naftiko: 1.0.0-alpha2 info: label: Microsoft Entra Microsoft Graph Identity API — ServicePrincipals description: 'Microsoft Entra Microsoft Graph Identity API — ServicePrincipals. 7 operations. Lead operation: Microsoft Entra List Service Principals. Self-contained Naftiko capability covering one Microsoft Entra business surface.' tags: - Microsoft Entra - ServicePrincipals created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: MICROSOFT_ENTRA_API_KEY: MICROSOFT_ENTRA_API_KEY capability: consumes: - type: http namespace: graph-identity-serviceprincipals baseUri: https://graph.microsoft.com/v1.0 description: Microsoft Entra Microsoft Graph Identity API — ServicePrincipals business capability. Self-contained, no shared references. resources: - name: servicePrincipals path: /servicePrincipals operations: - name: listserviceprincipals method: GET description: Microsoft Entra List Service Principals outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createserviceprincipal method: POST description: Microsoft Entra Create Service Principal outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: servicePrincipals-servicePrincipal-id path: /servicePrincipals/{servicePrincipal-id} operations: - name: getserviceprincipal method: GET description: Microsoft Entra Get Service Principal outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateserviceprincipal method: PATCH description: Microsoft Entra Update Service Principal outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleteserviceprincipal method: DELETE description: Microsoft Entra Delete Service Principal outputRawFormat: json outputParameters: - name: result type: object value: $. - name: servicePrincipals-servicePrincipal-id-appRoleAssignments path: /servicePrincipals/{servicePrincipal-id}/appRoleAssignments operations: - name: listserviceprincipalapproleassignments method: GET description: Microsoft Entra List App Role Assignments outputRawFormat: json outputParameters: - name: result type: object value: $. - name: grantserviceprincipalapproleassignment method: POST description: Microsoft Entra Grant App Role Assignment outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.MICROSOFT_ENTRA_API_KEY}}' exposes: - type: rest namespace: graph-identity-serviceprincipals-rest port: 8080 description: REST adapter for Microsoft Entra Microsoft Graph Identity API — ServicePrincipals. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/serviceprincipals name: serviceprincipals description: REST surface for servicePrincipals. operations: - method: GET name: listserviceprincipals description: Microsoft Entra List Service Principals call: graph-identity-serviceprincipals.listserviceprincipals outputParameters: - type: object mapping: $. - method: POST name: createserviceprincipal description: Microsoft Entra Create Service Principal call: graph-identity-serviceprincipals.createserviceprincipal with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/serviceprincipals/{serviceprincipal-id} name: serviceprincipals-serviceprincipal-id description: REST surface for servicePrincipals-servicePrincipal-id. operations: - method: GET name: getserviceprincipal description: Microsoft Entra Get Service Principal call: graph-identity-serviceprincipals.getserviceprincipal outputParameters: - type: object mapping: $. - method: PATCH name: updateserviceprincipal description: Microsoft Entra Update Service Principal call: graph-identity-serviceprincipals.updateserviceprincipal with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteserviceprincipal description: Microsoft Entra Delete Service Principal call: graph-identity-serviceprincipals.deleteserviceprincipal outputParameters: - type: object mapping: $. - path: /v1/serviceprincipals/{serviceprincipal-id}/approleassignments name: serviceprincipals-serviceprincipal-id-approleassignments description: REST surface for servicePrincipals-servicePrincipal-id-appRoleAssignments. operations: - method: GET name: listserviceprincipalapproleassignments description: Microsoft Entra List App Role Assignments call: graph-identity-serviceprincipals.listserviceprincipalapproleassignments outputParameters: - type: object mapping: $. - method: POST name: grantserviceprincipalapproleassignment description: Microsoft Entra Grant App Role Assignment call: graph-identity-serviceprincipals.grantserviceprincipalapproleassignment with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: graph-identity-serviceprincipals-mcp port: 9090 transport: http description: MCP adapter for Microsoft Entra Microsoft Graph Identity API — ServicePrincipals. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: microsoft-entra-list-service-principals description: Microsoft Entra List Service Principals hints: readOnly: true destructive: false idempotent: true call: graph-identity-serviceprincipals.listserviceprincipals outputParameters: - type: object mapping: $. - name: microsoft-entra-create-service-principal description: Microsoft Entra Create Service Principal hints: readOnly: false destructive: false idempotent: false call: graph-identity-serviceprincipals.createserviceprincipal with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-entra-get-service-principal description: Microsoft Entra Get Service Principal hints: readOnly: true destructive: false idempotent: true call: graph-identity-serviceprincipals.getserviceprincipal outputParameters: - type: object mapping: $. - name: microsoft-entra-update-service-principal description: Microsoft Entra Update Service Principal hints: readOnly: false destructive: false idempotent: true call: graph-identity-serviceprincipals.updateserviceprincipal with: body: tools.body outputParameters: - type: object mapping: $. - name: microsoft-entra-delete-service-principal description: Microsoft Entra Delete Service Principal hints: readOnly: false destructive: true idempotent: true call: graph-identity-serviceprincipals.deleteserviceprincipal outputParameters: - type: object mapping: $. - name: microsoft-entra-list-app-role description: Microsoft Entra List App Role Assignments hints: readOnly: true destructive: false idempotent: true call: graph-identity-serviceprincipals.listserviceprincipalapproleassignments outputParameters: - type: object mapping: $. - name: microsoft-entra-grant-app-role description: Microsoft Entra Grant App Role Assignment hints: readOnly: false destructive: false idempotent: false call: graph-identity-serviceprincipals.grantserviceprincipalapproleassignment with: body: tools.body outputParameters: - type: object mapping: $.