naftiko: 1.0.0-alpha2 info: label: Logto API references — My account description: 'Logto API references — My account. 29 operations. Lead operation: Get profile. Self-contained Naftiko capability covering one Logto business surface.' tags: - Logto - My account created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: LOGTO_API_KEY: LOGTO_API_KEY capability: consumes: - type: http namespace: logto-my-account baseUri: https://[tenant_id].logto.app description: Logto API references — My account business capability. Self-contained, no shared references. resources: - name: api-my-account path: /api/my-account operations: - name: getprofile method: GET description: Get profile outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateprofile method: PATCH description: Update profile outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-grants path: /api/my-account/grants operations: - name: getgrants method: GET description: Get all active grants outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: appType in: query type: string description: Optional application type filter. Use 'firstParty' to return grants from first-party applications only, or 'thirdParty' for third-party applications only. - name: api-my-account-grants-grantId path: /api/my-account/grants/{grantId} operations: - name: deletegrantbyid method: DELETE description: Revoke a grant by ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-my-account-identities path: /api/my-account/identities operations: - name: adduseridentities method: POST description: Add a user identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-identities-target path: /api/my-account/identities/{target} operations: - name: deleteidentity method: DELETE description: Delete a user identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: target in: path type: string required: true - name: api-my-account-identities-target-access-token path: /api/my-account/identities/{target}/access-token operations: - name: getsocialidentityaccesstoken method: GET description: Retrieve the access token issued by a third-party social provider outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: target in: path type: string required: true - name: updatesocialidentityaccesstokenbyverificationid method: PUT description: Update the access token for a social identity by verification ID outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: target in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-logto-configs path: /api/my-account/logto-configs operations: - name: getlogtoconfig method: GET description: Get logto config outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatelogtoconfig method: PATCH description: Update logto config outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-mfa-settings path: /api/my-account/mfa-settings operations: - name: getmfasettings method: GET description: Get MFA settings outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatemfasettings method: PATCH description: Update MFA settings outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-mfa-verifications path: /api/my-account/mfa-verifications operations: - name: getmfaverifications method: GET description: Get MFA verifications outputRawFormat: json outputParameters: - name: result type: object value: $. - name: addmfaverification method: POST description: Add a MFA verification outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-mfa-verifications-backup-codes path: /api/my-account/mfa-verifications/backup-codes operations: - name: getbackupcodes method: GET description: Get backup codes outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-my-account-mfa-verifications-backup-codes-generate path: /api/my-account/mfa-verifications/backup-codes/generate operations: - name: generatemyaccountbackupcodes method: POST description: Generate backup codes outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-my-account-mfa-verifications-totp path: /api/my-account/mfa-verifications/totp operations: - name: createorreplacetotpmfaverification method: PUT description: Create or replace the authenticator app outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-mfa-verifications-totp-secret-generate path: /api/my-account/mfa-verifications/totp-secret/generate operations: - name: generatetotpsecret method: POST description: Generate a TOTP secret outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-my-account-mfa-verifications-verificationId path: /api/my-account/mfa-verifications/{verificationId} operations: - name: deletemfaverification method: DELETE description: Delete an MFA verification outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-my-account-mfa-verifications-verificationId-name path: /api/my-account/mfa-verifications/{verificationId}/name operations: - name: updatemfaverificationname method: PATCH description: Update a MFA verification name outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-password path: /api/my-account/password operations: - name: updatepassword method: POST description: Update password outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-primary-email path: /api/my-account/primary-email operations: - name: updateprimaryemail method: POST description: Update primary email outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleteprimaryemail method: DELETE description: Delete primary email outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-my-account-primary-phone path: /api/my-account/primary-phone operations: - name: updateprimaryphone method: POST description: Update primary phone outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleteprimaryphone method: DELETE description: Delete primary phone outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-my-account-profile path: /api/my-account/profile operations: - name: updateotherprofile method: PATCH description: Update other profile outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-my-account-sessions path: /api/my-account/sessions operations: - name: getsessions method: GET description: Get all active sessions outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-my-account-sessions-sessionId path: /api/my-account/sessions/{sessionId} operations: - name: deletesessionbyid method: DELETE description: Revoke a session by ID outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: revokeGrantsTarget in: query type: string description: Optional target for revoking associated grants and tokens. 'all' revokes grants for every application authorized by this session. 'firstParty' revokes only firs - name: api-my-account-sso-identities-connectorId-access-token path: /api/my-account/sso-identities/{connectorId}/access-token operations: - name: getenterprisessoidentityaccesstoken method: GET description: Retrieve the access token issued by a third-party enterprise SSO provider outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: bearer token: '{{env.LOGTO_API_KEY}}' exposes: - type: rest namespace: logto-my-account-rest port: 8080 description: REST adapter for Logto API references — My account. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/my-account name: api-my-account description: REST surface for api-my-account. operations: - method: GET name: getprofile description: Get profile call: logto-my-account.getprofile outputParameters: - type: object mapping: $. - method: PATCH name: updateprofile description: Update profile call: logto-my-account.updateprofile with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/grants name: api-my-account-grants description: REST surface for api-my-account-grants. operations: - method: GET name: getgrants description: Get all active grants call: logto-my-account.getgrants with: appType: rest.appType outputParameters: - type: object mapping: $. - path: /v1/api/my-account/grants/{grantid} name: api-my-account-grants-grantid description: REST surface for api-my-account-grants-grantId. operations: - method: DELETE name: deletegrantbyid description: Revoke a grant by ID call: logto-my-account.deletegrantbyid outputParameters: - type: object mapping: $. - path: /v1/api/my-account/identities name: api-my-account-identities description: REST surface for api-my-account-identities. operations: - method: POST name: adduseridentities description: Add a user identity call: logto-my-account.adduseridentities with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/identities/{target} name: api-my-account-identities-target description: REST surface for api-my-account-identities-target. operations: - method: DELETE name: deleteidentity description: Delete a user identity call: logto-my-account.deleteidentity with: target: rest.target outputParameters: - type: object mapping: $. - path: /v1/api/my-account/identities/{target}/access-token name: api-my-account-identities-target-access-token description: REST surface for api-my-account-identities-target-access-token. operations: - method: GET name: getsocialidentityaccesstoken description: Retrieve the access token issued by a third-party social provider call: logto-my-account.getsocialidentityaccesstoken with: target: rest.target outputParameters: - type: object mapping: $. - method: PUT name: updatesocialidentityaccesstokenbyverificationid description: Update the access token for a social identity by verification ID call: logto-my-account.updatesocialidentityaccesstokenbyverificationid with: target: rest.target body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/logto-configs name: api-my-account-logto-configs description: REST surface for api-my-account-logto-configs. operations: - method: GET name: getlogtoconfig description: Get logto config call: logto-my-account.getlogtoconfig outputParameters: - type: object mapping: $. - method: PATCH name: updatelogtoconfig description: Update logto config call: logto-my-account.updatelogtoconfig with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/mfa-settings name: api-my-account-mfa-settings description: REST surface for api-my-account-mfa-settings. operations: - method: GET name: getmfasettings description: Get MFA settings call: logto-my-account.getmfasettings outputParameters: - type: object mapping: $. - method: PATCH name: updatemfasettings description: Update MFA settings call: logto-my-account.updatemfasettings with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/mfa-verifications name: api-my-account-mfa-verifications description: REST surface for api-my-account-mfa-verifications. operations: - method: GET name: getmfaverifications description: Get MFA verifications call: logto-my-account.getmfaverifications outputParameters: - type: object mapping: $. - method: POST name: addmfaverification description: Add a MFA verification call: logto-my-account.addmfaverification with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/mfa-verifications/backup-codes name: api-my-account-mfa-verifications-backup-codes description: REST surface for api-my-account-mfa-verifications-backup-codes. operations: - method: GET name: getbackupcodes description: Get backup codes call: logto-my-account.getbackupcodes outputParameters: - type: object mapping: $. - path: /v1/api/my-account/mfa-verifications/backup-codes/generate name: api-my-account-mfa-verifications-backup-codes-generate description: REST surface for api-my-account-mfa-verifications-backup-codes-generate. operations: - method: POST name: generatemyaccountbackupcodes description: Generate backup codes call: logto-my-account.generatemyaccountbackupcodes outputParameters: - type: object mapping: $. - path: /v1/api/my-account/mfa-verifications/totp name: api-my-account-mfa-verifications-totp description: REST surface for api-my-account-mfa-verifications-totp. operations: - method: PUT name: createorreplacetotpmfaverification description: Create or replace the authenticator app call: logto-my-account.createorreplacetotpmfaverification with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/mfa-verifications/totp-secret/generate name: api-my-account-mfa-verifications-totp-secret-generate description: REST surface for api-my-account-mfa-verifications-totp-secret-generate. operations: - method: POST name: generatetotpsecret description: Generate a TOTP secret call: logto-my-account.generatetotpsecret outputParameters: - type: object mapping: $. - path: /v1/api/my-account/mfa-verifications/{verificationid} name: api-my-account-mfa-verifications-verificationid description: REST surface for api-my-account-mfa-verifications-verificationId. operations: - method: DELETE name: deletemfaverification description: Delete an MFA verification call: logto-my-account.deletemfaverification outputParameters: - type: object mapping: $. - path: /v1/api/my-account/mfa-verifications/{verificationid}/name name: api-my-account-mfa-verifications-verificationid-name description: REST surface for api-my-account-mfa-verifications-verificationId-name. operations: - method: PATCH name: updatemfaverificationname description: Update a MFA verification name call: logto-my-account.updatemfaverificationname with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/password name: api-my-account-password description: REST surface for api-my-account-password. operations: - method: POST name: updatepassword description: Update password call: logto-my-account.updatepassword with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/primary-email name: api-my-account-primary-email description: REST surface for api-my-account-primary-email. operations: - method: POST name: updateprimaryemail description: Update primary email call: logto-my-account.updateprimaryemail with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteprimaryemail description: Delete primary email call: logto-my-account.deleteprimaryemail outputParameters: - type: object mapping: $. - path: /v1/api/my-account/primary-phone name: api-my-account-primary-phone description: REST surface for api-my-account-primary-phone. operations: - method: POST name: updateprimaryphone description: Update primary phone call: logto-my-account.updateprimaryphone with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteprimaryphone description: Delete primary phone call: logto-my-account.deleteprimaryphone outputParameters: - type: object mapping: $. - path: /v1/api/my-account/profile name: api-my-account-profile description: REST surface for api-my-account-profile. operations: - method: PATCH name: updateotherprofile description: Update other profile call: logto-my-account.updateotherprofile with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/my-account/sessions name: api-my-account-sessions description: REST surface for api-my-account-sessions. operations: - method: GET name: getsessions description: Get all active sessions call: logto-my-account.getsessions outputParameters: - type: object mapping: $. - path: /v1/api/my-account/sessions/{sessionid} name: api-my-account-sessions-sessionid description: REST surface for api-my-account-sessions-sessionId. operations: - method: DELETE name: deletesessionbyid description: Revoke a session by ID call: logto-my-account.deletesessionbyid with: revokeGrantsTarget: rest.revokeGrantsTarget outputParameters: - type: object mapping: $. - path: /v1/api/my-account/sso-identities/{connectorid}/access-token name: api-my-account-sso-identities-connectorid-access-token description: REST surface for api-my-account-sso-identities-connectorId-access-token. operations: - method: GET name: getenterprisessoidentityaccesstoken description: Retrieve the access token issued by a third-party enterprise SSO provider call: logto-my-account.getenterprisessoidentityaccesstoken outputParameters: - type: object mapping: $. - type: mcp namespace: logto-my-account-mcp port: 9090 transport: http description: MCP adapter for Logto API references — My account. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-profile description: Get profile hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getprofile outputParameters: - type: object mapping: $. - name: update-profile description: Update profile hints: readOnly: false destructive: false idempotent: true call: logto-my-account.updateprofile with: body: tools.body outputParameters: - type: object mapping: $. - name: get-all-active-grants description: Get all active grants hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getgrants with: appType: tools.appType outputParameters: - type: object mapping: $. - name: revoke-grant-id description: Revoke a grant by ID hints: readOnly: false destructive: true idempotent: true call: logto-my-account.deletegrantbyid outputParameters: - type: object mapping: $. - name: add-user-identity description: Add a user identity hints: readOnly: false destructive: false idempotent: false call: logto-my-account.adduseridentities with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-user-identity description: Delete a user identity hints: readOnly: false destructive: true idempotent: true call: logto-my-account.deleteidentity with: target: tools.target outputParameters: - type: object mapping: $. - name: retrieve-access-token-issued-third description: Retrieve the access token issued by a third-party social provider hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getsocialidentityaccesstoken with: target: tools.target outputParameters: - type: object mapping: $. - name: update-access-token-social-identity description: Update the access token for a social identity by verification ID hints: readOnly: false destructive: false idempotent: true call: logto-my-account.updatesocialidentityaccesstokenbyverificationid with: target: tools.target body: tools.body outputParameters: - type: object mapping: $. - name: get-logto-config description: Get logto config hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getlogtoconfig outputParameters: - type: object mapping: $. - name: update-logto-config description: Update logto config hints: readOnly: false destructive: false idempotent: true call: logto-my-account.updatelogtoconfig with: body: tools.body outputParameters: - type: object mapping: $. - name: get-mfa-settings description: Get MFA settings hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getmfasettings outputParameters: - type: object mapping: $. - name: update-mfa-settings description: Update MFA settings hints: readOnly: false destructive: false idempotent: true call: logto-my-account.updatemfasettings with: body: tools.body outputParameters: - type: object mapping: $. - name: get-mfa-verifications description: Get MFA verifications hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getmfaverifications outputParameters: - type: object mapping: $. - name: add-mfa-verification description: Add a MFA verification hints: readOnly: false destructive: false idempotent: false call: logto-my-account.addmfaverification with: body: tools.body outputParameters: - type: object mapping: $. - name: get-backup-codes description: Get backup codes hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getbackupcodes outputParameters: - type: object mapping: $. - name: generate-backup-codes description: Generate backup codes hints: readOnly: false destructive: false idempotent: false call: logto-my-account.generatemyaccountbackupcodes outputParameters: - type: object mapping: $. - name: create-replace-authenticator-app description: Create or replace the authenticator app hints: readOnly: false destructive: false idempotent: true call: logto-my-account.createorreplacetotpmfaverification with: body: tools.body outputParameters: - type: object mapping: $. - name: generate-totp-secret description: Generate a TOTP secret hints: readOnly: false destructive: false idempotent: false call: logto-my-account.generatetotpsecret outputParameters: - type: object mapping: $. - name: delete-mfa-verification description: Delete an MFA verification hints: readOnly: false destructive: true idempotent: true call: logto-my-account.deletemfaverification outputParameters: - type: object mapping: $. - name: update-mfa-verification-name description: Update a MFA verification name hints: readOnly: false destructive: false idempotent: true call: logto-my-account.updatemfaverificationname with: body: tools.body outputParameters: - type: object mapping: $. - name: update-password description: Update password hints: readOnly: false destructive: false idempotent: false call: logto-my-account.updatepassword with: body: tools.body outputParameters: - type: object mapping: $. - name: update-primary-email description: Update primary email hints: readOnly: false destructive: false idempotent: false call: logto-my-account.updateprimaryemail with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-primary-email description: Delete primary email hints: readOnly: false destructive: true idempotent: true call: logto-my-account.deleteprimaryemail outputParameters: - type: object mapping: $. - name: update-primary-phone description: Update primary phone hints: readOnly: false destructive: false idempotent: false call: logto-my-account.updateprimaryphone with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-primary-phone description: Delete primary phone hints: readOnly: false destructive: true idempotent: true call: logto-my-account.deleteprimaryphone outputParameters: - type: object mapping: $. - name: update-other-profile description: Update other profile hints: readOnly: false destructive: false idempotent: true call: logto-my-account.updateotherprofile with: body: tools.body outputParameters: - type: object mapping: $. - name: get-all-active-sessions description: Get all active sessions hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getsessions outputParameters: - type: object mapping: $. - name: revoke-session-id description: Revoke a session by ID hints: readOnly: false destructive: true idempotent: true call: logto-my-account.deletesessionbyid with: revokeGrantsTarget: tools.revokeGrantsTarget outputParameters: - type: object mapping: $. - name: retrieve-access-token-issued-third-2 description: Retrieve the access token issued by a third-party enterprise SSO provider hints: readOnly: true destructive: false idempotent: true call: logto-my-account.getenterprisessoidentityaccesstoken outputParameters: - type: object mapping: $.