naftiko: 1.0.0-alpha2 info: label: Core API — auth controls description: 'Core API — auth controls. 8 operations. Lead operation: Lists all global auth control exceptions for the program. Self-contained Naftiko capability covering one Marqeta business surface.' tags: - Marqeta - auth controls created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: MARQETA_API_KEY: MARQETA_API_KEY capability: consumes: - type: http namespace: core-auth-controls baseUri: '' description: Core API — auth controls business capability. Self-contained, no shared references. resources: - name: authcontrols path: /authcontrols operations: - name: getauthcontrols method: GET description: Lists all global auth control exceptions for the program outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: card_product in: query type: string description: Card product token. Use "null" to get auth controls that are not associated with any card product. - name: user in: query type: string description: User token. Use "null" to get auth controls that are not associated with any user. - name: count in: query type: integer description: Number of items to retrieve. Count can be between 1 - 10 items. - name: start_index in: query type: integer description: Indicates from what row to start returning data. - name: fields in: query type: string description: Comma-delimited list of fields to return (e.g. field_1,field_2,..). Leave blank to return all fields. - name: sort_by in: query type: string description: Field by which to sort the returned items. Use any field in the model, or system fields lastModifiedTime or createdTime. - name: postauthcontrols method: POST description: Creates an auth control exception outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: authcontrols-exemptmids path: /authcontrols/exemptmids operations: - name: getauthcontrolsexemptmids method: GET description: Lists all auth control exempted MIDs for the program outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: card_product in: query type: string description: Card product token. Use "null" to get auth controls that are not associated with any card product. - name: user in: query type: string description: User token. Use "null" to get auth controls that are not associated with any user. - name: count in: query type: integer description: Number of items to retrieve. Count can be between 1 - 10 items. - name: start_index in: query type: integer description: Indicates from what row to start returning data. - name: fields in: query type: string description: Comma-delimited list of fields to return (e.g. field_1,field_2,..). Leave blank to return all fields. - name: sort_by in: query type: string description: Field by which to sort the returned items. Use any field in the model, or system fields lastModifiedTime or createdTime. - name: postauthcontrolsexemptmids method: POST description: Creates an auth control for exempting MIDs outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: authcontrols-exemptmids-token path: /authcontrols/exemptmids/{token} operations: - name: getauthcontrolsexemptmidstoken method: GET description: Returns a specific auth control exemptmids outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: token in: path type: string description: Auth control token required: true - name: putauthcontrolsexemptmidstoken method: PUT description: Updates the status an auth control exemptmids outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: token in: path type: string description: Auth control token required: true - name: body in: body type: object description: Request body (JSON). required: false - name: authcontrols-token path: /authcontrols/{token} operations: - name: getauthcontrolstoken method: GET description: Returns a specific auth control exception outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: token in: path type: string description: Auth control token required: true - name: fields in: query type: string description: Comma-delimited list of fields to return (e.g. field_1,field_2,..). Leave blank to return all fields. - name: putauthcontrolstoken method: PUT description: Updates an auth control exception outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: token in: path type: string description: Auth control token required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: basic username: '{{env.MARQETA_USER}}' password: '{{env.MARQETA_PASS}}' exposes: - type: rest namespace: core-auth-controls-rest port: 8080 description: REST adapter for Core API — auth controls. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/authcontrols name: authcontrols description: REST surface for authcontrols. operations: - method: GET name: getauthcontrols description: Lists all global auth control exceptions for the program call: core-auth-controls.getauthcontrols with: card_product: rest.card_product user: rest.user count: rest.count start_index: rest.start_index fields: rest.fields sort_by: rest.sort_by outputParameters: - type: object mapping: $. - method: POST name: postauthcontrols description: Creates an auth control exception call: core-auth-controls.postauthcontrols with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authcontrols/exemptmids name: authcontrols-exemptmids description: REST surface for authcontrols-exemptmids. operations: - method: GET name: getauthcontrolsexemptmids description: Lists all auth control exempted MIDs for the program call: core-auth-controls.getauthcontrolsexemptmids with: card_product: rest.card_product user: rest.user count: rest.count start_index: rest.start_index fields: rest.fields sort_by: rest.sort_by outputParameters: - type: object mapping: $. - method: POST name: postauthcontrolsexemptmids description: Creates an auth control for exempting MIDs call: core-auth-controls.postauthcontrolsexemptmids with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authcontrols/exemptmids/{token} name: authcontrols-exemptmids-token description: REST surface for authcontrols-exemptmids-token. operations: - method: GET name: getauthcontrolsexemptmidstoken description: Returns a specific auth control exemptmids call: core-auth-controls.getauthcontrolsexemptmidstoken with: token: rest.token outputParameters: - type: object mapping: $. - method: PUT name: putauthcontrolsexemptmidstoken description: Updates the status an auth control exemptmids call: core-auth-controls.putauthcontrolsexemptmidstoken with: token: rest.token body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authcontrols/{token} name: authcontrols-token description: REST surface for authcontrols-token. operations: - method: GET name: getauthcontrolstoken description: Returns a specific auth control exception call: core-auth-controls.getauthcontrolstoken with: token: rest.token fields: rest.fields outputParameters: - type: object mapping: $. - method: PUT name: putauthcontrolstoken description: Updates an auth control exception call: core-auth-controls.putauthcontrolstoken with: token: rest.token body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: core-auth-controls-mcp port: 9090 transport: http description: MCP adapter for Core API — auth controls. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: lists-all-global-auth-control description: Lists all global auth control exceptions for the program hints: readOnly: true destructive: false idempotent: true call: core-auth-controls.getauthcontrols with: card_product: tools.card_product user: tools.user count: tools.count start_index: tools.start_index fields: tools.fields sort_by: tools.sort_by outputParameters: - type: object mapping: $. - name: creates-auth-control-exception description: Creates an auth control exception hints: readOnly: false destructive: false idempotent: false call: core-auth-controls.postauthcontrols with: body: tools.body outputParameters: - type: object mapping: $. - name: lists-all-auth-control-exempted description: Lists all auth control exempted MIDs for the program hints: readOnly: true destructive: false idempotent: true call: core-auth-controls.getauthcontrolsexemptmids with: card_product: tools.card_product user: tools.user count: tools.count start_index: tools.start_index fields: tools.fields sort_by: tools.sort_by outputParameters: - type: object mapping: $. - name: creates-auth-control-exempting-mids description: Creates an auth control for exempting MIDs hints: readOnly: false destructive: false idempotent: false call: core-auth-controls.postauthcontrolsexemptmids with: body: tools.body outputParameters: - type: object mapping: $. - name: returns-specific-auth-control-exemptmids description: Returns a specific auth control exemptmids hints: readOnly: true destructive: false idempotent: true call: core-auth-controls.getauthcontrolsexemptmidstoken with: token: tools.token outputParameters: - type: object mapping: $. - name: updates-status-auth-control-exemptmids description: Updates the status an auth control exemptmids hints: readOnly: false destructive: false idempotent: true call: core-auth-controls.putauthcontrolsexemptmidstoken with: token: tools.token body: tools.body outputParameters: - type: object mapping: $. - name: returns-specific-auth-control-exception description: Returns a specific auth control exception hints: readOnly: true destructive: false idempotent: true call: core-auth-controls.getauthcontrolstoken with: token: tools.token fields: tools.fields outputParameters: - type: object mapping: $. - name: updates-auth-control-exception description: Updates an auth control exception hints: readOnly: false destructive: false idempotent: true call: core-auth-controls.putauthcontrolstoken with: token: tools.token body: tools.body outputParameters: - type: object mapping: $.