naftiko: 1.0.0-alpha2 info: label: FusionAuth API — Identity Provider description: 'FusionAuth API — Identity Provider. 17 operations. Lead operation: Retrieves one or more identity provider for the given type. For types such as Google, Facebook, Twitter and LinkedIn, only a single identit. Self-contained Naftiko capability covering one business surface.' tags: - FusionAuth - Identity Provider created: '2026-05-20' modified: '2026-05-20' binds: - namespace: env keys: FUSIONAUTH_API_KEY: FUSIONAUTH_API_KEY capability: consumes: - type: http namespace: fusionauth-identity-provider baseUri: http://localhost:9011 description: FusionAuth API — Identity Provider business capability. Self-contained, no shared references. resources: - name: api-identity-provider path: /api/identity-provider operations: - name: createidentityprovider method: POST description: Creates an identity provider. You can optionally specify an Id for the identity provider, if not provided one will be generated. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveidentityproviderbytypewithid method: GET description: Retrieves one or more identity provider for the given type. For types such as Google, Facebook, Twitter and LinkedIn, only a single identit outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: type in: query type: string description: The type of the identity provider. - name: api-identity-provider-link path: /api/identity-provider/link operations: - name: createuserlinkwithid method: POST description: Link an external user from a 3rd party identity provider to a FusionAuth user. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: deleteuserlinkwithid method: DELETE description: Remove an existing link that has been made from a 3rd party identity provider to a FusionAuth user. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: identityProviderId in: query type: string description: The unique Id of the identity provider. - name: identityProviderUserId in: query type: string description: The unique Id of the user in the 3rd party identity provider to unlink. - name: userId in: query type: string description: The unique Id of the FusionAuth user to unlink. - name: retrieveidentityproviderlink method: GET description: Retrieve all Identity Provider users (links) for the user. Specify the optional identityProviderId to retrieve links for a particular IdP. O outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: identityProviderId in: query type: string description: The unique Id of the identity provider. Specify this value to reduce the links returned to those for a particular IdP. - name: userId in: query type: string description: The unique Id of the user. - name: identityProviderUserId in: query type: string description: The unique Id of the user in the 3rd party identity provider. - name: api-identity-provider-link-pending-pendinglinkid path: /api/identity-provider/link/pending/{pendingLinkId} operations: - name: retrievependinglinkwithid method: GET description: Retrieve a pending identity provider link. This is useful to validate a pending link and retrieve meta-data about the identity provider link outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: query type: string description: The optional userId. When provided additional meta-data will be provided to identify how many links if any the user already has. - name: pendingLinkId in: path type: string description: The pending link Id. required: true - name: api-identity-provider-login path: /api/identity-provider/login operations: - name: identityproviderloginwithid method: POST description: Handles login via third-parties including Social login, external OAuth and OpenID Connect, and other login systems. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: X-FusionAuth-TenantId in: header type: string description: The unique Id of the tenant used to scope this API request. Only required when there is more than one tenant and the API key is not tenant-scoped. - name: body in: body type: object description: Request body (JSON). required: false - name: api-identity-provider-lookup path: /api/identity-provider/lookup operations: - name: retrieveidentityproviderlookup method: GET description: Retrieves the identity provider for the given domain and tenantId. A 200 response code indicates the domain is managed by a registered ident outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: domain in: query type: string description: The domain or email address to lookup. - name: tenantId in: query type: string description: If provided, the API searches for an identity provider scoped to the corresponding tenant that manages the requested domain. If no result is found, the API then searches for global identity providers. - name: api-identity-provider-search path: /api/identity-provider/search operations: - name: searchidentityproviderswithid method: POST description: Searches identity providers with the specified criteria and pagination. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-identity-provider-start path: /api/identity-provider/start operations: - name: startidentityproviderloginwithid method: POST description: Begins a login request for a 3rd party login that requires user interaction such as HYPR. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-identity-provider-test path: /api/identity-provider/test operations: - name: retrieveidentityproviderconnectiontestresultswithid method: GET description: Retrieves the results for an identity provider connection test. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: connectionTestId in: query type: string description: The connection test id to retrieve results for. - name: startidentityproviderconnectiontestwithid method: POST description: Begins an identity provider connection test. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: api-identity-provider-identityproviderid path: /api/identity-provider/{identityProviderId} operations: - name: createidentityproviderwithid method: POST description: Creates an identity provider. You can optionally specify an Id for the identity provider, if not provided one will be generated. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: identityProviderId in: path type: string description: The Id of the identity provider. If not provided a secure random UUID will be generated. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: deleteidentityproviderwithid method: DELETE description: Deletes the identity provider for the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: identityProviderId in: path type: string description: The Id of the identity provider to delete. required: true - name: patchidentityproviderwithid method: PATCH description: Updates, via PATCH, the identity provider with the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: identityProviderId in: path type: string description: The Id of the identity provider to update. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: retrieveidentityproviderwithid method: GET description: Retrieves the identity provider for the given Id or all the identity providers if the Id is null. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: identityProviderId in: path type: string description: The identity provider Id. required: true - name: updateidentityproviderwithid method: PUT description: Updates the identity provider with the given Id. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: identityProviderId in: path type: string description: The Id of the identity provider to update. required: true - name: body in: body type: object description: Request body (JSON). required: false exposes: - type: rest namespace: fusionauth-identity-provider-rest port: 8080 description: REST adapter for FusionAuth API — Identity Provider. One resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/identity-provider name: api-identity-provider description: REST surface for api-identity-provider. operations: - method: POST name: createidentityprovider description: Creates an identity provider. You can optionally specify an Id for the identity provider, if not provided one will be generated. call: fusionauth-identity-provider.createidentityprovider with: body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveidentityproviderbytypewithid description: Retrieves one or more identity provider for the given type. For types such as Google, Facebook, Twitter and LinkedIn, only a single identit call: fusionauth-identity-provider.retrieveidentityproviderbytypewithid with: type: rest.type outputParameters: - type: object mapping: $. - path: /v1/api/identity-provider/link name: api-identity-provider-link description: REST surface for api-identity-provider-link. operations: - method: POST name: createuserlinkwithid description: Link an external user from a 3rd party identity provider to a FusionAuth user. call: fusionauth-identity-provider.createuserlinkwithid with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuserlinkwithid description: Remove an existing link that has been made from a 3rd party identity provider to a FusionAuth user. call: fusionauth-identity-provider.deleteuserlinkwithid with: identityProviderId: rest.identityProviderId identityProviderUserId: rest.identityProviderUserId userId: rest.userId outputParameters: - type: object mapping: $. - method: GET name: retrieveidentityproviderlink description: Retrieve all Identity Provider users (links) for the user. Specify the optional identityProviderId to retrieve links for a particular IdP. O call: fusionauth-identity-provider.retrieveidentityproviderlink with: identityProviderId: rest.identityProviderId userId: rest.userId identityProviderUserId: rest.identityProviderUserId outputParameters: - type: object mapping: $. - path: /v1/api/identity-provider/link/pending/{pendingLinkId} name: api-identity-provider-link-pending-pendinglinkid description: REST surface for api-identity-provider-link-pending-pendinglinkid. operations: - method: GET name: retrievependinglinkwithid description: Retrieve a pending identity provider link. This is useful to validate a pending link and retrieve meta-data about the identity provider link call: fusionauth-identity-provider.retrievependinglinkwithid with: userId: rest.userId pendingLinkId: rest.pendingLinkId outputParameters: - type: object mapping: $. - path: /v1/api/identity-provider/login name: api-identity-provider-login description: REST surface for api-identity-provider-login. operations: - method: POST name: identityproviderloginwithid description: Handles login via third-parties including Social login, external OAuth and OpenID Connect, and other login systems. call: fusionauth-identity-provider.identityproviderloginwithid with: X-FusionAuth-TenantId: rest.X-FusionAuth-TenantId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/identity-provider/lookup name: api-identity-provider-lookup description: REST surface for api-identity-provider-lookup. operations: - method: GET name: retrieveidentityproviderlookup description: Retrieves the identity provider for the given domain and tenantId. A 200 response code indicates the domain is managed by a registered ident call: fusionauth-identity-provider.retrieveidentityproviderlookup with: domain: rest.domain tenantId: rest.tenantId outputParameters: - type: object mapping: $. - path: /v1/api/identity-provider/search name: api-identity-provider-search description: REST surface for api-identity-provider-search. operations: - method: POST name: searchidentityproviderswithid description: Searches identity providers with the specified criteria and pagination. call: fusionauth-identity-provider.searchidentityproviderswithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/identity-provider/start name: api-identity-provider-start description: REST surface for api-identity-provider-start. operations: - method: POST name: startidentityproviderloginwithid description: Begins a login request for a 3rd party login that requires user interaction such as HYPR. call: fusionauth-identity-provider.startidentityproviderloginwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/identity-provider/test name: api-identity-provider-test description: REST surface for api-identity-provider-test. operations: - method: GET name: retrieveidentityproviderconnectiontestresultswithid description: Retrieves the results for an identity provider connection test. call: fusionauth-identity-provider.retrieveidentityproviderconnectiontestresultswithid with: connectionTestId: rest.connectionTestId outputParameters: - type: object mapping: $. - method: POST name: startidentityproviderconnectiontestwithid description: Begins an identity provider connection test. call: fusionauth-identity-provider.startidentityproviderconnectiontestwithid with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/identity-provider/{identityProviderId} name: api-identity-provider-identityproviderid description: REST surface for api-identity-provider-identityproviderid. operations: - method: POST name: createidentityproviderwithid description: Creates an identity provider. You can optionally specify an Id for the identity provider, if not provided one will be generated. call: fusionauth-identity-provider.createidentityproviderwithid with: identityProviderId: rest.identityProviderId body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteidentityproviderwithid description: Deletes the identity provider for the given Id. call: fusionauth-identity-provider.deleteidentityproviderwithid with: identityProviderId: rest.identityProviderId outputParameters: - type: object mapping: $. - method: PATCH name: patchidentityproviderwithid description: Updates, via PATCH, the identity provider with the given Id. call: fusionauth-identity-provider.patchidentityproviderwithid with: identityProviderId: rest.identityProviderId body: rest.body outputParameters: - type: object mapping: $. - method: GET name: retrieveidentityproviderwithid description: Retrieves the identity provider for the given Id or all the identity providers if the Id is null. call: fusionauth-identity-provider.retrieveidentityproviderwithid with: identityProviderId: rest.identityProviderId outputParameters: - type: object mapping: $. - method: PUT name: updateidentityproviderwithid description: Updates the identity provider with the given Id. call: fusionauth-identity-provider.updateidentityproviderwithid with: identityProviderId: rest.identityProviderId body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: fusionauth-identity-provider-mcp port: 9090 transport: http description: MCP adapter for FusionAuth API — Identity Provider. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: fusionauth-createidentityprovider description: Creates an identity provider. You can optionally specify an Id for the identity provider, if not provided one will be generated. hints: readOnly: false destructive: false idempotent: false call: fusionauth-identity-provider.createidentityprovider with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveidentityproviderbytypewithid description: Retrieves one or more identity provider for the given type. For types such as Google, Facebook, Twitter and LinkedIn, only a single identit hints: readOnly: true destructive: false idempotent: true call: fusionauth-identity-provider.retrieveidentityproviderbytypewithid with: type: tools.type outputParameters: - type: object mapping: $. - name: fusionauth-createuserlinkwithid description: Link an external user from a 3rd party identity provider to a FusionAuth user. hints: readOnly: false destructive: false idempotent: false call: fusionauth-identity-provider.createuserlinkwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-deleteuserlinkwithid description: Remove an existing link that has been made from a 3rd party identity provider to a FusionAuth user. hints: readOnly: false destructive: true idempotent: true call: fusionauth-identity-provider.deleteuserlinkwithid with: identityProviderId: tools.identityProviderId identityProviderUserId: tools.identityProviderUserId userId: tools.userId outputParameters: - type: object mapping: $. - name: fusionauth-retrieveidentityproviderlink description: Retrieve all Identity Provider users (links) for the user. Specify the optional identityProviderId to retrieve links for a particular IdP. O hints: readOnly: true destructive: false idempotent: true call: fusionauth-identity-provider.retrieveidentityproviderlink with: identityProviderId: tools.identityProviderId userId: tools.userId identityProviderUserId: tools.identityProviderUserId outputParameters: - type: object mapping: $. - name: fusionauth-retrievependinglinkwithid description: Retrieve a pending identity provider link. This is useful to validate a pending link and retrieve meta-data about the identity provider link hints: readOnly: true destructive: false idempotent: true call: fusionauth-identity-provider.retrievependinglinkwithid with: userId: tools.userId pendingLinkId: tools.pendingLinkId outputParameters: - type: object mapping: $. - name: fusionauth-identityproviderloginwithid description: Handles login via third-parties including Social login, external OAuth and OpenID Connect, and other login systems. hints: readOnly: false destructive: false idempotent: false call: fusionauth-identity-provider.identityproviderloginwithid with: X-FusionAuth-TenantId: tools.X-FusionAuth-TenantId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveidentityproviderlookup description: Retrieves the identity provider for the given domain and tenantId. A 200 response code indicates the domain is managed by a registered ident hints: readOnly: true destructive: false idempotent: true call: fusionauth-identity-provider.retrieveidentityproviderlookup with: domain: tools.domain tenantId: tools.tenantId outputParameters: - type: object mapping: $. - name: fusionauth-searchidentityproviderswithid description: Searches identity providers with the specified criteria and pagination. hints: readOnly: false destructive: false idempotent: false call: fusionauth-identity-provider.searchidentityproviderswithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-startidentityproviderloginwithid description: Begins a login request for a 3rd party login that requires user interaction such as HYPR. hints: readOnly: false destructive: false idempotent: false call: fusionauth-identity-provider.startidentityproviderloginwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveidentityproviderconnectiontestresultswithid description: Retrieves the results for an identity provider connection test. hints: readOnly: true destructive: false idempotent: true call: fusionauth-identity-provider.retrieveidentityproviderconnectiontestresultswithid with: connectionTestId: tools.connectionTestId outputParameters: - type: object mapping: $. - name: fusionauth-startidentityproviderconnectiontestwithid description: Begins an identity provider connection test. hints: readOnly: false destructive: false idempotent: false call: fusionauth-identity-provider.startidentityproviderconnectiontestwithid with: body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-createidentityproviderwithid description: Creates an identity provider. You can optionally specify an Id for the identity provider, if not provided one will be generated. hints: readOnly: false destructive: false idempotent: false call: fusionauth-identity-provider.createidentityproviderwithid with: identityProviderId: tools.identityProviderId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-deleteidentityproviderwithid description: Deletes the identity provider for the given Id. hints: readOnly: false destructive: true idempotent: true call: fusionauth-identity-provider.deleteidentityproviderwithid with: identityProviderId: tools.identityProviderId outputParameters: - type: object mapping: $. - name: fusionauth-patchidentityproviderwithid description: Updates, via PATCH, the identity provider with the given Id. hints: readOnly: false destructive: false idempotent: false call: fusionauth-identity-provider.patchidentityproviderwithid with: identityProviderId: tools.identityProviderId body: tools.body outputParameters: - type: object mapping: $. - name: fusionauth-retrieveidentityproviderwithid description: Retrieves the identity provider for the given Id or all the identity providers if the Id is null. hints: readOnly: true destructive: false idempotent: true call: fusionauth-identity-provider.retrieveidentityproviderwithid with: identityProviderId: tools.identityProviderId outputParameters: - type: object mapping: $. - name: fusionauth-updateidentityproviderwithid description: Updates the identity provider with the given Id. hints: readOnly: false destructive: false idempotent: true call: fusionauth-identity-provider.updateidentityproviderwithid with: identityProviderId: tools.identityProviderId body: tools.body outputParameters: - type: object mapping: $.