generated: '2026-07-15' method: generated source: openapi/kinde-so-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 175 by_action_class: connected: 64 acting: 111 by_consequence: read: 64 write: 99 safety-critical: 12 human_in_the_loop_required: 12 operations: - path: /api/v1/api_keys method: get operationId: getApiKeys x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/api_keys method: post operationId: createApiKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/api_keys/{key_id} method: get operationId: getApiKey x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/api_keys/{key_id} method: put operationId: rotateApiKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/api_keys/{key_id} method: delete operationId: deleteApiKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/api_keys/verify method: post operationId: verifyApiKey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/apis method: get operationId: getAPIs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/apis method: post operationId: addAPIs x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/apis/{api_id} method: get operationId: getAPI x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/apis/{api_id} method: delete operationId: deleteAPI x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/apis/{api_id}/scopes method: get operationId: getAPIScopes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/apis/{api_id}/scopes method: post operationId: addAPIScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/apis/{api_id}/scopes/{scope_id} method: get operationId: getAPIScope x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/apis/{api_id}/scopes/{scope_id} method: patch operationId: updateAPIScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/apis/{api_id}/scopes/{scope_id} method: delete operationId: deleteAPIScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/apis/{api_id}/applications method: patch operationId: updateAPIApplications x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/apis/{api_id}/applications/{application_id}/scopes/{scope_id} method: post operationId: addAPIApplicationScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/apis/{api_id}/applications/{application_id}/scopes/{scope_id} method: delete operationId: deleteAPIApplicationScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications method: get operationId: getApplications x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/applications method: post operationId: createApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{application_id} method: get operationId: getApplication x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/applications/{application_id} method: patch operationId: updateApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{application_id} method: delete operationId: deleteApplication x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{application_id}/connections method: get operationId: GetApplicationConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/applications/{application_id}/connections/{connection_id} method: post operationId: EnableConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{application_id}/connections/{connection_id} method: delete operationId: RemoveConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{application_id}/properties method: get operationId: getApplicationPropertyValues x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/applications/{application_id}/properties/{property_key} method: put operationId: updateApplicationsProperty x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{application_id}/tokens method: patch operationId: updateApplicationTokens x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/billing/entitlements method: get operationId: getBillingEntitlements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/billing/agreements method: get operationId: getBillingAgreements x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/billing/agreements method: post operationId: createBillingAgreement x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/billing/meter_usage method: post operationId: createMeterUsageRecord x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/business method: get operationId: getBusiness x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/business method: patch operationId: updateBusiness x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/industries method: get operationId: getIndustries x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/timezones method: get operationId: getTimezones x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/applications/{app_id}/auth_redirect_urls method: get operationId: getCallbackURLs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/applications/{app_id}/auth_redirect_urls method: post operationId: addRedirectCallbackURLs x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{app_id}/auth_redirect_urls method: put operationId: replaceRedirectCallbackURLs x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{app_id}/auth_redirect_urls method: delete operationId: deleteCallbackURLs x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{app_id}/auth_logout_urls method: get operationId: getLogoutURLs x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/applications/{app_id}/auth_logout_urls method: post operationId: addLogoutRedirectURLs x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{app_id}/auth_logout_urls method: put operationId: replaceLogoutRedirectURLs x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/applications/{app_id}/auth_logout_urls method: delete operationId: deleteLogoutURLs x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/connected_apps/auth_url method: get operationId: GetConnectedAppAuthUrl x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/connected_apps/token method: get operationId: GetConnectedAppToken x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/connected_apps/revoke method: post operationId: RevokeConnectedAppToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/connections method: get operationId: GetConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/connections method: post operationId: CreateConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/connections/{connection_id} method: get operationId: GetConnection x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/connections/{connection_id} method: put operationId: ReplaceConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/connections/{connection_id} method: patch operationId: UpdateConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/connections/{connection_id} method: delete operationId: deleteConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/directories method: get operationId: getDirectories x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/directories method: post operationId: createDirectory x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/directories/{directory_id} method: get operationId: getDirectory x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/directories/{directory_id} method: patch operationId: updateDirectory x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/directories/{directory_id} method: delete operationId: deleteDirectory x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/environment method: get operationId: getEnvironment x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/environment/feature_flags method: get operationId: GetEnvironementFeatureFlags x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/environment/feature_flags method: delete operationId: DeleteEnvironementFeatureFlagOverrides x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/environment/feature_flags/{feature_flag_key} method: patch operationId: UpdateEnvironementFeatureFlagOverride x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/environment/feature_flags/{feature_flag_key} method: delete operationId: DeleteEnvironementFeatureFlagOverride x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/environment/logos method: get operationId: ReadLogo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/environment/logos/{type} method: put operationId: AddLogo x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/environment/logos/{type} method: delete operationId: DeleteLogo x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/environment_variables method: get operationId: getEnvironmentVariables x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/environment_variables method: post operationId: createEnvironmentVariable x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/environment_variables/{variable_id} method: get operationId: getEnvironmentVariable x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/environment_variables/{variable_id} method: patch operationId: updateEnvironmentVariable x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/environment_variables/{variable_id} method: delete operationId: deleteEnvironmentVariable x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/feature_flags method: post operationId: CreateFeatureFlag x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/feature_flags/{feature_flag_key} method: put operationId: UpdateFeatureFlag x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/feature_flags/{feature_flag_key} method: delete operationId: DeleteFeatureFlag x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identities/{identity_id} method: get operationId: GetIdentity x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/identities/{identity_id} method: patch operationId: UpdateIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/identities/{identity_id} method: delete operationId: DeleteIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization/{org_code}/invites method: get operationId: getOrganizationInvites x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organization/{org_code}/invites method: post operationId: createOrganizationInvite x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization/{org_code}/invites/{invite_code} method: get operationId: getOrganizationInvite x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organization/{org_code}/invites/{invite_code} method: delete operationId: deleteOrganizationInvite x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/mfa method: put operationId: ReplaceMFA x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization method: get operationId: getOrganization x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organization method: post operationId: createOrganization x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations method: get operationId: getOrganizations x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organization/{org_code} method: patch operationId: updateOrganization x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization/{org_code} method: delete operationId: deleteOrganization x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users method: get operationId: GetOrganizationUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/users method: post operationId: AddOrganizationUsers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users method: patch operationId: UpdateOrganizationUsers x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users/{user_id}/roles method: get operationId: GetOrganizationUserRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/users/{user_id}/roles method: post operationId: CreateOrganizationUserRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users/{user_id}/roles/{role_id} method: delete operationId: DeleteOrganizationUserRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/roles/{role_id}/users method: get operationId: GetOrganizationRoleUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/users/{user_id}/permissions method: get operationId: GetOrganizationUserPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/users/{user_id}/permissions method: post operationId: CreateOrganizationUserPermission x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users/{user_id}/permissions/{permission_id} method: delete operationId: DeleteOrganizationUserPermission x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users/{user_id} method: delete operationId: RemoveOrganizationUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users/{user_id}/apis/{api_id}/scopes/{scope_id} method: post operationId: addOrganizationUserAPIScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users/{user_id}/apis/{api_id}/scopes/{scope_id} method: delete operationId: deleteOrganizationUserAPIScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/users/{user_id}/mfa method: get operationId: GetOrgUserMFA x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/users/{user_id}/mfa method: delete operationId: ResetOrgUserMFAAll x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/organizations/{org_code}/users/{user_id}/mfa/{factor_id} method: delete operationId: ResetOrgUserMFA x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/organizations/{org_code}/feature_flags method: get operationId: GetOrganizationFeatureFlags x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/feature_flags method: delete operationId: DeleteOrganizationFeatureFlagOverrides x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/organizations/{org_code}/feature_flags/{feature_flag_key} method: patch operationId: UpdateOrganizationFeatureFlagOverride x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/organizations/{org_code}/feature_flags/{feature_flag_key} method: delete operationId: DeleteOrganizationFeatureFlagOverride x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/organizations/{org_code}/properties/{property_key} method: put operationId: UpdateOrganizationProperty x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/properties method: get operationId: GetOrganizationPropertyValues x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/properties method: patch operationId: UpdateOrganizationProperties x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/mfa method: put operationId: ReplaceOrganizationMFA x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/passkey method: get operationId: GetOrganizationPasskey x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/passkey method: put operationId: UpdateOrganizationPasskey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organization/{org_code}/handle method: delete operationId: DeleteOrganizationHandle x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/logos method: get operationId: ReadOrganizationLogo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{org_code}/logos/{type} method: post operationId: AddOrganizationLogo x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/logos/{type} method: delete operationId: DeleteOrganizationLogo x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{organization_code}/connections method: get operationId: GetOrganizationConnections x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/organizations/{organization_code}/connections/{connection_id} method: post operationId: EnableOrgConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{organization_code}/connections/{connection_id} method: delete operationId: RemoveOrgConnection x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/organizations/{org_code}/sessions method: patch operationId: UpdateOrganizationSessions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/passkey method: get operationId: GetPasskey x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/passkey method: put operationId: UpdatePasskey x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/permissions method: get operationId: GetPermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/permissions method: post operationId: CreatePermission x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/permissions/{permission_id} method: patch operationId: UpdatePermissions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/permissions/{permission_id} method: delete operationId: DeletePermission x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/properties method: get operationId: GetProperties x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/properties method: post operationId: CreateProperty x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/properties/{property_id} method: put operationId: UpdateProperty x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/properties/{property_id} method: delete operationId: DeleteProperty x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/property_categories method: get operationId: GetCategories x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/property_categories method: post operationId: CreateCategory x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/property_categories/{category_id} method: put operationId: UpdateCategory x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/roles method: get operationId: GetRoles x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/roles method: post operationId: CreateRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/roles/{role_id} method: get operationId: GetRole x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/roles/{role_id} method: patch operationId: UpdateRoles x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/roles/{role_id} method: delete operationId: DeleteRole x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/roles/{role_id}/scopes method: get operationId: GetRoleScopes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/roles/{role_id}/scopes method: post operationId: AddRoleScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/roles/{role_id}/scopes/{scope_id} method: delete operationId: DeleteRoleScope x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/roles/{role_id}/permissions method: get operationId: GetRolePermissions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/roles/{role_id}/permissions method: patch operationId: UpdateRolePermissions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/roles/{role_id}/users method: get operationId: GetRoleUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/roles/{role_id}/permissions/{permission_id} method: delete operationId: RemoveRolePermission x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/search/users method: get operationId: searchUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/subscribers method: get operationId: GetSubscribers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/subscribers method: post operationId: CreateSubscriber x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/subscribers/{subscriber_id} method: get operationId: GetSubscriber x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/users method: get operationId: getUsers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/users/{user_id}/refresh_claims method: post operationId: refreshUserClaims x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/user method: get operationId: getUserData x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/user method: post operationId: createUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/user method: patch operationId: updateUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/user method: delete operationId: deleteUser x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/users/{user_id}/feature_flags/{feature_flag_key} method: patch operationId: UpdateUserFeatureFlagOverride x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/users/{user_id}/properties/{property_key} method: put operationId: UpdateUserProperty x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/users/{user_id}/properties method: get operationId: GetUserPropertyValues x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/users/{user_id}/properties method: patch operationId: UpdateUserProperties x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/users/{user_id}/password method: put operationId: SetUserPassword x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/users/{user_id}/identities method: get operationId: GetUserIdentities x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/users/{user_id}/identities method: post operationId: CreateUserIdentity x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/users/{user_id}/sessions method: get operationId: GetUserSessions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/users/{user_id}/sessions method: delete operationId: DeleteUserSessions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/users/{user_id}/mfa method: get operationId: GetUsersMFA x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/users/{user_id}/mfa method: delete operationId: ResetUsersMFAAll x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/users/{user_id}/mfa/{factor_id} method: delete operationId: ResetUsersMFA x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /api/v1/events/{event_id} method: get operationId: GetEvent x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/event_types method: get operationId: GetEventTypes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/webhooks/{webhook_id} method: patch operationId: UpdateWebHook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/webhooks/{webhook_id} method: delete operationId: DeleteWebHook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /api/v1/webhooks method: get operationId: GetWebHooks x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /api/v1/webhooks method: post operationId: CreateWebHook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required