naftiko: 1.0.0-alpha2 info: label: Logto API references — Roles description: 'Logto API references — Roles. 14 operations. Lead operation: Get roles. Self-contained Naftiko capability covering one Logto business surface.' tags: - Logto - Roles created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: LOGTO_API_KEY: LOGTO_API_KEY capability: consumes: - type: http namespace: logto-roles baseUri: https://[tenant_id].logto.app description: Logto API references — Roles business capability. Self-contained, no shared references. resources: - name: api-roles path: /api/roles operations: - name: listroles method: GET description: Get roles outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: excludeUserId in: query type: string description: Exclude roles assigned to a user. - name: excludeApplicationId in: query type: string description: Exclude roles assigned to an application. - name: type in: query type: string description: Filter by role type. - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. - name: createrole method: POST description: Create a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-roles-id path: /api/roles/{id} operations: - name: getrole method: GET description: Get role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updaterole method: PATCH description: Update role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleterole method: DELETE description: Delete role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-roles-id-applications path: /api/roles/{id}/applications operations: - name: listroleapplications method: GET description: Get role applications outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. - name: createroleapplication method: POST description: Assign role to applications outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-roles-id-applications-applicationId path: /api/roles/{id}/applications/{applicationId} operations: - name: deleteroleapplication method: DELETE description: Remove role from application outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-roles-id-scopes path: /api/roles/{id}/scopes operations: - name: listrolescopes method: GET description: Get role scopes outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. - name: createrolescope method: POST description: Link scopes to role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-roles-id-scopes-scopeId path: /api/roles/{id}/scopes/{scopeId} operations: - name: deleterolescope method: DELETE description: Unlink scope from role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-roles-id-users path: /api/roles/{id}/users operations: - name: listroleusers method: GET description: Get role users outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. - name: createroleuser method: POST description: Assign role to users outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-roles-id-users-userId path: /api/roles/{id}/users/{userId} operations: - name: deleteroleuser method: DELETE description: Remove role from user outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: bearer token: '{{env.LOGTO_API_KEY}}' exposes: - type: rest namespace: logto-roles-rest port: 8080 description: REST adapter for Logto API references — Roles. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/roles name: api-roles description: REST surface for api-roles. operations: - method: GET name: listroles description: Get roles call: logto-roles.listroles with: excludeUserId: rest.excludeUserId excludeApplicationId: rest.excludeApplicationId type: rest.type page: rest.page page_size: rest.page_size search_params: rest.search_params outputParameters: - type: object mapping: $. - method: POST name: createrole description: Create a role call: logto-roles.createrole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/roles/{id} name: api-roles-id description: REST surface for api-roles-id. operations: - method: GET name: getrole description: Get role call: logto-roles.getrole outputParameters: - type: object mapping: $. - method: PATCH name: updaterole description: Update role call: logto-roles.updaterole with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleterole description: Delete role call: logto-roles.deleterole outputParameters: - type: object mapping: $. - path: /v1/api/roles/{id}/applications name: api-roles-id-applications description: REST surface for api-roles-id-applications. operations: - method: GET name: listroleapplications description: Get role applications call: logto-roles.listroleapplications with: page: rest.page page_size: rest.page_size search_params: rest.search_params outputParameters: - type: object mapping: $. - method: POST name: createroleapplication description: Assign role to applications call: logto-roles.createroleapplication with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/roles/{id}/applications/{applicationid} name: api-roles-id-applications-applicationid description: REST surface for api-roles-id-applications-applicationId. operations: - method: DELETE name: deleteroleapplication description: Remove role from application call: logto-roles.deleteroleapplication outputParameters: - type: object mapping: $. - path: /v1/api/roles/{id}/scopes name: api-roles-id-scopes description: REST surface for api-roles-id-scopes. operations: - method: GET name: listrolescopes description: Get role scopes call: logto-roles.listrolescopes with: page: rest.page page_size: rest.page_size search_params: rest.search_params outputParameters: - type: object mapping: $. - method: POST name: createrolescope description: Link scopes to role call: logto-roles.createrolescope with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/roles/{id}/scopes/{scopeid} name: api-roles-id-scopes-scopeid description: REST surface for api-roles-id-scopes-scopeId. operations: - method: DELETE name: deleterolescope description: Unlink scope from role call: logto-roles.deleterolescope outputParameters: - type: object mapping: $. - path: /v1/api/roles/{id}/users name: api-roles-id-users description: REST surface for api-roles-id-users. operations: - method: GET name: listroleusers description: Get role users call: logto-roles.listroleusers with: page: rest.page page_size: rest.page_size search_params: rest.search_params outputParameters: - type: object mapping: $. - method: POST name: createroleuser description: Assign role to users call: logto-roles.createroleuser with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/roles/{id}/users/{userid} name: api-roles-id-users-userid description: REST surface for api-roles-id-users-userId. operations: - method: DELETE name: deleteroleuser description: Remove role from user call: logto-roles.deleteroleuser outputParameters: - type: object mapping: $. - type: mcp namespace: logto-roles-mcp port: 9090 transport: http description: MCP adapter for Logto API references — Roles. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-roles description: Get roles hints: readOnly: true destructive: false idempotent: true call: logto-roles.listroles with: excludeUserId: tools.excludeUserId excludeApplicationId: tools.excludeApplicationId type: tools.type page: tools.page page_size: tools.page_size search_params: tools.search_params outputParameters: - type: object mapping: $. - name: create-role description: Create a role hints: readOnly: false destructive: false idempotent: false call: logto-roles.createrole with: body: tools.body outputParameters: - type: object mapping: $. - name: get-role description: Get role hints: readOnly: true destructive: false idempotent: true call: logto-roles.getrole outputParameters: - type: object mapping: $. - name: update-role description: Update role hints: readOnly: false destructive: false idempotent: true call: logto-roles.updaterole with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-role description: Delete role hints: readOnly: false destructive: true idempotent: true call: logto-roles.deleterole outputParameters: - type: object mapping: $. - name: get-role-applications description: Get role applications hints: readOnly: true destructive: false idempotent: true call: logto-roles.listroleapplications with: page: tools.page page_size: tools.page_size search_params: tools.search_params outputParameters: - type: object mapping: $. - name: assign-role-applications description: Assign role to applications hints: readOnly: false destructive: false idempotent: false call: logto-roles.createroleapplication with: body: tools.body outputParameters: - type: object mapping: $. - name: remove-role-application description: Remove role from application hints: readOnly: false destructive: true idempotent: true call: logto-roles.deleteroleapplication outputParameters: - type: object mapping: $. - name: get-role-scopes description: Get role scopes hints: readOnly: true destructive: false idempotent: true call: logto-roles.listrolescopes with: page: tools.page page_size: tools.page_size search_params: tools.search_params outputParameters: - type: object mapping: $. - name: link-scopes-role description: Link scopes to role hints: readOnly: false destructive: false idempotent: false call: logto-roles.createrolescope with: body: tools.body outputParameters: - type: object mapping: $. - name: unlink-scope-role description: Unlink scope from role hints: readOnly: false destructive: true idempotent: true call: logto-roles.deleterolescope outputParameters: - type: object mapping: $. - name: get-role-users description: Get role users hints: readOnly: true destructive: false idempotent: true call: logto-roles.listroleusers with: page: tools.page page_size: tools.page_size search_params: tools.search_params outputParameters: - type: object mapping: $. - name: assign-role-users description: Assign role to users hints: readOnly: false destructive: false idempotent: false call: logto-roles.createroleuser with: body: tools.body outputParameters: - type: object mapping: $. - name: remove-role-user description: Remove role from user hints: readOnly: false destructive: true idempotent: true call: logto-roles.deleteroleuser outputParameters: - type: object mapping: $.