrUpdateUserEmailsPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1 method: get operationId: GroupsControllerV1_getAllGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/groups/v1 method: post operationId: GroupsControllerV1_createGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/bulkGet method: post operationId: GroupsControllerV1_getGroupsByIds x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{id} method: patch operationId: GroupsControllerV1_updateGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{id} method: delete operationId: GroupsControllerV1_deleteGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{id} method: get operationId: GroupsControllerV1_getGroupById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/groups/v1/config method: get operationId: GroupsControllerV1_getGroupsConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/groups/v1/config method: post operationId: GroupsControllerV1_createOrUpdateGroupsConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{groupId}/roles method: post operationId: GroupsControllerV1_addRolesToGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{groupId}/roles method: delete operationId: GroupsControllerV1_removeRolesFromGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{groupId}/users method: post operationId: GroupsControllerV1_addUsersToGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{groupId}/users method: delete operationId: GroupsControllerV1_removeUsersFromGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v2 method: get operationId: GroupsControllerV2_getAllGroupsPaginated x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/users/v1/{userId}/disable method: post operationId: UsersTenantsControllerV1_disableUserTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/users/v1/{userId}/enable method: post operationId: UsersTenantsControllerV1_enableUserTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/temporary/v1/{userId} method: put operationId: TemporaryUsersV1Controller_editTimeLimit x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/temporary/v1/{userId} method: delete operationId: TemporaryUsersV1Controller_setUserPermanent x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/temporary/v1/configuration method: get operationId: TemporaryUsersV1Controller_getConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/temporary/v1/configuration method: put operationId: TemporaryUsersV1Controller_updateConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1 method: get operationId: UserEmailsControllerV1_getAllEmails x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/emails/v1 method: post operationId: UserEmailsControllerV1_createUserEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/verify method: post operationId: UserEmailsControllerV1_verifyUserEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/{emailId} method: delete operationId: UserEmailsControllerV1_deleteUserEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/vendor/{userId} method: post operationId: UserEmailsControllerV1_createUserEmailForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/vendor/{userId}/{emailId} method: delete operationId: UserEmailsControllerV1_deleteUserEmailForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/vendor/{userId}/primary method: post operationId: UserEmailsControllerV1_markEmailAsPrimary x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/me/primary method: post operationId: UserEmailsControllerV1_markEmailAsPrimaryMe x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/me method: get operationId: UserEmailsControllerV1_getUserOwnEmails x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sub-tenants/users/v1/{userId}/access method: put operationId: UsersControllerV1_setUserRolesFromSubTenants x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/activate/reset method: post operationId: UsersActivationControllerV1_resetActivationToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/invitation/reset method: post operationId: UsersTenantManagementControllerV1_resetTenantInvitationToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/invitation/reset/all method: post operationId: UsersTenantManagementControllerV1_resetAllTenantsInvitationToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v3 method: get operationId: UsersControllerV3_getUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v3/roles method: get operationId: UsersControllerV3_getUsersRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v3/groups method: get operationId: UsersControllerV3_getUsersGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v3/me/unlock method: post operationId: UsersControllerV3_unlock x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2 method: post operationId: UsersControllerV2_createUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2/me method: put operationId: UsersControllerV2_updateUserProfile x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2/me method: get operationId: UsersControllerV2_getUserProfile x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1 method: post operationId: UsersControllerV1_createUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1 method: put operationId: UsersControllerV1_updateUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId} method: delete operationId: UsersControllerV1_removeUserFromTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId} method: put operationId: UsersControllerV1_updateUserForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/roles method: post operationId: UsersControllerV1_addRolesToUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/roles method: delete operationId: UsersControllerV1_deleteRolesFromUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/tenant method: put operationId: UsersControllerV1_updateUserTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/query/phrase method: get operationId: UsersControllerV1_searchUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/usernames/v1 method: get operationId: UsernamesControllerV1_getUsersUsernames x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/usernames/v1 method: post operationId: UsernamesControllerV1_createUsername x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/usernames/v1/{username} method: delete operationId: UsernamesControllerV1_deleteUsername x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/usernames/v1/me method: get operationId: UsernamesControllerV1_getMeUsernames x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/email/me method: post operationId: SelfEmailUpdateControllerV1_updateEmailMe x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/email/me/verify method: post operationId: SelfEmailUpdateControllerV1_verifyEmailMe x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/activate method: post operationId: UsersActivationControllerV1_activateUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/activate/code method: post operationId: UsersActivationControllerV1_activateUserWithCode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/activate/strategy method: get operationId: UsersActivationControllerV1_getActivationStrategy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/invitation/accept method: post operationId: UsersTenantManagementControllerV1_acceptInvitation x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/invitation/accept/code method: post operationId: UsersTenantManagementControllerV1_acceptInvitationWithCode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v3/me method: get operationId: UsersControllerV3_getUserProfile x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v2/me/tenants method: get operationId: UsersControllerV2_getUserTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v2/me/hierarchy method: get operationId: UsersControllerV2_getUserTenantsHierarchy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/me/authorization method: get operationId: UsersControllerV1_getMeAuthorization x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/me/tenants method: get operationId: UsersControllerV1_getUserTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/user-sources/v1 method: get operationId: UserSourcesControllerV1_getUserSources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/user-sources/v1/{id} method: get operationId: UserSourcesControllerV1_getUserSource x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/user-sources/v1/{id} method: delete operationId: UserSourcesControllerV1_deleteUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/auth0 method: post operationId: UserSourcesControllerV1_createAuth0ExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/cognito method: post operationId: UserSourcesControllerV1_createCognitoExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/firebase method: post operationId: UserSourcesControllerV1_createFirebaseExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/custom-code method: post operationId: UserSourcesControllerV1_createCustomCodeExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/federation method: post operationId: UserSourcesControllerV1_createFederationUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/auth0/{id} method: put operationId: UserSourcesControllerV1_updateAuth0ExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/cognito/{id} method: put operationId: UserSourcesControllerV1_updateCognitoExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/firebase/{id} method: put operationId: UserSourcesControllerV1_updateFirebaseExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/custom-code/{id} method: put operationId: UserSourcesControllerV1_updateCustomCodeExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/federation/{id} method: put operationId: UserSourcesControllerV1_updateFederationUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/assign method: post operationId: UserSourcesControllerV1_assignUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/unassign method: post operationId: UserSourcesControllerV1_unassignUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/{id}/users method: get operationId: UserSourcesControllerV1_getUserSourceUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/sessions/v1/me method: get operationId: UserSessionsControllerV1_getActiveSessions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/sessions/v1/me/all method: delete operationId: UserSessionsControllerV1_deleteAllUserActiveSessions x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/sessions/v1/me/{id} method: delete operationId: UserSessionsControllerV1_deleteUserSession x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/vendor-only/users/v1/{userId} method: get operationId: VendorOnlyUsers_getUserById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/users/v1/{userId}/mfa/unenroll method: post operationId: VendorOnlyUsers_MFAUnenroll x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/vendor-only/users/v1/passwords/verify method: post operationId: VendorOnlyUsers_verifyUserPassword x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/vendor-only/users/v1 method: post operationId: VendorOnlyUsers_createUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/tenants/users/v1/statuses method: get operationId: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/phone-numbers/v1/vendor/{userId} method: post operationId: UserPhoneNumbersControllerV1_createUserPhoneNumberVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/vendor/{userId}/{phoneId} method: delete operationId: UserPhoneNumbersControllerV1_deleteUserPhoneNumberVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/bulk/v1/invite method: post operationId: UsersBulkControllerV1_bulkInviteUsers x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/bulk/v1/status/{id} method: get operationId: UsersBulkControllerV1_getBulkInviteStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/users/v1/{userId}/roles/bulk method: patch operationId: VendorOnlyUsers_bulkUpdateRolesAcrossAllTenants x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/vendor-only/users/v1/bulk-roles/status/{taskId} method: get operationId: VendorOnlyUsers_getBulkRolesTaskStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/email method: get operationId: UsersControllerV1_getUserByEmail x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/{id} method: get operationId: UsersControllerV1_getUserById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/{userId}/verify method: post operationId: UsersControllerV1_verifyUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/invisible method: put operationId: UsersControllerV1_setUserInvisibleMode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/superuser method: put operationId: UsersControllerV1_setUserSuperuserMode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/tenant method: put operationId: UsersControllerV1_updateUserTenantForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/tenant method: post operationId: UsersControllerV1_addUserToTenantForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/email method: put operationId: UsersControllerV1_updateUserEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/links/generate-activation-token method: post operationId: UsersControllerV1_generateUserActivationLink x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/links/generate-password-reset-token method: post operationId: UsersControllerV1_generateUserPasswordResetLink x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/unlock method: post operationId: UsersControllerV1_unlockUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/lock method: post operationId: UsersControllerV1_lockUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/tenants/migrate method: put operationId: UsersControllerV1_moveAllUsersTenants x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/applications/v1/{appId}/users method: get operationId: ApplicationsControllerV1_getUsersForApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1/{userId}/apps method: get operationId: ApplicationsControllerV1_getApplicationsForUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1 method: post operationId: ApplicationsControllerV1_assignUsersToApplication x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/applications/v1 method: delete operationId: ApplicationsControllerV1_unassignUsersFromApplication x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/applications/user-tenants/active/v1 method: get operationId: ApplicationsActiveUserTenantsControllerV1_getUserApplicationActiveTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/user-tenants/active/v1 method: put operationId: ApplicationsActiveUserTenantsControllerV1_switchUserApplicationActiveTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/v1/configurations/scim2 method: get operationId: Scim2ConnectionConfigController_fetchAll x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/v1/configurations/scim2 method: post operationId: Scim2ConnectionConfigController_create x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/v1/configurations/scim2/{id} method: get operationId: Scim2ConnectionConfigController_fetchById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/v1/configurations/scim2/{id} method: patch operationId: Scim2ConnectionConfigController_partialUpdate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/v1/configurations/scim2/{id} method: delete operationId: Scim2ConnectionConfigController_deleteById x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/saml/configurations/vendor-config method: get operationId: SamlControllerV1_getVendorSamlConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/saml/configurations/sp-certificate method: get operationId: SamlControllerV1_getSpCertificate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/saml/configurations/sp-metadata method: get operationId: SamlControllerV1_getSpMetadata x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations method: post operationId: SsoConfigurationControllerV1_createSsoConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations method: get operationId: SsoConfigurationControllerV1_getSsoConfigurations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/{configurationId} method: delete operationId: SsoConfigurationControllerV1_deleteSsoConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId} method: patch operationId: SsoConfigurationControllerV1_updateSsoConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/metadata method: post operationId: SsoConfigurationControllerV1_createSsoConfigurationByMetadata x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/metadata method: put operationId: SsoConfigurationControllerV1_updateSsoConfigurationByMetadata x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/domains method: post operationId: SsoDomainControllerV1_createSsoDomain x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/domains/{domainId} method: delete operationId: SsoDomainControllerV1_deleteSsoDomain x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/domains/{domainId}/validate/email method: put operationId: SsoDomainControllerV1_validateSsoDomainByEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v2/configurations/{configurationId}/domains/{domainId}/validate method: put operationId: SsoDomainControllerV2_validateSsoDomain x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/roles method: put operationId: SsoRolesControllerV1_setSsoDefaultRoles x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/roles method: get operationId: SsoRolesControllerV1_getSsoDefaultRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/{configurationId}/groups method: post operationId: SsoGroupsControllerV1_createSsoGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/groups method: get operationId: SsoGroupsControllerV1_getSsoGroup x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/{configurationId}/groups/{groupId} method: patch operationId: SsoGroupsControllerV1_updateSsoGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/groups/{groupId} method: delete operationId: SsoGroupsControllerV1_deleteSsoGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/excluded-emails method: post operationId: ExcludeEmailsFromSSOV1_excludeSSOEmail x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/sso/v1/configurations/excluded-emails method: get operationId: ExcludeEmailsFromSSOV1_getSSOExcludedEmails x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/excluded-emails/{email} method: delete operationId: ExcludeEmailsFromSSOV1_deleteSSOExcludedEmail x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/sso/v1/configurations/domains/{domain}/force-validate method: put operationId: VendorOnlySsoConfigurationControllerV1_forceSsoDomainValidation x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/multiple-sso-per-domain method: get operationId: SsoPerTenantControllerV1_getSSOPerTenantConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/multiple-sso-per-domain method: put operationId: SsoPerTenantControllerV1_createOrUpdateSSOPerTenantConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/domains method: put operationId: SSODomainsConfigurationControllerV1_createOrUpdateSSODomainsConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/domains method: get operationId: SSODomainsConfigurationControllerV1_getSSODomainsConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/oidc/configurations method: get operationId: OidcControllerV1_getOidcConifguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/oidc/configurations method: post operationId: OidcControllerV1_configureOidc x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1/{tenantId} method: get operationId: TenantControllerV1_getTenant x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/v1/{tenantId} method: put operationId: TenantControllerV1_updateTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1/{tenantId} method: delete operationId: TenantControllerV1_deleteTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1 method: post operationId: TenantControllerV1_createTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1 method: delete operationId: TenantControllerV1_deleteCurrentTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1/{tenantId}/metadata method: post operationId: TenantControllerV1_addTenantMetadata x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1/{tenantId}/metadata/{key} method: delete operationId: TenantControllerV1_deleteTenantMetadata x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v2 method: get operationId: TenantControllerV2_getTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/v2/alias/{alias} method: get operationId: TenantControllerV2_getTenantByAlias x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/v2/{tenantId} method: get operationId: TenantControllerV2_getTenant x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/v2/{tenantId} method: put operationId: TenantControllerV2_updateTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sub-tenants/v1 method: post operationId: SubTenantControllerV1_createSubTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sub-tenants/v1/{tenantId}/management method: put operationId: SubTenantControllerV1_updateSubTenantManagement x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sub-tenants/v1/{tenantId}/hierarchy-settings method: put operationId: SubTenantControllerV1_updateSubTenantHierarchySettings x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sub-tenants/v1/{tenantId} method: delete operationId: SubTenantControllerV1_deleteSubTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/account-settings/v1 method: get operationId: AccountSettingsControllerV1_getSettings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/account-settings/v1 method: put operationId: AccountSettingsControllerV1_updateSettings x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/account-settings/v1/public method: get operationId: AccountSettingsControllerV1_getPublicSettings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/migrations/v1/tenants method: post operationId: MigrationControllerV1_migrateTenants x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/tenants/status/{migrationId} method: get operationId: MigrationControllerV1_getMigrateTenantsStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/hierarchy/v1 method: get operationId: TenantHierarchyControllerV1_getSubTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/hierarchy/v1 method: post operationId: TenantHierarchyControllerV1_createSubTenants x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/hierarchy/v1 method: delete operationId: TenantHierarchyControllerV1_deleteSubTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/hierarchy/v1/parents method: get operationId: TenantHierarchyControllerV1_getParentTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/hierarchy/v1/tree method: get operationId: TenantHierarchyControllerV1_getSubTenantsTree x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/data/e10s/features/is_entitled_to_input_feature method: post operationId: OpenApiPDPController_isEntitledToFeature x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /v1/data/e10s/permissions/is_entitled_to_input_permission method: post operationId: OpenApiPDPController_isEntitledToPermission x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /v1/data/e10s/routes/is_entitled_to_input_route method: post operationId: OpenApiPDPController_isEntitledToRoute x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/tenant/{tenantId} method: get operationId: PlansControllerV1_getTenantPlans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1 method: get operationId: PlansControllerV1_getPlans x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1 method: post operationId: PlansControllerV1_createPlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/{id} method: get operationId: PlansControllerV1_getSinglePlan x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1/{id} method: patch operationId: PlansControllerV1_updatePlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/{id} method: delete operationId: PlansControllerV1_deletePlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/{id}/features method: get operationId: PlansControllerV1_getPlanFeatures x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/plans/v1/{id}/features/link method: patch operationId: PlansControllerV1_linkFeaturesToPlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/plans/v1/{id}/features/unlink method: patch operationId: PlansControllerV1_unlinkFeaturesFromPlan x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1 method: get operationId: RoutesControllerV1_getMany x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/routes/v1 method: post operationId: RoutesControllerV1_create x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/{id} method: get operationId: RoutesControllerV1_getSingle x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/routes/v1/{id} method: delete operationId: RoutesControllerV1_delete x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/{id} method: patch operationId: RoutesControllerV1_update x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/import-open-api method: post operationId: RoutesControllerV1_importOpenApi x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/{id}/rules method: put operationId: RoutesControllerV1_replaceRules x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/routes/v1/configuration method: get operationId: RoutesConfigurationsControllerV1_getRoutesConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/routes/v1/configuration method: patch operationId: RoutesConfigurationsControllerV1_updateRoutesConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v1 method: get operationId: FeaturesControllerV1_getFeatures x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/features/v1 method: post operationId: FeaturesControllerV1_createFeature x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v1/{featureId} method: patch operationId: FeaturesControllerV1_updateFeature x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v1/{featureId} method: delete operationId: FeaturesControllerV1_deleteFeature x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v2 method: post operationId: FeaturesControllerV2_create x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/features/v2/{featureId} method: patch operationId: FeaturesControllerV2_update x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2 method: get operationId: EntitlementsControllerV2_getEntitlements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/entitlements/v2 method: post operationId: EntitlementsControllerV2_createEntitlement x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/batch method: post operationId: EntitlementsControllerV2_createBatchEntitlements x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/batch method: patch operationId: EntitlementsControllerV2_updateBatchEntitlements x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/batch method: delete operationId: EntitlementsControllerV2_deleteBatchEntitlements x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/{id} method: get operationId: EntitlementsControllerV2_getSingleEntitlement x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/entitlements/v2/{id} method: patch operationId: EntitlementsControllerV2_updateEntitlement x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entitlements/v2/{id} method: delete operationId: EntitlementsControllerV2_deleteEntitlement x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/feature-flags/v1 method: get operationId: FeatureFlagsControllerV1_getFeatureFlags x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/feature-flags/v1 method: post operationId: FeatureFlagsControllerV1_createFeatureFlag x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/feature-flags/v1/{id} method: get operationId: FeatureFlagsControllerV1_getSingleFeatureFlag x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/feature-flags/v1/{id} method: patch operationId: FeatureFlagsControllerV1_updateFeatureFlag x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/feature-flags/v1/{id} method: delete operationId: FeatureFlagsControllerV1_deleteFeatureFlag x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1 method: get operationId: EntityTypesV1Controller_getEntityTypes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/entity-types/v1 method: post operationId: EntityTypesV1Controller_createEntityType x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key} method: get operationId: EntityTypesV1Controller_getEntityType x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/entity-types/v1/{key} method: patch operationId: EntityTypesV1Controller_updateEntityType x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key} method: delete operationId: EntityTypesV1Controller_deleteEntityType x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/actions method: post operationId: EntityTypesActionsV1Controller_createEntityTypeActions x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/actions/{actionKey} method: patch operationId: EntityTypesActionsV1Controller_updateEntityTypeAction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/actions/{actionKey} method: delete operationId: EntityTypesActionsV1Controller_deleteEntityTypeAction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/relations method: post operationId: EntityTypesRelationsV1Controller_createEntityTypeRelations x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/relations/{relationKey} method: patch operationId: EntityTypesRelationsV1Controller_updateEntityTypeRelation x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/entity-types/v1/{key}/relations/{relationKey} method: delete operationId: EntityTypesRelationsV1Controller_deleteEntityTypeRelation x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/relations/v1/assignments method: get operationId: RelationsV1Controller_getRelationAssignments x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/relations/v1/assign method: post operationId: RelationsV1Controller_createRelationAssignments x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/relations/v1/unassign method: post operationId: RelationsV1Controller_deleteRelationAssignments x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: / method: post operationId: authenticate_vendor x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/auth/v2/api-token method: post operationId: AuthenticationApiTokenControllerV2_authApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v2/api-token/token/refresh method: post operationId: AuthenticationApiTokenControllerV2_refreshToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/access-tokens/v1 method: post operationId: TenantAccessTokensV1Controller_createTenantAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/access-tokens/v1 method: get operationId: TenantAccessTokensV1Controller_getTenantAccessTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/access-tokens/v1/{id} method: delete operationId: TenantAccessTokensV1Controller_deleteTenantAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/api-tokens/v1 method: post operationId: TenantApiTokensV1Controller_createTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/api-tokens/v1 method: get operationId: TenantApiTokensV1Controller_getTenantsApiTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/api-tokens/v1/{id} method: delete operationId: TenantApiTokensV1Controller_deleteTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/api-tokens/v1/{id} method: patch operationId: TenantApiTokensV1Controller_updateTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/api-tokens/v2 method: post operationId: TenantApiTokensV2Controller_createTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/user method: get operationId: TenantInvitesController_getTenantInviteForUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/invites/v1/user method: post operationId: TenantInvitesController_createTenantInviteForUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/user method: delete operationId: TenantInvitesController_deleteTenantInviteForUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/user method: patch operationId: TenantInvitesController_updateTenantInviteForUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/verify method: post operationId: TenantInvitesController_verifyTenantInvite x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/configuration method: get operationId: getInvitationConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/invites/v2/user method: post operationId: TenantInvitesV2Controller_createTenantInviteForUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1 method: post operationId: TenantInvitesController_createTenantInvite x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/invites/v1/all method: get operationId: TenantInvitesController_getAllInvites x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/invites/v1/token/{id} method: delete operationId: TenantInvitesController_deleteTenantInvite x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/activation/strategies method: get operationId: ActivationStrategyControllerV1_getActivationStrategy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/activation/strategies method: post operationId: ActivationStrategyControllerV1_createOrUpdateActivationStrategy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/invitation/strategies method: get operationId: InvitationStrategyControllerV1_getInvitationStrategy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/invitation/strategies method: post operationId: InvitationStrategyControllerV1_createOrUpdateInvitationStrategy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v2 method: get operationId: PermissionsControllerV2_getAllRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/roles/v2 method: post operationId: RolesControllerV2_addRole x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v2/distinct-levels method: get operationId: RolesControllerV2_getDistinctLevels x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/roles/v2/distinct-tenants method: get operationId: RolesControllerV2_getDistinctTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/approval-flows/v1 method: post operationId: ApprovalFlowsController_createApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1 method: get operationId: ApprovalFlowsController_getApprovalFlows x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/approval-flows/v1/{id} method: get operationId: ApprovalFlowsController_getApprovalFlowById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/approval-flows/v1/{id} method: patch operationId: ApprovalFlowsController_updateApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1/{id} method: delete operationId: ApprovalFlowsController_deleteApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1/approver-action method: post operationId: ApprovalFlowsController_approverAction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1/execution-data method: get operationId: ApprovalFlowsController_getExecutionData x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/approval-flows/v1/{id}/execute method: post operationId: ApprovalFlowsController_executeApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/approval-flows/v1/step-up/execute method: post operationId: ApprovalFlowsController_executeStepUpApprovalFlow x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1 method: post operationId: VendorConfigController_addOrUpdateConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1 method: get operationId: VendorConfigController_getVendorConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/captcha-policy method: post operationId: CaptchaPolicyController_createCaptchaPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/captcha-policy method: put operationId: CaptchaPolicyController_updateCaptchaPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/captcha-policy method: get operationId: CaptchaPolicyController_getCaptchaPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/jwt-template-targeting method: get operationId: JwtTemplateTargetingControllerV1_getJwtTemplateTargeting x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/jwt-template-targeting method: post operationId: JwtTemplateTargetingControllerV1_createJwtTemplateTargeting x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/jwt-template-targeting method: put operationId: JwtTemplateTargetingControllerV1_updateJwtTemplateTargeting x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/jwt-template-targeting/{id} method: patch operationId: JwtTemplateTargetingControllerV1_patchJwtTemplateTargeting x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/jwt-template-targeting/{id} method: delete operationId: JwtTemplateTargetingControllerV1_deleteJwtTemplateTargeting x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/jwt-templates/v1 method: post operationId: JwtTemplatesController_createJwtTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/jwt-templates/v1 method: get operationId: JwtTemplatesController_getJwtTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/jwt-templates/v1/{id} method: get operationId: JwtTemplatesController_getJwtTemplateById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/jwt-templates/v1/{id} method: put operationId: JwtTemplatesController_updateJwtTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/jwt-templates/v1/{id} method: delete operationId: JwtTemplatesController_deleteJwtTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/basic method: get operationId: VendorConfigController_getVendorConfigBasic x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/custom/v1 method: post operationId: CustomSsoV1Controller_createSsoProvider x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/custom/v1 method: get operationId: SsoV2Controller_getSsoProviders x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/custom/v1/{id} method: patch operationId: CustomSsoV1Controller_updateSsoProvider x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/custom/v1/{id} method: delete operationId: CustomSsoV1Controller_deleteCustomSsoConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/auth0 method: post operationId: UsersControllerV1_migrateUserFromAuth0 x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/local method: post operationId: UsersControllerV1_migrateUserForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/local/bulk method: post operationId: UsersControllerV1_bulkMigrateUserForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/local/bulk/status/{migrationId} method: get operationId: UsersControllerV1_checkBulkMigrationStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/migrations/v2/local/bulk method: post operationId: UsersControllerV2_bulkMigrateUserForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/delegation method: get operationId: DelegationConfigurationControllerV1_getDelegationConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/delegation method: post operationId: DelegationConfigurationControllerV1_createOrUpdateDelegationConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/restrictions/v1/email-domain method: post operationId: DomainRestrictionsController_createDomainRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/restrictions/v1/email-domain method: get operationId: DomainRestrictionsController_getDomainRestrictions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/restrictions/v1/email-domain/config method: get operationId: DomainRestrictionsController_getDomainRestrictionsConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/restrictions/v1/email-domain/config method: post operationId: DomainRestrictionsController_updateDomainRestrictionsConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/restrictions/v1/email-domain/{id} method: delete operationId: DomainRestrictionsController_deleteDomainRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/restrictions/v1/email-domain/replace-bulk method: post operationId: DomainRestrictionsController_createBulkDomainsRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configurations method: post operationId: MailConfigController_createOrUpdateMailConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configurations method: get operationId: MailConfigController_getMailConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/mail/v1/configurations method: delete operationId: MailConfigController_deleteMailConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v2/configurations method: post operationId: MailConfigController_createOrUpdateMailConfigV2 x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configs/templates method: post operationId: MailV1Controller_addOrUpdateTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configs/templates method: get operationId: MailV1Controller_getTemplateConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/mail/v1/configs/templates/{templateId} method: delete operationId: MailV1Controller_deleteTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/mail/v1/configs/{type}/default method: get operationId: MailV1Controller_getDefaultTemplateConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/auth/v1/user method: post operationId: AuthenticatioAuthenticationControllerV1_authenticateLocalUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/token/refresh method: post operationId: AuthenticatioAuthenticationControllerV1_refreshToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/logout method: post operationId: AuthenticatioAuthenticationControllerV1_logout x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/signUp method: post operationId: UsersControllerV1_signUpUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/signUp/username method: post operationId: UsersSignUpControllerV1_signUpUserUsername x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/restrictions/ip/config method: post operationId: IPRestrictionsControllerV1_createDomainRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/restrictions/ip/config method: get operationId: IPRestrictionsControllerV1_getIpRestrictionConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/restrictions/ip method: get operationId: IPRestrictionsControllerV1_getAllIpRestrictions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/restrictions/ip method: post operationId: IPRestrictionsControllerV1_createIpRestriction x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/restrictions/ip/verify method: post operationId: IPRestrictionsControllerV1_testCurrentIp x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/restrictions/ip/verify/allow method: post operationId: testCurrentIpInAllowList x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/configurations/v1/restrictions/ip/{id} method: delete operationId: IPRestrictionsControllerV1_deleteIpRestrictionById x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/lockout-policy method: post operationId: LockoutPolicyController_createLockoutPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/lockout-policy method: patch operationId: LockoutPolicyController_updateLockoutPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/lockout-policy method: get operationId: LockoutPolicyController_getLockoutPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/users/access-tokens/v1/active method: get operationId: VendorOnlyUserAccessTokensV1Controller_getActiveAccessTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/users/access-tokens/v1/{id} method: get operationId: VendorOnlyUserAccessTokensV1Controller_getUserAccessTokenData x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/tenants/access-tokens/v1/{id} method: get operationId: VendorOnlyTenantAccessTokensV1Controller_getTenantAccessTokenData x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/auth/v1/user/mfa/recover method: post operationId: AuthenticationMFAControllerV1_recoverMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/disable method: post operationId: UsersMfaControllerV1_disableAuthAppMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/authenticator/{deviceId}/disable/verify method: post operationId: UsersMfaControllerV1_disableAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/sms/{deviceId}/disable method: post operationId: UsersMfaControllerV1_preDisableSMSMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/sms/{deviceId}/disable/verify method: post operationId: UsersMfaControllerV1_disableSMSMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/verify method: post operationId: AuthenticationMFAControllerV1_verifyAuthenticatorMfaCode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/emailcode method: post operationId: AuthenticationMFAControllerV1_preVerifyEmailOtcMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/emailcode/verify method: post operationId: AuthenticationMFAControllerV1_verifyEmailOtcMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/authenticator/enroll method: post operationId: AuthenticationMFAControllerV1_preEnrollAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/authenticator/enroll/verify method: post operationId: AuthenticationMFAControllerV1_enrollAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/authenticator/{deviceId}/verify method: post operationId: AuthenticationMFAControllerV1_verifyAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/sms/enroll method: post operationId: AuthenticationMFAControllerV1_preEnrollSmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/sms/enroll/verify method: post operationId: AuthenticationMFAControllerV1_enrollSmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/sms/{deviceId} method: post operationId: AuthenticationMFAControllerV1_preVerifySmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/sms/{deviceId}/verify method: post operationId: AuthenticationMFAControllerV1_verifySmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/webauthn/enroll method: post operationId: AuthenticationMFAControllerV1_preEnrollWebauthnMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/webauthn/enroll/verify method: post operationId: AuthenticationMFAControllerV1_enrollWebauthnMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/webauthn/{deviceId} method: post operationId: AuthenticationMFAControllerV1_preVerifyWebauthnMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/user/mfa/webauthn/{deviceId}/verify method: post operationId: AuthenticationMFAControllerV1_verifyWebauthnMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa-policy/allow-remember-device method: get operationId: SecurityPolicyController_checkIfAllowToRememberDevice x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/mfa/enroll method: post operationId: UsersMfaControllerV1_enrollAuthAppMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/authenticator/enroll method: post operationId: UsersMfaControllerV1_enrollAuthenticatorMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/enroll/verify method: post operationId: UsersMfaControllerV1_verifyAuthAppMfaEnrollment x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/authenticator/enroll/verify method: post operationId: UsersMfaControllerV1_verifyAuthenticatorMfaEnrollment x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/sms/enroll method: post operationId: UsersMfaControllerV1_preEnrollSmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/mfa/sms/enroll/verify method: post operationId: UsersMfaControllerV1_enrollSmsMfa x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa method: post operationId: MfaController_upsertMfaConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa method: get operationId: MfaController_getMfaConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/mfa-policy method: post operationId: SecurityPolicyController_createMfaPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa-policy method: patch operationId: SecurityPolicyController_updateSecurityPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa-policy method: put operationId: SecurityPolicyController_upsertSecurityPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/mfa-policy method: get operationId: SecurityPolicyController_getSecurityPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/mfa/strategies method: get operationId: MFAStrategiesControllerV1_getMFAStrategies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/mfa/strategies method: post operationId: MFAStrategiesControllerV1_createOrUpdateMFAStrategy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password method: post operationId: PasswordPolicyController_addOrUpdatePasswordConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password method: get operationId: PasswordPolicyController_getPasswordConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/password-history-policy method: post operationId: PasswordHistoryPolicyController_createPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password-history-policy method: patch operationId: PasswordHistoryPolicyController_updatePolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password-history-policy method: get operationId: PasswordHistoryPolicyController_getPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/passwords/reset method: post operationId: UsersPasswordControllerV1_resetPassword x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/passwords/reset/verify method: post operationId: UsersPasswordControllerV1_verifyResetPassword x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/passwords/change method: post operationId: UsersPasswordControllerV1_changePassword x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/passwords/config method: get operationId: UsersPasswordControllerV1_getUserPasswordConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v2/passwords/reset/email method: post operationId: UsersPasswordControllerV2_resetPasswordViaEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2/passwords/reset/sms method: post operationId: UsersPasswordControllerV2_resetPasswordViaSms x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2/passwords/reset/sms/verify method: post operationId: UsersPasswordControllerV2_verifyResetPasswordViaSmsOtc x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password-rotation method: get operationId: PasswordRotationConfigControllerV1_getPasswordRotationConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/password-rotation method: post operationId: PasswordRotationConfigControllerV1_upsertPasswordRotationConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/password-rotation/vendor method: get operationId: PasswordRotationConfigControllerV1_getVendorPasswordRotationConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/auth/v1/passwordless/smscode/prelogin method: post operationId: AuthenticationPasswordlessControllerV1_smsCodePreLogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/smscode/postlogin method: post operationId: AuthenticationPasswordlessControllerV1_smsCodePostLogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/magiclink/prelogin method: post operationId: AuthenticationPasswordlessControllerV1_magicLinkPrelogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/magiclink/postlogin method: post operationId: AuthenticationPasswordlessControllerV1_magicLinkPostLogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/code/prelogin method: post operationId: AuthenticationPasswordlessControllerV1_emailCodePrelogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/auth/v1/passwordless/code/postlogin method: post operationId: AuthenticationPasswordlessControllerV1_emailCodePostLogin x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1 method: get operationId: PermissionsControllerV1_getAllPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/permissions/v1 method: post operationId: PermissionsControllerV1_addPermissions x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/{permissionId} method: delete operationId: PermissionsControllerV1_deletePermission x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/{permissionId} method: patch operationId: PermissionsControllerV1_updatePermission x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/{permissionId}/roles method: put operationId: PermissionsControllerV1_setRolesToPermission x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/classification method: put operationId: PermissionsControllerV1_updatePermissionsAssignmentType x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/categories method: get operationId: PermissionsCategoriesController_getAllCategoriesWithPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/permissions/v1/categories method: post operationId: PermissionsCategoriesController_createPermissionCategory x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/categories/{categoryId} method: patch operationId: PermissionsCategoriesController_updateCategory x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/permissions/v1/categories/{categoryId} method: delete operationId: PermissionsCategoriesController_deleteCategory x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/access-tokens/v1 method: post operationId: UserAccessTokensV1Controller_createUserAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/access-tokens/v1 method: get operationId: UserAccessTokensV1Controller_getUserAccessTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/access-tokens/v1/{id} method: delete operationId: UserAccessTokensV1Controller_deleteUserAccessToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/api-tokens/v1 method: post operationId: UserApiTokensV1Controller_createTenantApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/api-tokens/v1 method: get operationId: UserApiTokensV1Controller_getApiTokens x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/api-tokens/v1/{id} method: delete operationId: UserApiTokensV1Controller_deleteApiToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1 method: get operationId: PermissionsControllerV1_getAllRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/roles/v1 method: post operationId: PermissionsControllerV1_addRoles x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1/{roleId} method: delete operationId: PermissionsControllerV1_deleteRole x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1/{roleId} method: patch operationId: PermissionsControllerV1_updateRole x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1/{roleId}/permissions method: put operationId: PermissionsControllerV1_setPermissionsToRole x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/roles/v1/{roleId}/tenant method: put operationId: PermissionsControllerV1_updateRoleTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1 method: get operationId: UserPhoneNumbersControllerV1_getAllPhoneNumbers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/phone-numbers/v1 method: post operationId: UserPhoneNumbersControllerV1_createUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/preverify method: post operationId: UserPhoneNumbersControllerV1_preVerifyUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/verify method: post operationId: UserPhoneNumbersControllerV1_verifyCreateUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/{id} method: delete operationId: UserPhoneNumbersControllerV1_deleteUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/{id}/delete/verify method: post operationId: UserPhoneNumbersControllerV1_verifyDeleteUserPhoneNumber x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/me method: get operationId: UserPhoneNumbersControllerV1_getUserOwnPhoneNumbers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/phone-numbers/v2 method: get operationId: UserPhoneNumbersControllerV2_getAllPhoneNumbers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms method: post operationId: VendorSmsController_createSmsVendorConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/sms method: delete operationId: VendorSmsController_deleteSmsVendorConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/sms method: get operationId: VendorSmsController_getSmsVendorConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms/templates method: get operationId: VendorSmsController_getAllSmsTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms/templates/{type} method: get operationId: VendorSmsController_getSmsTemplate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms/templates/{type} method: delete operationId: VendorSmsController_deleteSmsTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/sms/templates/{type} method: post operationId: VendorSmsController_createSmsTemplate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/sms/templates/{type}/default method: get operationId: VendorSmsController_getSmsDefaultTemplate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/sms/templates/default/all method: get operationId: VendorSmsController_getAllSmsDefaultTemplates x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/sessions/v1/vendor method: get operationId: SessionConfigurationControllerV1_getVendorSessionConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/sessions/v1 method: get operationId: SessionConfigurationControllerV1_getSessionConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/sessions/v1 method: post operationId: SessionConfigurationControllerV1_createSessionConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/configurations/v1/user-emails-policy method: get operationId: UserEmailsPolicyControllerV1_getUserEmailsPolicy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/configurations/v1/user-emails-policy method: post operationId: UserEmailsPolicyControllerV1_createOrUpdateUserEmailsPolicy x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1 method: get operationId: GroupsControllerV1_getAllGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/groups/v1 method: post operationId: GroupsControllerV1_createGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/bulkGet method: post operationId: GroupsControllerV1_getGroupsByIds x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{id} method: patch operationId: GroupsControllerV1_updateGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{id} method: delete operationId: GroupsControllerV1_deleteGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{id} method: get operationId: GroupsControllerV1_getGroupById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/groups/v1/config method: get operationId: GroupsControllerV1_getGroupsConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/groups/v1/config method: post operationId: GroupsControllerV1_createOrUpdateGroupsConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{groupId}/roles method: post operationId: GroupsControllerV1_addRolesToGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{groupId}/roles method: delete operationId: GroupsControllerV1_removeRolesFromGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{groupId}/users method: post operationId: GroupsControllerV1_addUsersToGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v1/{groupId}/users method: delete operationId: GroupsControllerV1_removeUsersFromGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/groups/v2 method: get operationId: GroupsControllerV2_getAllGroupsPaginated x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/users/v1/{userId}/disable method: post operationId: UsersTenantsControllerV1_disableUserTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/users/v1/{userId}/enable method: post operationId: UsersTenantsControllerV1_enableUserTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/temporary/v1/{userId} method: put operationId: TemporaryUsersV1Controller_editTimeLimit x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/temporary/v1/{userId} method: delete operationId: TemporaryUsersV1Controller_setUserPermanent x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/temporary/v1/configuration method: get operationId: TemporaryUsersV1Controller_getConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/temporary/v1/configuration method: put operationId: TemporaryUsersV1Controller_updateConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1 method: get operationId: UserEmailsControllerV1_getAllEmails x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/emails/v1 method: post operationId: UserEmailsControllerV1_createUserEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/verify method: post operationId: UserEmailsControllerV1_verifyUserEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/{emailId} method: delete operationId: UserEmailsControllerV1_deleteUserEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/vendor/{userId} method: post operationId: UserEmailsControllerV1_createUserEmailForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/vendor/{userId}/{emailId} method: delete operationId: UserEmailsControllerV1_deleteUserEmailForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/vendor/{userId}/primary method: post operationId: UserEmailsControllerV1_markEmailAsPrimary x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/me/primary method: post operationId: UserEmailsControllerV1_markEmailAsPrimaryMe x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/emails/v1/me method: get operationId: UserEmailsControllerV1_getUserOwnEmails x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sub-tenants/users/v1/{userId}/access method: put operationId: UsersControllerV1_setUserRolesFromSubTenants x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/activate/reset method: post operationId: UsersActivationControllerV1_resetActivationToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/invitation/reset method: post operationId: UsersTenantManagementControllerV1_resetTenantInvitationToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/invitation/reset/all method: post operationId: UsersTenantManagementControllerV1_resetAllTenantsInvitationToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v3 method: get operationId: UsersControllerV3_getUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v3/roles method: get operationId: UsersControllerV3_getUsersRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v3/groups method: get operationId: UsersControllerV3_getUsersGroups x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v3/me/unlock method: post operationId: UsersControllerV3_unlock x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2 method: post operationId: UsersControllerV2_createUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2/me method: put operationId: UsersControllerV2_updateUserProfile x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v2/me method: get operationId: UsersControllerV2_getUserProfile x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1 method: post operationId: UsersControllerV1_createUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1 method: put operationId: UsersControllerV1_updateUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId} method: delete operationId: UsersControllerV1_removeUserFromTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId} method: put operationId: UsersControllerV1_updateUserForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/roles method: post operationId: UsersControllerV1_addRolesToUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/roles method: delete operationId: UsersControllerV1_deleteRolesFromUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/tenant method: put operationId: UsersControllerV1_updateUserTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/query/phrase method: get operationId: UsersControllerV1_searchUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/usernames/v1 method: get operationId: UsernamesControllerV1_getUsersUsernames x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/usernames/v1 method: post operationId: UsernamesControllerV1_createUsername x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/usernames/v1/{username} method: delete operationId: UsernamesControllerV1_deleteUsername x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/usernames/v1/me method: get operationId: UsernamesControllerV1_getMeUsernames x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/email/me method: post operationId: SelfEmailUpdateControllerV1_updateEmailMe x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/email/me/verify method: post operationId: SelfEmailUpdateControllerV1_verifyEmailMe x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/activate method: post operationId: UsersActivationControllerV1_activateUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/activate/code method: post operationId: UsersActivationControllerV1_activateUserWithCode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/activate/strategy method: get operationId: UsersActivationControllerV1_getActivationStrategy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/invitation/accept method: post operationId: UsersTenantManagementControllerV1_acceptInvitation x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/invitation/accept/code method: post operationId: UsersTenantManagementControllerV1_acceptInvitationWithCode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v3/me method: get operationId: UsersControllerV3_getUserProfile x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v2/me/tenants method: get operationId: UsersControllerV2_getUserTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v2/me/hierarchy method: get operationId: UsersControllerV2_getUserTenantsHierarchy x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/me/authorization method: get operationId: UsersControllerV1_getMeAuthorization x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/me/tenants method: get operationId: UsersControllerV1_getUserTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/user-sources/v1 method: get operationId: UserSourcesControllerV1_getUserSources x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/user-sources/v1/{id} method: get operationId: UserSourcesControllerV1_getUserSource x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/user-sources/v1/{id} method: delete operationId: UserSourcesControllerV1_deleteUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/auth0 method: post operationId: UserSourcesControllerV1_createAuth0ExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/cognito method: post operationId: UserSourcesControllerV1_createCognitoExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/firebase method: post operationId: UserSourcesControllerV1_createFirebaseExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/custom-code method: post operationId: UserSourcesControllerV1_createCustomCodeExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/federation method: post operationId: UserSourcesControllerV1_createFederationUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/auth0/{id} method: put operationId: UserSourcesControllerV1_updateAuth0ExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/cognito/{id} method: put operationId: UserSourcesControllerV1_updateCognitoExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/firebase/{id} method: put operationId: UserSourcesControllerV1_updateFirebaseExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/external/custom-code/{id} method: put operationId: UserSourcesControllerV1_updateCustomCodeExternalUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/federation/{id} method: put operationId: UserSourcesControllerV1_updateFederationUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/assign method: post operationId: UserSourcesControllerV1_assignUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/unassign method: post operationId: UserSourcesControllerV1_unassignUserSource x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/user-sources/v1/{id}/users method: get operationId: UserSourcesControllerV1_getUserSourceUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/sessions/v1/me method: get operationId: UserSessionsControllerV1_getActiveSessions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/sessions/v1/me/all method: delete operationId: UserSessionsControllerV1_deleteAllUserActiveSessions x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/sessions/v1/me/{id} method: delete operationId: UserSessionsControllerV1_deleteUserSession x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/vendor-only/users/v1/{userId} method: get operationId: VendorOnlyUsers_getUserById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/users/v1/{userId}/mfa/unenroll method: post operationId: VendorOnlyUsers_MFAUnenroll x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/vendor-only/users/v1/passwords/verify method: post operationId: VendorOnlyUsers_verifyUserPassword x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/vendor-only/users/v1 method: post operationId: VendorOnlyUsers_createUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/tenants/users/v1/statuses method: get operationId: get x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/phone-numbers/v1/vendor/{userId} method: post operationId: UserPhoneNumbersControllerV1_createUserPhoneNumberVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/phone-numbers/v1/vendor/{userId}/{phoneId} method: delete operationId: UserPhoneNumbersControllerV1_deleteUserPhoneNumberVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/bulk/v1/invite method: post operationId: UsersBulkControllerV1_bulkInviteUsers x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/bulk/v1/status/{id} method: get operationId: UsersBulkControllerV1_getBulkInviteStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/vendor-only/users/v1/{userId}/roles/bulk method: patch operationId: VendorOnlyUsers_bulkUpdateRolesAcrossAllTenants x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/vendor-only/users/v1/bulk-roles/status/{taskId} method: get operationId: VendorOnlyUsers_getBulkRolesTaskStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/email method: get operationId: UsersControllerV1_getUserByEmail x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/{id} method: get operationId: UsersControllerV1_getUserById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/users/v1/{userId}/verify method: post operationId: UsersControllerV1_verifyUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/invisible method: put operationId: UsersControllerV1_setUserInvisibleMode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/superuser method: put operationId: UsersControllerV1_setUserSuperuserMode x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/tenant method: put operationId: UsersControllerV1_updateUserTenantForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/tenant method: post operationId: UsersControllerV1_addUserToTenantForVendor x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/email method: put operationId: UsersControllerV1_updateUserEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/links/generate-activation-token method: post operationId: UsersControllerV1_generateUserActivationLink x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/links/generate-password-reset-token method: post operationId: UsersControllerV1_generateUserPasswordResetLink x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/unlock method: post operationId: UsersControllerV1_unlockUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/{userId}/lock method: post operationId: UsersControllerV1_lockUser x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/users/v1/tenants/migrate method: put operationId: UsersControllerV1_moveAllUsersTenants x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/applications/v1/{appId}/users method: get operationId: ApplicationsControllerV1_getUsersForApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1/{userId}/apps method: get operationId: ApplicationsControllerV1_getApplicationsForUser x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/v1 method: post operationId: ApplicationsControllerV1_assignUsersToApplication x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/applications/v1 method: delete operationId: ApplicationsControllerV1_unassignUsersFromApplication x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/applications/user-tenants/active/v1 method: get operationId: ApplicationsActiveUserTenantsControllerV1_getUserApplicationActiveTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/applications/user-tenants/active/v1 method: put operationId: ApplicationsActiveUserTenantsControllerV1_switchUserApplicationActiveTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/v1/configurations/scim2 method: get operationId: Scim2ConnectionConfigController_fetchAll x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/v1/configurations/scim2 method: post operationId: Scim2ConnectionConfigController_create x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/v1/configurations/scim2/{id} method: get operationId: Scim2ConnectionConfigController_fetchById x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/v1/configurations/scim2/{id} method: patch operationId: Scim2ConnectionConfigController_partialUpdate x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/v1/configurations/scim2/{id} method: delete operationId: Scim2ConnectionConfigController_deleteById x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/saml/configurations/vendor-config method: get operationId: SamlControllerV1_getVendorSamlConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/saml/configurations/sp-certificate method: get operationId: SamlControllerV1_getSpCertificate x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/saml/configurations/sp-metadata method: get operationId: SamlControllerV1_getSpMetadata x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations method: post operationId: SsoConfigurationControllerV1_createSsoConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations method: get operationId: SsoConfigurationControllerV1_getSsoConfigurations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/{configurationId} method: delete operationId: SsoConfigurationControllerV1_deleteSsoConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId} method: patch operationId: SsoConfigurationControllerV1_updateSsoConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/metadata method: post operationId: SsoConfigurationControllerV1_createSsoConfigurationByMetadata x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/metadata method: put operationId: SsoConfigurationControllerV1_updateSsoConfigurationByMetadata x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/domains method: post operationId: SsoDomainControllerV1_createSsoDomain x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/domains/{domainId} method: delete operationId: SsoDomainControllerV1_deleteSsoDomain x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/domains/{domainId}/validate/email method: put operationId: SsoDomainControllerV1_validateSsoDomainByEmail x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v2/configurations/{configurationId}/domains/{domainId}/validate method: put operationId: SsoDomainControllerV2_validateSsoDomain x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/roles method: put operationId: SsoRolesControllerV1_setSsoDefaultRoles x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/roles method: get operationId: SsoRolesControllerV1_getSsoDefaultRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/{configurationId}/groups method: post operationId: SsoGroupsControllerV1_createSsoGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/groups method: get operationId: SsoGroupsControllerV1_getSsoGroup x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/{configurationId}/groups/{groupId} method: patch operationId: SsoGroupsControllerV1_updateSsoGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/{configurationId}/groups/{groupId} method: delete operationId: SsoGroupsControllerV1_deleteSsoGroup x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/excluded-emails method: post operationId: ExcludeEmailsFromSSOV1_excludeSSOEmail x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/sso/v1/configurations/excluded-emails method: get operationId: ExcludeEmailsFromSSOV1_getSSOExcludedEmails x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/excluded-emails/{email} method: delete operationId: ExcludeEmailsFromSSOV1_deleteSSOExcludedEmail x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /resources/sso/v1/configurations/domains/{domain}/force-validate method: put operationId: VendorOnlySsoConfigurationControllerV1_forceSsoDomainValidation x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/multiple-sso-per-domain method: get operationId: SsoPerTenantControllerV1_getSSOPerTenantConfig x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/configurations/multiple-sso-per-domain method: put operationId: SsoPerTenantControllerV1_createOrUpdateSSOPerTenantConfig x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/domains method: put operationId: SSODomainsConfigurationControllerV1_createOrUpdateSSODomainsConfiguration x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sso/v1/configurations/domains method: get operationId: SSODomainsConfigurationControllerV1_getSSODomainsConfiguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/oidc/configurations method: get operationId: OidcControllerV1_getOidcConifguration x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/sso/v1/oidc/configurations method: post operationId: OidcControllerV1_configureOidc x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1/{tenantId} method: get operationId: TenantControllerV1_getTenant x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/v1/{tenantId} method: put operationId: TenantControllerV1_updateTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1/{tenantId} method: delete operationId: TenantControllerV1_deleteTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1 method: post operationId: TenantControllerV1_createTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1 method: delete operationId: TenantControllerV1_deleteCurrentTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1/{tenantId}/metadata method: post operationId: TenantControllerV1_addTenantMetadata x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v1/{tenantId}/metadata/{key} method: delete operationId: TenantControllerV1_deleteTenantMetadata x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/tenants/v2 method: get operationId: TenantControllerV2_getTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/v2/alias/{alias} method: get operationId: TenantControllerV2_getTenantByAlias x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/v2/{tenantId} method: get operationId: TenantControllerV2_getTenant x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/tenants/v2/{tenantId} method: put operationId: TenantControllerV2_updateTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sub-tenants/v1 method: post operationId: SubTenantControllerV1_createSubTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sub-tenants/v1/{tenantId}/management method: put operationId: SubTenantControllerV1_updateSubTenantManagement x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sub-tenants/v1/{tenantId}/hierarchy-settings method: put operationId: SubTenantControllerV1_updateSubTenantHierarchySettings x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/sub-tenants/v1/{tenantId} method: delete operationId: SubTenantControllerV1_deleteSubTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/account-settings/v1 method: get operationId: AccountSettingsControllerV1_getSettings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/account-settings/v1 method: put operationId: AccountSettingsControllerV1_updateSettings x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/account-settings/v1/public method: get operationId: AccountSettingsControllerV1_getPublicSettings x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/migrations/v1/tenants method: post operationId: MigrationControllerV1_migrateTenants x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/migrations/v1/tenants/status/{migrationId} method: get operationId: MigrationControllerV1_getMigrateTenantsStatus x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/hierarchy/v1 method: get operationId: TenantHierarchyControllerV1_getSubTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/hierarchy/v1 method: post operationId: TenantHierarchyControllerV1_createSubTenants x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/hierarchy/v1 method: delete operationId: TenantHierarchyControllerV1_deleteSubTenant x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /resources/hierarchy/v1/parents method: get operationId: TenantHierarchyControllerV1_getParentTenants x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /resources/hierarchy/v1/tree method: get operationId: TenantHierarchyControllerV1_getSubTenantsTree x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none